Automated pipelines to keep images secure and up-to-date
EC2 Image Builder significantly reduces the effort required to create and maintain golden images without writing and maintaining automation. Customers create an automated pipeline using an intuitive wizard in the Amazon Web Services console. When software updates become available, Image Builder automatically produces a new image without requiring users to manually initiate image builds.
Validate and deploy high quality images into production
EC2 Image Builder allows you to easily validate the functionality and security of your images before using them in production with Amazon Web Services-provided tests and your own tests. Image Builder also reduces errors found in images normally caused by insufficient testing. Amazon Web Services-provided tests can be used to readily validate functionality including: if images boot, if requisite drivers are installed, and if images are hardened to CIS standards.
Minimize unnecessary exposure to security vulnerabilities
EC2 Image Builder allows you to create images with only the essential components, reducing your exposure to security vulnerabilities. You can also apply Amazon Web Services-provided security settings to further secure your images to meet internal security criteria. For example, you can produce images that conform to the Security Technical Implementation Guide (STIG) standard using Amazon Web Services-provided templates. Additional Amazon Web Services-provided security settings include: ensure security patches are applied, enforce strong passwords, turn on full disk encryption, close all non-essential open ports, enable software firewall, and enable logging/audit controls.
Simplified sharing of images across Amazon Web Services accounts
EC2 Image Builder can modify AMI launch permissions to control which Amazon Web Services accounts besides the owner are allowed to launch EC2 instances with the AMI.
Support for both Amazon Web Services and on-premises image creation
EC2 Image Builder, in conjunction with Amazon Web Services VM Import/Export (VMIE), allows you to create and maintain images for Amazon EC2 (AMI) as well as on-premises Microsoft Hyper-V (VHDX), VMware vSphere (VMDK), and Open Virtualization Format (OVF) virtual machines.