Integrate products and services in EC2 Image Builder - EC2 Image Builder

Integrate products and services in EC2 Image Builder

EC2 Image Builder integrates with AWS Marketplace and other AWS services and applications to help you create robust, secure custom machine images.

Products

Image Builder recipes can incorporate image products from AWS Marketplace and Image Builder managed components to provide specialized build and test functionality, as follows.

  • AWS Marketplace image productsUse an image product from AWS Marketplace as the base image in your recipe to meet organizational standards, such as CIS Hardening. When you create a recipe from the Image Builder console, you can choose from your existing subscriptions, or search for a specific product from AWS Marketplace. When you create a recipe from the Image Builder API, CLI, or SDK, you can specify an image product Amazon Resource Name (ARN) to use as your base image.

  • AWSTOE components – Components that you specify in your recipes can perform build and test actions, for example, to install software or perform compliance validation. Some image products that you subscribe to from AWS Marketplace might include a companion component that you can use in your recipes. The CIS Hardened images include a matching AWSTOE component that you can use in your recipe to enforce CIS Benchmarks Level 1 guidelines for your configuration.

Note

For more information about compliance-related products, see Compliance products for your Image Builder images.

Services

Image Builder integrates with the following AWS services to provide detailed event metrics, logging, and monitoring. This information helps you track your activity, troubleshoot image build issues, and create automations based on event notifications.

  • AWS CloudTrail – Monitor Image Builder events that are sent to CloudTrail. For more information about CloudTrail, see What Is AWS CloudTrail? in the AWS CloudTrail User Guide.

  • Amazon CloudWatch Logs – Monitor, store, and access your Image Builder log files. Optionally, you can save your logs to an S3 bucket. For more information about CloudWatch Logs, see What is Amazon CloudWatch Logs? in the Amazon CloudWatch Logs User Guide.

  • Amazon EventBridge – Connect to a stream of real-time event data from Image Builder activities in your account. For more information about EventBridge, see What Is Amazon EventBridge? in the Amazon EventBridge User Guide.

  • Amazon Inspector – Discover vulnerabilities in your software and network settings with automatic scans for the EC2 test instance that Image Builder launches create a new image. Image Builder saves findings for your output image resource so that you can investigate and remediate after your test instance terminates. For more information about scans and pricing, see What Is Amazon Inspector? in the Amazon Inspector User Guide.

    Amazon Inspector can also scan your ECR repositories if you configure enhanced scanning. For more information, see Scanning Amazon ECR container images in the Amazon Inspector User Guide.

    Note

    Amazon Inspector is a paid feature.

  • AWS Marketplace – See a list of your current AWS Marketplace product subscriptions, and search for image products directly from Image Builder. You can also use an image product that you’ve subscribed to as the base image for an Image Builder recipe. For more information about managing AWS Marketplace subscriptions, see the AWS Marketplace Buyer Guide.

  • Amazon Simple Notification Service (Amazon SNS) – If configured, publish detailed messages about your image status to an SNS topic that you subscribe to. For more information about Amazon SNS, see What is Amazon SNS? in the Amazon Simple Notification Service Developer Guide.

Product and service integration topics