Skip to content

feat(aws): Add ec2 pro component tutorial #523

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
JessicaJang wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(aws): Add ec2 pro component tutorial #523

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions docs/.custom_wordlist.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ Ansible
Anthos
API
APIs
ARN
AppArmor
armhf
ASIC
Expand Down
1 change: 1 addition & 0 deletions docs/aws/aws-how-to/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ Perform tasks such as finding the right image to use and launching different typ
Create a customized AMI and CloudFormation templates:

* :doc:`Build an Ubuntu Pro AMI using Packer <instances/build-pro-ami-using-packer>`
* :doc:`Build a custom Ubuntu Pro image with EC2 Image Builder <instances/build-ubuntu-pro-image-with-ec2-image-builder>`
* :doc:`Create CloudFormation templates <instances/build-cloudformation-templates>`

Perform custom configurations like installing custom kernels and drivers:
Expand Down
227 changes: 227 additions & 0 deletions docs/aws/aws-how-to/instances/build-ubuntu-pro-image-with-ec2-image-builder.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,227 @@
.. meta::
:description: Learn how to build custom Ubuntu Pro images using EC2 Image Builder with the Ubuntu Pro component from the AWS Marketplace. Bake Pro services and security features directly into your AMIs at build time.

Build a custom Ubuntu Pro image with EC2 Image Builder
=======================================================

EC2 Image Builder lets you automate the creation, testing, and distribution of custom AMIs. By adding the `Ubuntu Pro component`_ (available on the AWS Marketplace), you can bake Ubuntu Pro services — including the 10-year security guarantee and expanded package coverage — directly into your images at build time. This removes the need to attach Pro tokens or run activation scripts after an instance starts.

@rpocase rpocase May 21, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need some language to make this clear that its can be attached on ANY Linux OS. a driver of this feature is to enable people to licenses non-ubuntu images for pro container workloads. i would lean on @carlosbravoa on how he wants to structure this framing. i think we would want to change the title. maybe "Licensing Linux images for Ubuntu Pro with EC2 Image Builder".

@k-dimple k-dimple May 25, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@carlosbravoa could you take a look when you get a chance? (Just a reminder ping)

@gjolly gjolly May 28, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also believe that we should encourage people to use Ubuntu Pro images from the marketplace when they are available.

@carlosbravoa carlosbravoa Jun 3, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

EC2 Image Builder lets you automate the creation, testing, and distribution of custom AMIs. By adding the Ubuntu Pro component_ (available on the AWS Marketplace for AMD64 and Graviton), you can attach an Ubuntu Pro subscription directly to your images during the build process. This enables any custom image—including those running non-Ubuntu operating systems—to attach a Pro license at build time for metered billing.

Note: Attaching an Ubuntu Pro subscription to a non-Ubuntu operating system only enables those machines to join EKS/ECS clusters running Ubuntu Pro containers. It does not provide access to other Ubuntu Pro services, such as 10 years of maintenance, FIPS, or Kernel Livepatch.


This guide walks through the steps to subscribe to the Ubuntu Pro component and use it in an EC2 Image Builder pipeline.


Prerequisites
-------------

* An AWS account with sufficient IAM permissions to use EC2 Image Builder (``imagebuilder:*``), create and manage EC2 instances, and access the AWS Marketplace.
* Familiarity with the EC2 Image Builder console or AWS CLI. If you are new to Image Builder, the `EC2 Image Builder tutorials`_ are a good starting point.


Subscribe to the Ubuntu Pro component
--------------------------------------

Before using the component in a pipeline, you must subscribe to it on the AWS Marketplace. For general guidance on working with Marketplace components in Image Builder, refer to the `AWS documentation on using Marketplace components`_.

1. Open the AWS Marketplace listing for your target architecture:

* `Ubuntu Pro Component for EC2 Image Builder (AMD)`_
Comment thread
JessicaJang marked this conversation as resolved.
* `Ubuntu Pro Component for EC2 Image Builder (Arm)`_
Comment thread
JessicaJang marked this conversation as resolved.

2. Choose :guilabel:`View purchase options`.
3. Review the terms and choose :guilabel:`Accept Terms`.
4. Wait for the subscription to become active.

.. note::

A separate subscription is required for each architecture (AMD and ARM) if you intend to build images for both.


Create an image recipe

@JessicaJang JessicaJang May 20, 2026

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i personally think this tutorial section is not needed since it's well documented in official AWS document page.

i wouldn't mind to put step by step guide in here but feels redundant.

@rpocase rpocase May 21, 2026

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i would reference upstream here, assuming it meets our standard. i always prefer to reference rather than duplicating

@k-dimple k-dimple May 25, 2026

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I agree. It's better to point to upstream documentation, instead of duplicating stuff.

However, it would be nice to mention the specific change needed in this case - i.e. the bit about selecting the Ubuntu Pro component (unless that is also documented upstream).

-----------------------

An image recipe defines the base image and the components to apply during a build.

.. tab-set::

.. tab-item:: AWS CLI

1. Retrieve the Ubuntu Pro component ARN for your target architecture.

For AMD:

.. code::

aws imagebuilder list-components \
--owner AWSMarketplace \
--query "componentVersionList[?productCodes[?productCodeId=='9bztusbna2lfuk6zw7upzdvsv']]"

For ARM:

.. code::

aws imagebuilder list-components \
--owner AWSMarketplace \
--query "componentVersionList[?productCodes[?productCodeId=='291iwywwdb7ujmih1x7z4l3my']]"

Example output:

.. code::

[
{
"arn": "arn:aws:imagebuilder:us-east-1:aws-marketplace:component/ubuntu-pro-component-prod-w2osc53uiegx4/1.0.0",
"name": "Ubuntu Pro Component-prod-w2osc53uiegx4",
"version": "1.0.0",
"description": "Ubuntu Pro component",
"platform": "Linux",
"supportedOsVersions": [
"Ubuntu 18",
"Ubuntu 20",
"Ubuntu 22",
"Ubuntu 24"
],
"type": "BUILD",
"owner": "AWSMarketplace",
"status": "ACTIVE",
"productCodes": [
{
"productCodeId": "9bztusbna2lfuk6zw7upzdvsv",
"productCodeType": "marketplace"
}
]
}
]

Note the ``arn`` value from the output.

2. Create the image recipe, substituting the component ARN from the previous step and the base image AMI ID for your target architecture:

.. code::

aws imagebuilder create-image-recipe \
--name "ubuntu-pro-recipe" \
--semantic-version "1.0.0" \
--components '[{"componentArn": "<component-arn-from-above>"}]' \
--parent-image "<your-ami-id>"

.. tab-item:: Console

1. Open the `EC2 Image Builder console`_.
2. In the left navigation pane, choose :guilabel:`Image recipes`, then choose :guilabel:`Create image recipe`.
3. Enter a name and version for the recipe.
4. Under :guilabel:`Base image`, choose :guilabel:`Select managed images` and search for ``ubuntu``. Select the Ubuntu LTS AMI that matches your target architecture (e.g. Ubuntu 24.04 LTS for AMD or ARM).
5. Under :guilabel:`Components`, choose :guilabel:`Add components`.
6. Switch to the :guilabel:`AWS Marketplace` tab and search for ``Ubuntu Pro``.
7. Select :guilabel:`Ubuntu Pro Component for EC2 Image Builder` (or the ARM variant) and choose :guilabel:`Add component`.
8. Optionally, add any additional build or test components for your workload.
9. Choose :guilabel:`Create recipe`.


Create an infrastructure configuration
----------------------------------------

An infrastructure configuration specifies the instance type and IAM role that Image Builder uses to run the build.

.. tab-set::

.. tab-item:: AWS CLI

.. code::

aws imagebuilder create-infrastructure-configuration \
--name "<your-infra-config-name>" \
--instance-profile-name "EC2InstanceProfileForImageBuilder" \
--instance-types "t3.medium"

.. tab-item:: Console

1. In the left navigation pane, choose :guilabel:`Infrastructure configurations`, then choose :guilabel:`Create infrastructure configuration`.
2. Enter a name.
3. Under :guilabel:`IAM role`, choose or create a role that includes the ``EC2InstanceProfileForImageBuilder`` managed policy.
4. Choose an appropriate :guilabel:`Instance type` for the architecture you are targeting (e.g. ``t3.medium`` for AMD, ``t4g.medium`` for ARM).
5. Choose :guilabel:`Create infrastructure configuration`.


Create a distribution configuration
-------------------------------------

A distribution configuration defines the Regions and output settings for the built AMI.

.. tab-set::

.. tab-item:: AWS CLI

.. code::

aws imagebuilder create-distribution-configuration \
--name "<your-distribution-config-name" \
--distributions '[{"region": "<your-region>", "amiDistributionConfiguration": {}}]'

.. tab-item:: Console

1. In the left navigation pane, choose :guilabel:`Distribution settings`, then choose :guilabel:`Create distribution settings`.
2. Enter a name.
3. Under :guilabel:`Region`, confirm or add the target Regions where the AMI should be available.
4. Optionally, configure AMI tags, launch permissions, or copying to additional Regions.
5. Choose :guilabel:`Create distribution settings`.


Create and run an image pipeline
----------------------------------

An image pipeline ties together the recipe, infrastructure configuration, and distribution configuration.

.. tab-set::

.. tab-item:: AWS CLI

1. Create the pipeline, substituting the all ARN sections from the resources created in the previous steps:

.. code::

aws imagebuilder create-image-pipeline \
--name "<your-pipeline-name>" \
--image-recipe-arn "<recipe-arn>" \
--infrastructure-configuration-arn "<infra-config-arn>" \
--distribution-configuration-arn "<distro-config-arn>"

2. To start a build immediately:

.. code::

aws imagebuilder start-image-pipeline-execution \
--image-pipeline-arn "<pipeline-arn>"

.. tab-item:: Console

1. In the left navigation pane, choose :guilabel:`Image pipelines`, then choose :guilabel:`Create image pipeline`.
2. Enter a pipeline name.
3. Under :guilabel:`Build schedule`, choose :guilabel:`Manual` to trigger builds on demand, or configure a schedule.
4. Select the recipe, infrastructure configuration, and distribution configuration created in the previous steps.
5. Choose :guilabel:`Create pipeline`.
6. To start a build immediately, select the pipeline and choose :guilabel:`Actions` > :guilabel:`Run pipeline`.

Image Builder will launch a temporary build instance, apply the Ubuntu Pro component (which enables Pro services), run any test components, terminate the build instance, and register the resulting AMI in the configured Regions.


Verify the resulting AMI
-------------------------

Once the pipeline run completes:

1. In the pipeline details page, choose the completed image version to view its ARN and AMI ID.
2. Launch an instance from the AMI.
3. Connect to the instance and confirm that Pro is active:

.. code::

sudo pro status

The output should show Ubuntu Pro as ``attached`` with the relevant services enabled.


.. _EC2 Image Builder tutorials: https://docs.aws.amazon.com/imagebuilder/latest/userguide/ib-tutorials.html
.. _AWS documentation on using Marketplace components: https://docs.aws.amazon.com/imagebuilder/latest/userguide/use-marketplace-components.html
.. _Ubuntu Pro component: https://aws.amazon.com/marketplace/pp?sku=9bztusbna2lfuk6zw7upzdvsv
.. _Ubuntu Pro Component for EC2 Image Builder (AMD): https://aws.amazon.com/marketplace/pp?sku=9bztusbna2lfuk6zw7upzdvsv
.. _Ubuntu Pro Component for EC2 Image Builder (ARM): https://aws.amazon.com/marketplace/pp?sku=291iwywwdb7ujmih1x7z4l3my
.. _EC2 Image Builder console: https://console.aws.amazon.com/imagebuilder/
1 change: 1 addition & 0 deletions docs/aws/aws-how-to/instances/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,7 @@ Deploy Canonical products such as the data science stack on your EC2 instances.
Import a local Ubuntu VM <import-local-vm-to-aws>
Complete hardening of a base CIS Level 1 instance <cis-hardening>
Build an Ubuntu Pro AMI using Packer <build-pro-ami-using-packer>
Build a custom Ubuntu Pro image with EC2 Image Builder <build-ubuntu-pro-image-with-ec2-image-builder>
Create CloudFormation templates <build-cloudformation-templates>
Install 64k page kernel <install-64k-kernel>
Install NVIDIA drivers <install-nvidia-drivers>
Expand Down
2 changes: 1 addition & 1 deletion docs/aws/index.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ Ubuntu on EC2 offers a flexible foundation for running cloud workloads, from lau
- :doc:`EC2 credentials <aws-reference/ec2-credentials>` • :doc:`Launch an instance using CLI <aws-how-to/instances/launch-ubuntu-ec2-instance>` • :doc:`Find images <aws-how-to/instances/find-ubuntu-images>` • :doc:`Launch a desktop <aws-how-to/instances/launch-ubuntu-desktop>` • :doc:`Import a local Ubuntu VM into AWS <aws-how-to/instances/import-local-vm-to-aws>`

* - **Creating AMIs and templates**
- :doc:`Build an Ubuntu Pro AMI using Packer <aws-how-to/instances/build-pro-ami-using-packer>` • :doc:`Create CloudFormation templates <aws-how-to/instances/build-cloudformation-templates>`
- :doc:`Build an Ubuntu Pro AMI using Packer <aws-how-to/instances/build-pro-ami-using-packer>` • :doc:`Build a custom Ubuntu Pro image with EC2 Image Builder <aws-how-to/instances/build-ubuntu-pro-image-with-ec2-image-builder>` • :doc:`Create CloudFormation templates <aws-how-to/instances/build-cloudformation-templates>`

* - **Custom configurations**
- :doc:`Install 64K page kernel <aws-how-to/instances/install-64k-kernel>` • :doc:`install NVIDIA drivers <aws-how-to/instances/install-nvidia-drivers>` • :doc:`Configure multiple NICs <aws-how-to/instances/automatically-setup-multiple-nics>` • :doc:`Use UEFI secure boot and TPM <aws-how-to/security/use-secureboot-and-vtpm>` • :doc:`Launch and attest an AMD SEV-SNP instance <aws-how-to/instances/launch-and-attest-amd-sev-snp-instances>` • :doc:`Complete hardening of a base CIS Level 1 instance <aws-how-to/instances/cis-hardening>`
Expand Down
Loading