Amazon EC2 Image Builder Gotchas

Gotchas

• In AWS::ImageBuilder::ContainerRecipe, Parameters is supported only from Console and AWS CLI, but not from CloudFormation. Confirmed with AWS support.

• In AWS::ImageBuilder::ContainerRecipe, ParentImage (or Base image in Console) cannot reference another AWS account's ECR repo - this is not mentioned in AWS documentation. Confirmed with AWS support.

• If something is not right at early stage (e.g. parse file in Component Data), you will see Internal Failure in CloudFormation console, but the errors will not be logged in S3 nor CloudWatch Logs.

• CloudWatch Logs - /aws/imagebuilder/${ImageName}

  • Logging things happen in the EC2 instance of the build only.
  • Not for Component Data syntax error, version conflict, etc.

• Tags are not inherited from the CloudFormation stack for all Image Builder resources (Component, Image Recipe / Container Recipe, Infrastructure configuration, Distribution, Image Pipeline).

• Adding, removing, renaming Tags, need to change Version; otherwise Internal Failure will be shown in the CloudFormation console, nothing in S3 log nor CW logs. Also need to update upstream resource's version e.g. Recipe Version.

• Whenever a change to Recipe (include Git Component)

  • Build time ~30 mins