Skip to content

feat(imagebuilder): add support for EC2 Image Builder L2 Constructs - Infrastructure Configuration #35882

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Nov 10, 2025
Merged

feat(imagebuilder): add support for EC2 Image Builder L2 Constructs - Infrastructure Configuration #35882

merged 2 commits into from
Nov 10, 2025
+4,482 −0

Conversation

@tarunb12
Copy link
Contributor

@tarunb12 tarunb12 commented Oct 29, 2025
edited
Loading

Issue # (aws/aws-cdk-rfcs#789)

Reason for this change

This change adds a new alpha module for EC2 Image Builder L2 Constructs (@aws-cdk/aws-imagebuilder-alpha), as outlined in aws/aws-cdk-rfcs#789. This PR specifically implements the InfrastructureConfiguration construct.

Description of changes

This change implements the InfrastructureConfiguration construct, which is a higher-level construct of CfnInfrastructureConfiguration.

Note - I have also added the YAML library as a dependency to the module. This will be used for the component/workflow resources, which need to pass JSON objects in a YAML string format when creating the resource.

Example

const infrastructureConfiguration = new imagebuilder.InfrastructureConfiguration(this, 'InfrastructureConfiguration', {
  infrastructureConfigurationName: 'test-infrastructure-configuration',
  description: 'An Infrastructure Configuration',
  // Optional - instance types to use for build/test
  instanceTypes: [
    ec2.InstanceType.of(ec2.InstanceClass.STANDARD7_INTEL, ec2.InstanceSize.LARGE),
    ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.LARGE)
  ],
  // Optional - create an instance profile with necessary permissions
  instanceProfile: new iam.InstanceProfile(this, 'InstanceProfile', {
    instanceProfileName: 'test-instance-profile',
    role: new iam.Role(this, 'InstanceProfileRole', {
      assumedBy: iam.ServicePrincipal.fromStaticServicePrincipleName('ec2.amazonaws.com'),
      managedPolicies: [
        iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonSSMManagedInstanceCore'),
        iam.ManagedPolicy.fromAwsManagedPolicyName('EC2InstanceProfileForImageBuilder')
      ]
    })
  }),
  // Use VPC network configuration
  vpc,
  subnetSelection: { subnetType: ec2.SubnetType.PUBLIC },
  securityGroups: [ec2.SecurityGroup.fromSecurityGroupId(this, 'SecurityGroup', vpc.vpcDefaultSecurityGroup)],
  keyPair: ec2.KeyPair.fromKeyPairName(this, 'KeyPair', 'imagebuilder-instance-key-pair'),
  terminateInstanceOnFailure: true,
  // Optional - IMDSv2 settings
  httpTokens: imagebuilder.HttpTokens.REQUIRED,
  httpPutResponseHopLimit: 1,
  // Optional - publish image completion messages to an SNS topic
  notificationTopic: sns.Topic.fromTopicArn(
    this,
    'Topic',
    this.formatArn({ service: 'sns', resource: 'image-builder-topic' })
  ),
  // Optional - log settings. Logging is enabled by default
  logging: {
    s3Bucket: s3.Bucket.fromBucketName(this, 'LogBucket', `imagebuilder-logging-${Aws.ACCOUNT_ID}`),
    s3KeyPrefix: 'imagebuilder-logs'
  },
  // Optional - host placement settings
  ec2InstanceAvailabilityZone: Stack.of(this).availabilityZones[0],
  ec2InstanceHostId: dedicatedHost.attrHostId,
  ec2InstanceTenancy: imagebuilder.Tenancy.HOST,
  resourceTags: {
    Environment: 'production'
  }
});

Describe any new or updated permissions being added

N/A - new L2 construct in alpha module

Description of how you validated changes

Validated with unit tests and integration tests. Manually verified generated CFN templates as well.

Checklist

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@aws-cdk-automation aws-cdk-automation requested a review from a team October 29, 2025 06:59
@github-actions github-actions bot added p2 beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK labels Oct 29, 2025
@aws-cdk-automation aws-cdk-automation added the pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes. label Oct 29, 2025
@tarunb12 tarunb12 marked this pull request as ready for review October 29, 2025 07:35
@kumsmrit kumsmrit self-assigned this Oct 30, 2025
@github-actions github-actions bot mentioned this pull request Nov 1, 2025
Open
@tarunb12 tarunb12 force-pushed the imagebuilder branch 2 times, most recently from 4c463b8 to e6969a9 Compare November 4, 2025 06:10
kumsmrit
kumsmrit previously requested changes Nov 6, 2025
View reviewed changes
@mergify mergify bot dismissed kumsmrit’s stale review November 7, 2025 07:18

Pull request has been modified.

@tarunb12 tarunb12 force-pushed the imagebuilder branch 4 times, most recently from 007c467 to ab5b1f9 Compare November 7, 2025 09:15
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Nov 7, 2025
@tarunb12 tarunb12 force-pushed the imagebuilder branch 2 times, most recently from da30685 to 5c5bf40 Compare November 7, 2025 10:05
kumsmrit
kumsmrit previously requested changes Nov 7, 2025
View reviewed changes
@aws-cdk-automation aws-cdk-automation removed the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Nov 7, 2025
@tarunb12 tarunb12 force-pushed the imagebuilder branch 2 times, most recently from e4d2666 to b523ba3 Compare November 7, 2025 15:42
@mergify mergify bot dismissed kumsmrit’s stale review November 7, 2025 15:42

Pull request has been modified.

@tarunb12 tarunb12 force-pushed the imagebuilder branch 2 times, most recently from 105746f to e8c029f Compare November 7, 2025 16:42
kumsmrit
kumsmrit previously requested changes Nov 10, 2025
View reviewed changes
@mergify mergify bot dismissed stale reviews from gasolima and kumsmrit November 10, 2025 16:55

Pull request has been modified.

@tarunb12 tarunb12 temporarily deployed to deployment-integ-test November 10, 2025 16:56 — with GitHub Actions Inactive
@aws-cdk-automation aws-cdk-automation added the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Nov 10, 2025
gasolima
gasolima previously approved these changes Nov 10, 2025
View reviewed changes
@aws-cdk-automation aws-cdk-automation removed the pr/needs-community-review This PR needs a review from a Trusted Community Member or Core Team Member. label Nov 10, 2025
@tarunb12 tarunb12 had a problem deploying to deployment-integ-test November 10, 2025 18:09 — with GitHub Actions Failure
@mergify mergify bot dismissed gasolima’s stale review November 10, 2025 18:10

Pull request has been modified.

@kumsmrit kumsmrit removed the pr/requires-two-approvers This PR is critical (e.g., security, broadly-impacting) and requires 2 approvers to be merged. label Nov 10, 2025
@kumsmrit
Copy link
Contributor

kumsmrit commented Nov 10, 2025

@Mergifyio refresh

@mergify
Copy link
Contributor

mergify bot commented Nov 10, 2025

refresh

✅ Pull request refreshed

@kumsmrit
Copy link
Contributor

kumsmrit commented Nov 10, 2025

@Mergifyio queue

@mergify
Copy link
Contributor

mergify bot commented Nov 10, 2025
edited
Loading

queue

🛑 There are no queue conditions matching

There are queue conditions defined in the configuration, but none matches. The pull request has not been embarked.

Details:

  • Queue default-merge:
  • -closed
  • -merged
  • label~=no-squash
  • #approved-reviews-by>=1
  • #changes-requested-reviews-by=0
  • -approved-reviews-by~=author
  • -label~=(blocked|do-not-merge)
  • -title~=(WIP|wip)
  • check-success=build
  • check-success=validate-pr
  • any of:
    • -label~=pr/needs-integration-tests-deployment
    • check-success=Deploy integration test snapshots (requires pr/needs-integration-tests-deployment label)
  • Queue priority-squash:
  • -closed
  • -merged
  • label~=priority-pr
  • #approved-reviews-by>=1
  • #changes-requested-reviews-by=0
  • -approved-reviews-by~=author
  • -label~=(blocked|do-not-merge|no-squash)
  • -title~=(WIP|wip)
  • base!=release
  • check-success=build
  • check-success=validate-pr
  • any of:
    • -label~=pr/needs-integration-tests-deployment
    • check-success=Deploy integration test snapshots (requires pr/needs-integration-tests-deployment label)
  • Queue default-squash:
  • -closed
  • -merged
  • #approved-reviews-by>=1
  • #changes-requested-reviews-by=0
  • -approved-reviews-by~=author
  • -label~=(blocked|do-not-merge|no-squash|priority-pr)
  • -title~=(WIP|wip)
  • base!=release
  • check-success=build
  • check-success=validate-pr
  • any of:
    • -label~=pr/needs-integration-tests-deployment
    • check-success=Deploy integration test snapshots (requires pr/needs-integration-tests-deployment label)

@kumsmrit kumsmrit removed the pr/needs-integration-tests-deployment Requires the PR to deploy the integration test snapshots. label Nov 10, 2025
@mergify
Copy link
Contributor

mergify bot commented Nov 10, 2025

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit db1d964 into aws:main Nov 10, 2025
32 of 34 checks passed
@github-actions
Copy link
Contributor

github-actions bot commented Nov 10, 2025

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Nov 10, 2025
@tarunb12 tarunb12 temporarily deployed to deployment-integ-test November 11, 2025 09:03 — with GitHub Actions Inactive
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@kumsmrit kumsmrit kumsmrit approved these changes

@gasolima gasolima gasolima left review comments

+1 more reviewer

@Naton1 Naton1 Naton1 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@kumsmrit kumsmrit

Labels

beginning-contributor [Pilot] contributed between 0-2 PRs to the CDK p2 pr/needs-further-review PR requires additional review from our team specialists due to the scope or complexity of changes.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@tarunb12 @kumsmrit @Naton1 @gasolima @aws-cdk-automation