Image builder

AWS Blu Age Image Builder

Overview

This documentation describes how to use the "AWS Transform Mainframe" Developer IDE image builder recipe CloudFormation template with an existing EC2 Image Builder pipeline. The template creates a recipe that builds a Windows Server 2022 AMI with AWS Blu Age development tools and utilities.

Prerequisites

Before using this template, ensure you have:

1. S3 bucket:

  • A S3 bucket containing all required installation files referenced in the components. ==The default bucket path is==: s3://<my-bucket>/sde-ide-components ;
  • Installation files should be located with the prefix sde-ide-components. A prefix is a way to organize data like a directory.

2. Network configuration:

  • VPC subnet with internet access for downloading software (from build instance). ==Recommended==: private subnet with NAT Gateway;
  • Security groups allowing outbound HTTPS traffic (from build instance).

3. IAM Permissions:

  • Permissions to create CloudFormation stacks;
    • Permissions to create EC2 Image Builder resources;
  • S3 create/put/read access to the software bucket.

Components in this recipe reference the following software, which must be stored in your S3 bucket. They may include:

    
Software NameVersionsFormatSource
Amazon CLI v2latest-Image Builder managed comp.
Amazon Corretto 17 (X64)latest-Image Builder managed comp.
Amazon CloudWatch Agentlatest-Image Builder managed comp.
PuTTYlatest-Image Builder managed comp.
BluageSdeDevBrowsersComponent   
Chromelatest-Google (scripted)
Firefoxlatest-Mozilla (scripted)
BluageSdeDevToolsComponent   
7-Zip (.exe)latestexe (64-bit Windows x64)S3 bucket
HxD (.zip)latestzipS3 bucket
Notepad++ (.exe)latestexe (x64 installer)S3 bucket
WinMerge (.exe)latestexe (x64 installer)S3 bucket
WinSCP (.exe)latestexe (Windows)S3 bucket
BluageSdeDevComponent   
Apache Ant (.zip)1.10.xzip (binary zip archive)S3 bucket
Apache Maven (.zip)3.9.xzip (binary zip archive)S3 bucket
Apache Tomcat (.exe)10.xxexe (32-bit/64-bit Windows Service inst.)S3 bucket
Git (.exe)latestexe (standalone installer - Windows/x64)S3 bucket
NodeJS (.msi)22.xmsi (Windows installer)S3 bucket
pgAdmin 4 (.exe)latestexe (Windows)S3 bucket
Python 3 (.exe)3.xexe (Windows installer)S3 bucket
Spring Tools for Eclipse 4 (.zip)4.32.xzip (Windows x86_64)S3 bucket
Visual Studio Code (.exe)latestexe (Windows system installer)S3 bucket
Kiro (.exe)latestexe (Windows)S3 bucket
BluageWslComponent   
Microsoft.VCLibs.x64.14.00.Desktop.appx14appx (Windows APPX)S3 bucket
Ubuntu2204-221101.AppxBundle22.04AppxBundle (Windows APPX)S3 bucket

Network requirements

The build instance needs access to:

  • Download software from S3;
  • Download software from vendor websites (internet). ==Recommended==: use a private subnet with a NAT Gateway and appropriate security groups.

Create your S3 bucket for software components

This S3 bucket will contain all required installation files referenced in the components.

  1. Enable encryption:
    • On the "Default encryption panel" click "edit", then select "Server-side encryption with Amazon S3 managed keys (SSE-S3)" in encryption type.
  2. Enable versioning:
    • On the "Bucket Versioning panel" click "edit", then select "Enable" in the bucket versioning.
  3. Upload required software to the S3 bucket with prefix sde-ide-components.
    • Respect filenames and S3 prefix as hardcoded in YAML component. Example: <my-bucket>/sde-ide-components/apache-tomcat-10.exe See the documentation.

CloudFormation Template

A CloudFormation template for creating the required EC2 Image Builder resources (components, recipe).

The YAML file is included as an attachment in the PDF. To access the attachments panel, open the PDF in Adobe Acrobat. Go to View > Show/hide > Side panels > Attachments. The attachments panel will appear, displaying all embedded files. Double-click the yaml file in the list to open or save it.

Note about AWS managed Components

This section lists the AWS-managed components used in the Image Builder recipe. These components are maintained by AWS and provide standardized, up-to-date installations of common tools and services.

  • AWS CLI version 2 (latest version);
  • Amazon Corretto 17 (latest version);
  • Amazon CloudWatch Agent (latest version);
  • PuTTY (latest version).

These managed components are automatically updated by AWS, ensuring that the latest versions and security patches are always included in AMI builds.

Deployment instructions

Step 1: Deploy the CloudFormation recipe template

Go to the AWS Management Console:

  1. Navigate to CloudFormation;
  2. Click on "Create stack" > "With new resources (standard)";
  3. Upload the CloudFormation template YAML file (.yml or .yaml extension);
  4. Follow the wizard to create the stack.
    • Specify stack details: type a stack name, select components to install (true or false) and the S3 bucket name; – ==Update software filenames to match with what you have uploaded in your S3 bucket==;
    • Click on "Next" button;
    • Keep default settings and click on "Next" then "Submit" button to finalize.

Once deployed, note the "ImageRecipeArn" from the "Stack Outputs" tab.

Step 2: Integrate with existing Image Builder Pipeline

Option 1: AWS Management Console
  1. Navigate to "EC2 Image Builder" in the AWS Console;
  2. Select your existing pipeline;
  3. Choose "Actions" > "Edit pipeline";
  4. In the "Recipe" section, select "Existing recipe";
  5. Enter the ARN from step 1;
  6. Review and save the pipeline configuration.
Option 2: AWS CLI

Update your existing pipeline with the new recipe:

aws imagebuilder update-image-pipeline \

--image-pipeline-arn <your-pipeline-arn> \

--image-recipe-arn <recipe-arn-from-outputs>

How to create an Image Builder Pipeline? See the User Guide: Create an image pipeline with output AMI from the Image Builder console wizard.

By using this image recipe, you will create an AMI with the following name: AWS-Transform-SDE-Developer-ami.

Security considerations

  • S3 bucket access: limit access to the S3 bucket containing installation files;
  • IAM Roles: Use least-privilege permissions for the Image Builder service role;
  • VPC Security: implement proper security groups and network ACLs.

Troubleshooting

Common issues and solutions:

  • Component failures:
    • Check S3 bucket permissions;
    • Verify file paths (prefix) and names match those in the components;
    • Review instance logs in CloudWatch.
  • Network issues:
    • Ensure the subnet has internet access via NAT Gateway;
    • Check security groups allow outbound HTTPS traffic.
  • Resource limitations:
    • The recipe requires an instance with 50 GB storage;
    • Ensure your account has sufficient limits.

Customization

To customize the recipe:

  • Modify the S3 bucket paths in the component parameters;
  • Adjust software versions or add additional components;
  • Change the base Windows Server version if needed;
  • Modify storage configuration in the "BlockDeviceMappings" section.

    Support

  • AWS Image Builder Documentation;
  • EC2 Image Builder resource type reference;
  • For issues with this template, please contact the AWS Blu Age team.