Blogs
jbonner
Staff
Staff

 

 Introduction: Streamlining Software Deployment with AWS Marketplace Image Builder 

 

AWS Marketplace has introduced an innovative feature to simplify software deployment for customers and sellers alike: the AWS Marketplace EC2 Image Builder. This feature allows customers to discover, purchase, and deploy third-party software directly through the EC2 Image Builder console and Image Builder APIs. With a straightforward console-driven onboarding process, customers can access security tools, OS hardening scripts, and analytics applications to create optimized, secure, and compliant images—referred to as “golden images”—tailored to their needs. 

Whether you’re a seller looking to expand reach or a customer seeking a streamlined way to integrate third-party applications, this blog post is for you. 

In the previous blog post, we described what EC2 Image Builder is at a high level, and how it can alleviate the operational overhead of deploying software such as Lacework FortiCNAPP workload agents. In this blog post, we’ll walk through the process of deploying your custom components to the AWS Marketplace.  

 

 

1. Getting Started with AWS Marketplace Image Builder 

 

The Image Builder provides a fully integrated experience for sourcing third-party components, such as: 

  • Security Tools: Essential for compliance and data protection. 
  • Scanning & Monitoring Agents: Critical for monitoring system health. 
  • Analytics & Business Applications: Enabling data-driven decision-making. 

The AWS Marketplace consolidates procurement and billing for these tools, while AWS License Manager offers licensing flexibility across your organization. Plus, sellers gain the advantage of automated security scanning for Common Vulnerabilities and Exposures (CVEs) and notifications for updated software versions. 

 

 

2. Key Concepts for Success 

 

Before diving in, let’s understand a few essential terms: 

  • Amazon Machine Image (AMI): A virtual machine image used to launch EC2 instances with pre-installed software. 
  • Component: A sequence of steps (e.g., configuration and testing) defined in YAML that runs on your EC2 instance during image creation. 
  • Image Recipe: A recipe defining the base image and component combinations that create the final AMI configuration. 
  • Image Pipeline: The automation workflow for building, validating, and securing AMIs. 

These components work together to simplify the deployment of third-party applications directly to EC2 instances. 

 

 

 

3. Prerequisites and Permissions 

 

To use the AWS Marketplace Image Builder, ensure the following: 

  • IAM Roles: Define policies granting permissions for Marketplace actions in your AWS account. 
  • Seller Registration: If not registered, complete your AWS Marketplace seller registration. 
  • Product Listing: An AMI product ready for listing in either Limited or Public states. 

Note: BYOL (Bring Your Own License) is not currently supported. 

 

 

4. Step-by-Step Guide to Onboarding with Image Builder 

4.1 Creating a Component in the EC2 Image Builder Console 

 

  1. Navigate to the Image Builder Console: Open EC2 Image Builder. 
  2. Create Component: From the navigation pane, select Components > Create Component. 

mp_img_1.png

  1.  
  2. Specify Component Details: 
    1. Operating System: Select a compatible OS. 
    2. Component Name & Version: Choose descriptive values to identify the component. 
    3. Description: Outline architecture compatibility, dependencies, and usage instructions. 
    4. Change Description (Optional): Add notes to track changes across versions. 
  3. Define Document Content: Use YAML syntax to specify the build actions Image Builder will execute. You can begin with a “Hello World” example for testing. 
  4. Create Component: Click Create Component and filter by “Owned by me” to locate it.
    1. Copy the ARN from the summary section for later use. 

mp_img_2.png

 

 

4.2 Publishing the Component to AWS Marketplace 

 

Publishing allows customers to find and use your component. Here’s how to publish: 

  1. Open AWS CloudShell: CloudShell is AWS’s CLI in the cloud. 
  2. Set Component and Role ARNs: 
  3. ComponentArn: Copy this from your created component. 
  4. AccessRoleArn: Ensure this IAM role includes permissions for S3” 
    1. S3:Get*  
    2. S3:List*  
    3. imagebuilder:GetComponent 
  5. Configure Usage Instructions: Add product usage guidelines visible to customers. 
  6. Run AWS CLI Commands: 
    1. Use the start-change-set command to add your component to the AWS  
    2. Refer to the official AWS Marketplace documentation for usage examples.
    3. Monitor the change set’s status and review until marked “Succeeded.” 
       

 

4.3 Adding Image Builder Components to Existing AMI Listings 

 

To integrate a new Image Builder component with an existing AMI listing: 

  1. Retrieve the Product ID: Find it in the AWS Marketplace Management Portal. 
  2. Configure the JSON: Add a new delivery option to the existing AMI with the component details. 
  3. Run start-change-set in CloudShell: Add the component to your product. 
  4. Check Status: Once the status is “Succeeded,” your component is available for customers. 

 

 

Summary 

The AWS Marketplace EC2 Image Builder is a powerful tool that simplifies the creation, deployment, and management of "golden images" for AWS customers. By allowing third-party software to be easily integrated, AWS customers can now build custom, compliant, and up-to-date images using a streamlined console experience. For AWS partners, this feature opens up new market opportunities, enabling them to reach customers directly within the EC2 Image Builder environment and benefit from automated software updates and vulnerability scans. This integration enhances efficiency, security, and scalability, making it easier for customers to deploy high-quality images and for partners to offer their software in a more accessible and visible way. 

 

 

5. FAQs 

 

  • How is my intellectual property protected? AWS Marketplace secures packages with encryption and access controls, so only subscribed customers can use your product. 
  • What if a CVE is detected? AWS Marketplace notifies you to update products when vulnerabilities arise. Continuous scanning helps ensure compliance. 
  • What are the benefits of using Image Builder? Image Builder provides increased visibility and integration with AWS tools, potentially increasing usage and revenue for sellers.