class Image (construct)
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.ImageBuilder.Alpha.Image |
 Go | github.com/aws/aws-cdk-go/awsimagebuilderalpha/v2#Image |
 Java | software.amazon.awscdk.services.imagebuilder.alpha.Image |
 Python | aws_cdk.aws_imagebuilder_alpha.Image |
 TypeScript (source) | @aws-cdk/aws-imagebuilder-alpha ยป Image |
Implements
IConstruct, IDependable, IResource, IEnvironment, IImage
Represents an EC2 Image Builder Image.
See also: https://docs.aws.amazon.com/imagebuilder/latest/userguide/create-images.html
Example
const containerRecipe = new imagebuilder.ContainerRecipe(this, 'MyContainerRecipe', {
baseImage: imagebuilder.BaseContainerImage.fromDockerHub('amazonlinux', 'latest'),
targetRepository: imagebuilder.Repository.fromEcr(
ecr.Repository.fromRepositoryName(this, 'Repository', 'my-container-repo')
)
});
const containerImage = new imagebuilder.Image(this, 'MyContainerImage', {
recipe: containerRecipe
});
Initializer
new Image(scope: Construct, id: string, props: ImageProps)
Parameters
- scope
Construct - id
string - props
ImageProps
Construct Props
| Name | Type | Description |
|---|---|---|
| recipe | IRecipe | The recipe that defines the base image, components, and customizations used to build the image. |
| deletion | IRole | The execution role to use for deleting the image as well as the underlying resources, such as the AMIs, snapshots, and containers. |
| distribution | IDistribution | The distribution configuration used for distributing the image. |
| enhanced | boolean | If enabled, collects additional information about the image being created, including the operating system (OS) version and package list for the AMI. |
| execution | IRole | The execution role used to perform workflow actions to build the image. |
| image | IRepository | The container repository that Amazon Inspector scans to identify findings for your container images. |
| image | string[] | The tags for Image Builder to apply to the output container image that Amazon Inspector scans. |
| image | boolean | Indicates whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image. |
| image | boolean | Whether to run tests after building an image. |
| infrastructure | IInfrastructure | The infrastructure configuration used for building the image. |
| log | ILog | The log group to use for the image. |
| tags? | { [string]: string } | The tags to apply to the image. |
| workflows? | Workflow[] | The list of workflow configurations used to build the image. |
recipe
Type:
IRecipe
The recipe that defines the base image, components, and customizations used to build the image.
This can either be an image recipe, or a container recipe.
deletionExecutionRole?
Type:
IRole
(optional, default: no execution role. Only the Image Builder image will be deleted.)
The execution role to use for deleting the image as well as the underlying resources, such as the AMIs, snapshots, and containers.
This role should contain resource lifecycle permissions required to delete the underlying AMIs/containers.
distributionConfiguration?
Type:
IDistribution
(optional, default: None)
The distribution configuration used for distributing the image.
enhancedImageMetadataEnabled?
Type:
boolean
(optional, default: true)
If enabled, collects additional information about the image being created, including the operating system (OS) version and package list for the AMI.
executionRole?
Type:
IRole
(optional, default: Image Builder will use the SLR if possible. Otherwise, an execution role will be generated)
The execution role used to perform workflow actions to build the image.
By default, the Image Builder Service Linked Role (SLR) will be created automatically and used as the execution role. However, when providing a custom set of image workflows for the image, an execution role will be generated with the minimal permissions needed to execute the workflows.
imageScanningEcrRepository?
Type:
IRepository
(optional, default: if scanning is enabled, a repository will be created by Image Builder if one is not provided)
The container repository that Amazon Inspector scans to identify findings for your container images.
If a
repository is not provided, Image Builder creates a repository named image-builder-image-scanning-repository
for vulnerability scanning.
imageScanningEcrTags?
Type:
string[]
(optional, default: None)
The tags for Image Builder to apply to the output container image that Amazon Inspector scans.
imageScanningEnabled?
Type:
boolean
(optional, default: false)
Indicates whether Image Builder keeps a snapshot of the vulnerability scans that Amazon Inspector runs against the build instance when you create a new image.
imageTestsEnabled?
Type:
boolean
(optional, default: true)
Whether to run tests after building an image.
infrastructureConfiguration?
Type:
IInfrastructure
(optional, default: an infrastructure configuration will be created with the default settings)
The infrastructure configuration used for building the image.
A default infrastructure configuration will be used if one is not provided.
The default configuration will create an instance profile and role with minimal permissions needed to build the image, attached to the EC2 instance.
IMDSv2 will be required by default on the instances used to build and test the image.
logGroup?
Type:
ILog
(optional, default: a log group will be created)
The log group to use for the image.
By default, a log group will be created with the format
/aws/imagebuilder/<image-name>
tags?
Type:
{ [string]: string }
(optional, default: None)
The tags to apply to the image.
workflows?
Type:
Workflow[]
(optional, default: Image Builder will use a default set of workflows for the build to build, test, and distribute the
image)
The list of workflow configurations used to build the image.
Properties
| Name | Type | Description |
|---|---|---|
| env | Resource | The environment this resource belongs to. |
| image | string | The ARN of the image. |
| image | string | The AMI ID of the EC2 AMI, or URI for the container. |
| image | string | The name of the image. |
| image | string | The version of the image. |
| infrastructure | IInfrastructure | The infrastructure configuration used for the image build. |
| node | Node | The tree node. |
| stack | Stack | The stack in which this resource is defined. |
| execution | IRole | The execution role used for the image build. |
| static PROPERTY_INJECTION_ID | string | Uniquely identifies this class. |
env
Type:
Resource
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
imageArn
Type:
string
The ARN of the image.
imageId
Type:
string
The AMI ID of the EC2 AMI, or URI for the container.
imageName
Type:
string
The name of the image.
imageVersion
Type:
string
The version of the image.
infrastructureConfiguration
Type:
IInfrastructure
The infrastructure configuration used for the image build.
node
Type:
Node
The tree node.
stack
Type:
Stack
The stack in which this resource is defined.
executionRole?
Type:
IRole
(optional)
The execution role used for the image build.
static PROPERTY_INJECTION_ID
Type:
string
Uniquely identifies this class.
Methods
| Name | Description |
|---|---|
| apply | Apply the given removal policy to this resource. |
| grant(grantee, ...actions) | Grant custom actions to the given grantee for the image. |
| grant | Grants the default permissions for building an image to the provided execution role. |
| grant | Grant read permissions to the given grantee for the image. |
| to | Converts the image to a BaseImage, to use as the parent image in an image recipe. |
| to | Converts the image to a ContainerBaseImage, to use as the parent image in a container recipe. |
| to | Returns a string representation of this construct. |
| static from | Import an existing image given its ARN. |
| static from | Import an existing image by providing its attributes. |
| static from | Import an existing image given its name. |
| static is | Return whether the given object is an Image. |
applyRemovalPolicy(policy)
public applyRemovalPolicy(policy: RemovalPolicy): void
Parameters
- policy
RemovalPolicy
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
grant(grantee, ...actions)
public grant(grantee: IGrantable, ...actions: string[]): Grant
Parameters
- grantee
IGrantableโ The principal. - actions
stringโ The list of actions.
Returns
Grant custom actions to the given grantee for the image.
grantDefaultExecutionRolePermissions(grantee)
public grantDefaultExecutionRolePermissions(grantee: IGrantable): Grant[]
Parameters
- grantee
IGrantableโ The execution role used for the image build.
Returns
Grant[]
Grants the default permissions for building an image to the provided execution role.
grantRead(grantee)
public grantRead(grantee: IGrantable): Grant
Parameters
- grantee
IGrantableโ The principal.
Returns
Grant read permissions to the given grantee for the image.
toBaseImage()
public toBaseImage(): BaseImage
Returns
Converts the image to a BaseImage, to use as the parent image in an image recipe.
toContainerBaseImage()
public toContainerBaseImage(): BaseContainerImage
Returns
Converts the image to a ContainerBaseImage, to use as the parent image in a container recipe.
toString()
public toString(): string
Returns
string
Returns a string representation of this construct.
static fromImageArn(scope, id, imageArn)
public static fromImageArn(scope: Construct, id: string, imageArn: string): IImage
Parameters
- scope
Construct - id
string - imageArn
string
Returns
Import an existing image given its ARN.
static fromImageAttributes(scope, id, attrs)
public static fromImageAttributes(scope: Construct, id: string, attrs: ImageAttributes): IImage
Parameters
- scope
Construct - id
string - attrs
ImageAttributes
Returns
Import an existing image by providing its attributes.
If the image name is provided as an attribute, it must be normalized by converting all alphabetical characters to lowercase, and replacing all spaces and underscores with hyphens.
static fromImageName(scope, id, imageName)
public static fromImageName(scope: Construct, id: string, imageName: string): IImage
Parameters
- scope
Construct - id
string - imageName
string
Returns
Import an existing image given its name.
The provided name must be normalized by converting all alphabetical characters to lowercase, and replacing all spaces and underscores with hyphens.
static isImage(x)
public static isImage(x: any): boolean
Parameters
- x
any
Returns
boolean
Return whether the given object is an Image.