ImageProps

class aws_cdk.aws_imagebuilder_alpha.ImageProps(*, recipe, deletion_execution_role=None, distribution_configuration=None, enhanced_image_metadata_enabled=None, execution_role=None, image_scanning_ecr_repository=None, image_scanning_ecr_tags=None, image_scanning_enabled=None, image_tests_enabled=None, infrastructure_configuration=None, log_group=None, tags=None, workflows=None)

Bases: object

(experimental) Properties for creating an Image resource.

Parameters:

  • recipe (IRecipeBase) – (experimental) The recipe that defines the base image, components, and customizations used to build the image. This can either be an image recipe, or a container recipe.

  • deletion_execution_role (Optional[IRole]) – (experimental) The execution role to use for deleting the image as well as the underlying resources, such as the AMIs, snapshots, and containers. This role should contain resource lifecycle permissions required to delete the underlying AMIs/containers. Default: - no execution role. Only the Image Builder image will be deleted.

  • distribution_configuration (Optional[IDistributionConfiguration]) – (experimental) The distribution configuration used for distributing the image. Default: None

  • enhanced_image_metadata_enabled (Optional[bool]) – (experimental) If enabled, collects additional information about the image being created, including the operating system (OS) version and package list for the AMI. Default: true

  • execution_role (Optional[IRole]) – (experimental) The execution role used to perform workflow actions to build the image. By default, the Image Builder Service Linked Role (SLR) will be created automatically and used as the execution role. However, when providing a custom set of image workflows for the image, an execution role will be generated with the minimal permissions needed to execute the workflows. Default: - Image Builder will use the SLR if possible. Otherwise, an execution role will be generated

  • image_scanning_ecr_repository (Optional[IRepository]) – (experimental) The container repository that Amazon Inspector scans to identify findings for your container images. If a repository is not provided, Image Builder creates a repository named image-builder-image-scanning-repository for vulnerability scanning. Default: - if scanning is enabled, a repository will be created by Image Builder if one is not provided

  • image_scanning_ecr_tags (Optional[Sequence[str]]) – (experimental) The tags for Image Builder to apply to the output container image that Amazon Inspector scans. Default: None

  • image_scanning_enabled (Optional[bool]) – (experimental) Indicates whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image. Default: false

  • image_tests_enabled (Optional[bool]) – (experimental) Whether to run tests after building an image. Default: true

  • infrastructure_configuration (Optional[IInfrastructureConfiguration]) – (experimental) The infrastructure configuration used for building the image. A default infrastructure configuration will be used if one is not provided. The default configuration will create an instance profile and role with minimal permissions needed to build the image, attached to the EC2 instance. IMDSv2 will be required by default on the instances used to build and test the image. Default: - an infrastructure configuration will be created with the default settings

  • log_group (Optional[ILogGroup]) – (experimental) The log group to use for the image. By default, a log group will be created with the format /aws/imagebuilder/<image-name> Default: - a log group will be created

  • tags (Optional[Mapping[str, str]]) – (experimental) The tags to apply to the image. Default: None

  • workflows (Optional[Sequence[Union[WorkflowConfiguration, Dict[str, Any]]]]) – (experimental) The list of workflow configurations used to build the image. Default: - Image Builder will use a default set of workflows for the build to build, test, and distribute the image

Stability:

experimental

ExampleMetadata:

infused

Example:

container_recipe = imagebuilder.ContainerRecipe(self, "MyContainerRecipe",
    base_image=imagebuilder.BaseContainerImage.from_docker_hub("amazonlinux", "latest"),
    target_repository=imagebuilder.Repository.from_ecr(
        ecr.Repository.from_repository_name(self, "Repository", "my-container-repo"))
)

container_image = imagebuilder.Image(self, "MyContainerImage",
    recipe=container_recipe
)

Attributes

deletion_execution_role

(experimental) The execution role to use for deleting the image as well as the underlying resources, such as the AMIs, snapshots, and containers.

This role should contain resource lifecycle permissions required to delete the underlying AMIs/containers.

Default:

  • no execution role. Only the Image Builder image will be deleted.

Stability:

experimental

distribution_configuration

(experimental) The distribution configuration used for distributing the image.

Default:

None

Stability:

experimental

enhanced_image_metadata_enabled

(experimental) If enabled, collects additional information about the image being created, including the operating system (OS) version and package list for the AMI.

Default:

true

Stability:

experimental

execution_role

(experimental) The execution role used to perform workflow actions to build the image.

By default, the Image Builder Service Linked Role (SLR) will be created automatically and used as the execution role. However, when providing a custom set of image workflows for the image, an execution role will be generated with the minimal permissions needed to execute the workflows.

Default:

  • Image Builder will use the SLR if possible. Otherwise, an execution role will be generated

Stability:

experimental

image_scanning_ecr_repository

(experimental) The container repository that Amazon Inspector scans to identify findings for your container images.

If a repository is not provided, Image Builder creates a repository named image-builder-image-scanning-repository for vulnerability scanning.

Default:

  • if scanning is enabled, a repository will be created by Image Builder if one is not provided

Stability:

experimental

image_scanning_ecr_tags

(experimental) The tags for Image Builder to apply to the output container image that Amazon Inspector scans.

Default:

None

Stability:

experimental

image_scanning_enabled

(experimental) Indicates whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image.

Default:

false

Stability:

experimental

image_tests_enabled

(experimental) Whether to run tests after building an image.

Default:

true

Stability:

experimental

infrastructure_configuration

(experimental) The infrastructure configuration used for building the image.

A default infrastructure configuration will be used if one is not provided.

The default configuration will create an instance profile and role with minimal permissions needed to build the image, attached to the EC2 instance.

IMDSv2 will be required by default on the instances used to build and test the image.

Default:

  • an infrastructure configuration will be created with the default settings

Stability:

experimental

log_group

(experimental) The log group to use for the image.

By default, a log group will be created with the format /aws/imagebuilder/<image-name>

Default:

  • a log group will be created

Stability:

experimental

recipe

(experimental) The recipe that defines the base image, components, and customizations used to build the image.

This can either be an image recipe, or a container recipe.

Stability:

experimental

tags

(experimental) The tags to apply to the image.

Default:

None

Stability:

experimental

workflows

(experimental) The list of workflow configurations used to build the image.

Default:

  • Image Builder will use a default set of workflows for the build to build, test, and distribute the

image

Stability:

experimental