brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(aws): improve image builder notes

Browse Source
This commit is contained in:
Michele Cereda
2025-03-16 12:04:56 +01:00
parent b11815f953
commit e03b814003
6 changed files with 125 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
knowledge base/cloud computing/aws/README.md
View File

@@ -11,7 +11,6 @@
1. [Global Accelerator](#global-accelerator)
1. [GuardDuty](#guardduty)
1. [EventBridge](#eventbridge)
1. [ImageBuilder](#imagebuilder)
1. [Inspector](#inspector)
1. [KMS](#kms)
1. [Security Hub](#security-hub)
@@ -99,7 +98,7 @@ One can can rapidly remapping addresses to other instances in one's account and
| [EventBridge] | FIXME |
| [GuardDuty] | Threat detection |
| [IAM] | Access control |
| [ImageBuilder] | Build custom AMIs |
| [Image Builder] | Build custom AMIs |
| [Inspector] | FIXME |
| [KMS] | Key management |
| [OpenSearch] | ELK, logging |
@@ -305,10 +304,6 @@ _Threat IP List_ is a blacklist of **public IPs and CIDRs** that will be used by
TODO
### ImageBuilder
Also refer [Image baking in AWS using Packer and Image builder].
### Inspector
TODO
@@ -602,7 +597,6 @@ machine if not.
- [Exporting DB snapshot data to Amazon S3]
- [I'm trying to export a snapshot from Amazon RDS MySQL to Amazon S3, but I'm receiving an error. Why is this happening?]
- [Rotating AWS KMS keys]
- [Image baking in AWS using Packer and Image builder]
- [Using AWS KMS via the CLI with a Symmetric Key]
- [AWS Public IP Address Ranges Now Available in JSON Form]
- [Savings Plans user guide]
@@ -621,6 +615,7 @@ machine if not.
- [What is AWS Global Accelerator?]
- [How AWS Global Accelerator works]
- [Using Amazon CloudWatch with AWS Global Accelerator]
- [What is AWS CloudWatch? Guide for beginners]
<!--
Reference
@@ -634,7 +629,6 @@ machine if not.
[detective]: #detective
[eventbridge]: #eventbridge
[guardduty]: #guardduty
[imagebuilder]: #imagebuilder
[inspector]: #inspector
[kms]: #kms
[security hub]: #security-hub
@@ -648,6 +642,7 @@ machine if not.
[efs]: ecs.md
[eks]: eks.md
[iam]: iam.md
[image builder]: image%20builder.md
[opensearch]: opensearch.md
[rds]: rds.md
[route53]: route53.md
@@ -701,5 +696,5 @@ machine if not.
[aws savings plans vs. reserved instances: when to use each]: https://www.cloudzero.com/blog/savings-plans-vs-reserved-instances/
[date & time policy conditions at aws - 1-minute iam lesson]: https://www.youtube.com/watch?v=4wpKP1HLEXg
[difference in boto3 between resource, client, and session?]: https://stackoverflow.com/questions/42809096/difference-in-boto3-between-resource-client-and-session
[image baking in aws using packer and image builder]: https://dev.to/santhoshnimmala/image-baking-in-aws-using-packer-and-image-builder-1ed3
[using aws kms via the cli with a symmetric key]: https://nsmith.net/aws-kms-cli
[what is aws cloudwatch? guide for beginners]: https://www.educative.io/blog/aws-cloudwatch

3
knowledge base/cloud computing/aws/ebs.md
View File

@@ -109,6 +109,9 @@ When archived, incremental snapshots are converted to **full snapshots** and mov
When access to archived snapshots is needed, they need to be restored to the standard tier before use. Restoring can
take **up to 72h**.
Lifecycle policies' `targetTags` attribute targets resources of the specified type in an **OR** fashion, not **AND**,
meaning they will target all resources with **at least one** of the defined target tags.
## Encryption
Refer [How Amazon EBS encryption works].

49
knowledge base/cloud computing/aws/ec2.md
View File

@@ -7,7 +7,7 @@
1. [Metrics](#metrics)
1. [Auto scaling](#auto-scaling)
1. [Lifecycle hooks](#lifecycle-hooks)
1. [Image builder](#image-builder)
1. [Image customization](#image-customization)
1. [Further readings](#further-readings)
1. [Sources](#sources)
@@ -187,48 +187,9 @@ Refer [Amazon EC2 Auto Scaling lifecycle hooks].
Also see [CompleteLifecycleAction].
## Image builder
## Image customization
Refer [EC2 Image Builder].
AWS service automating the creation, management, and deployment of customized AMIs or Docker images.
AMIs created by Image Builder in one's account are owned by that account.
Image Builder supports the following at the time of writing:
| Operating system/distribution | Supported versions |
| ---------------------------------- | ---------------------------------------------- |
| Amazon Linux | 2, 2023 |
| CentOS | 7, 8 |
| CentOS Stream | 8 |
| Mac OS X | 12.x (Monterey), 13.x (Ventura), 14.x (Sonoma) |
| Red Hat Enterprise Linux (RHEL) | 7, 8, 9 |
| SUSE Linux Enterprise Server (SLE) | 12, 15 |
| Ubuntu | 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS |
| Windows Server | 2012 R2, 2016, 2019, 2022 |
Image Builder costs **nothing** to create custom AMI or container images.<br/>
However, standard pricing applies for other services that are used in the process.
Steps:
<details>
<summary>AMI creation</summary>
1. \[optional] Create new components as needed.
1. \[optional] Create a new image recipe.
1. \[optional] Create a new infrastructure configuration.
1. \[optional] Create a new distribution configuration.
1. Create a new pipeline.
</details>
<details>
<summary>Container creation</summary>
TODO
</details>
Refer [ImageBuilder].
## Further readings
@@ -247,6 +208,7 @@ TODO
- [Device names for volumes on Amazon EC2 instances]
- [Amazon EBS volume limits for Amazon EC2 instances]
- [Recommended alarms]
- [Image Builder]
### Sources
@@ -262,7 +224,6 @@ TODO
- [Create an AMI from an Amazon EC2 Instance]
- [Amazon EC2 Auto Scaling]
- [Amazon EC2 Auto Scaling lifecycle hooks]
- [EC2 Image Builder]
- [CompleteLifecycleAction]
- [Instance store temporary block storage for EC2 instances]
- [Attach an EBS volume to multiple EC2 instances using Multi-Attach]
@@ -277,6 +238,7 @@ TODO
[amazon web services]: README.md
[cli]: cli.md
[ebs]: ebs.md
[image builder]: image%20builder.md
[ssm]: ssm.md
<!-- Upstream -->
@@ -294,7 +256,6 @@ TODO
[describe-images]: https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-images.html
[describeimages]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeImages.html
[device names for volumes on amazon ec2 instances]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/device_naming.html
[ec2 image builder]: https://docs.aws.amazon.com/imagebuilder/latest/userguide/what-is-image-builder.html
[how can i send memory and disk metrics from my ec2 instances to cloudwatch?]: https://repost.aws/knowledge-center/cloudwatch-memory-metrics-ec2
[how to clone instance ec2]: https://repost.aws/questions/QUOrWudF3vRL2Vqtrv0M9lfQ/how-to-clone-instance-ec2
[iam roles for amazon ec2]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

107
knowledge base/cloud computing/aws/image builder.md Normal file
View File

@@ -0,0 +1,107 @@
# Image Builder
AWS service automating the creation, management, and deployment of customized AMIs or Docker images.
1. [TL;DR](#tldr)
1. [Further readings](#further-readings)
1. [Sources](#sources)
## TL;DR
Images created by Image Builder in one's account are owned by that account.
Leverages AWS' Task Orchestrator and Executor component management application.<br/>
For AMIs, it:
1. Creates EC2 instances for building and validation.
1. Creates a snapshots of the result.
1. Terminates the EC2 instances used for building.
1. Uses that snapshot to create new EC2 instances for testing.
For containers, it:
1. Creates EC2 instances for building and validation.
1. Builds container images.
1. Runs containers from the images for testing.
1. Terminates the EC2 instances used for building.
<details>
<summary>Glossary</summary>
| Term | Summary |
| ---------------------------- | ----------------------------------------------------------------------------------------------- |
| Component | YAML-based document defining the steps to take to build, validate or test images |
| Recipe | Document defining the base image and the components to apply to it to produce the desired image |
| Infrastructure Configuration | The EC2 infrastructure to use to build and test the desired image |
| Distribution Configuration | How the outputted images are made available to specified AWS Regions |
| Pipeline | Automation framework for creating and maintaining custom images |
</details>
<details style="padding-bottom: 1em;">
<summary>Supported operating systems</summary>
Refer [Supported operating systems] for the updated table.
| Operating system/distribution | Supported versions |
| ---------------------------------- | ---------------------------------------------- |
| Amazon Linux | 2, 2023 |
| CentOS | 7, 8 |
| CentOS Stream | 8 |
| Mac OS X | 12.x (Monterey), 13.x (Ventura), 14.x (Sonoma) |
| Red Hat Enterprise Linux (RHEL) | 7, 8, 9 |
| SUSE Linux Enterprise Server (SLE) | 12, 15 |
| Ubuntu | 18.04 LTS, 20.04 LTS, 22.04 LTS, 24.04 LTS |
| Windows Server | 2012 R2, 2016, 2019, 2022 |
</details>
Image Builder costs **nothing** to create custom AMI or container images per se.<br/>
However, standard pricing applies for the other services that are used by or in the process, like EC2 instances, EBS
volumes, and ECR storage.
Components can be specified **at most once** in an image recipe.
Steps:
<details>
<summary>AMI creation</summary>
1. \[optional] Create new _components_ as needed.
1. \[optional] Create a new image _recipe_.
1. \[optional] Create a new _infrastructure configuration_.
1. \[optional] Create a new _distribution configuration_.
1. Create a new _pipeline_.
</details>
<details>
<summary>Container image creation</summary>
TODO
</details>
## Further readings
- [Image baking in AWS using Packer and Image builder]
### Sources
- [What is Image Builder?]
- [Building a Reusable Image Pipeline with AWS Image Builder]
<!--
Reference
═╬═Time══
-->
<!-- In-article sections -->
<!-- Knowledge base -->
<!-- Files -->
<!-- Upstream -->
[supported operating systems]: https://docs.aws.amazon.com/imagebuilder/latest/userguide/what-is-image-builder.html#image-builder-os
[what is image builder?]: https://docs.aws.amazon.com/imagebuilder/latest/userguide/what-is-image-builder.html
<!-- Others -->
[building a reusable image pipeline with aws image builder]: https://dev.to/aws-builders/building-a-reusable-image-pipeline-with-aws-image-builder-17eh
[image baking in aws using packer and image builder]: https://dev.to/santhoshnimmala/image-baking-in-aws-using-packer-and-image-builder-1ed3

4
snippets/aws/ec2.fish
View File

@@ -125,3 +125,7 @@ aws ec2 stop-instances --instance-ids 'i-0123456789abcdef0'
# Terminate instances
aws ec2 terminate-instances --instance-ids 'i-0123456789abcdef0'
# Delete launch template versions
aws ec2 delete-launch-template-versions --launch-template-id 'lt-0123456789abcdef0' --versions '1' --dry-run
aws ec2 delete-launch-template-versions --launch-template-name 'GitLab Runners' --versions (seq 1 10) --dry-run

2
snippets/aws/other commands.fish
View File

@@ -44,6 +44,7 @@ aws chatbot describe-slack-channel-configurations --query 'SlackChannelConfigura
###
aws cloudfront get-distribution --id 'E123456ABCDEFG'
aws cloudfront get-cache-policy --id '01234567-89ab-cdef-0123-456789abcdef'
###
@@ -419,6 +420,7 @@ aws s3api list-objects-v2 --bucket 'backup'
aws s3api list-objects-v2 --bucket 'backup' --query "Contents[?LastModified>='2022-01-05T08:05:37+00:00'].Key"
aws s3api list-buckets --output 'text' --query 'Buckets[].Name' | xargs -pn '1' aws s3api list-multipart-uploads --bucket
aws --profile 'someProfile' s3api head-bucket --bucket 'someBucket'
###