feat(imagebuilder-alpha): add support for Image Recipe Construct

[tarunb12]

Issue

aws/aws-cdk-rfcs#789

Reason for this change

This change adds a new alpha module for EC2 Image Builder L2 Constructs (@aws-cdk/aws-imagebuilder-alpha), as outlined in aws/aws-cdk-rfcs#789. This PR specifically implements the ImageRecipe construct.

Description of changes

This change implements the ImageRecipe construct, which is a higher-level construct of CfnImageRecipe.

Example

const userData = ec2.UserData.forLinux();
userData.addS3DownloadCommand({
  bucket: s3.Bucket.fromBucketName(this, 'Bucket', `test-bucket-${this.account}`),
  bucketKey: 'test-key',
  localFile: 's3-executable.sh',
});
userData.addExecuteFileCommand({ filePath: 's3-executable.sh' });
userData.addCommands('User Data complete!');

const imageRecipe = new imagebuilder.ImageRecipe(this, 'ImageRecipe', {
  imageRecipeName: 'test-image-recipe',
  imageRecipeVersion: '1.0.0',
  description: 'An Image Recipe',
  // Use an AL2023 base image
  baseImage: imagebuilder.BaseImage.fromSsmParameterName(
    this,
    'MachineImage',
    '/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64',
  ),
  // Use an AWS-managed component, shared component, self-owned component with parameters, and marketplace component
  components: [
    {
      component: imagebuilder.AwsManagedComponent.updateOS(this, 'UpdateOS', {
        platform: imagebuilder.Platform.Linux,
      }),
    },
    {
      component: imagebuilder.Component.fromComponentArn(
        this,
        'ComplianceTestComponent',
        `arn:${this.partition}:imagebuilder:${this.region}:123456789012:component/compliance-test/2025.x.x.x`,
      ),
    },
    {
      component: imagebuilder.AwsMarketplaceComponent.fromAwsMarketplaceComponentAttributes(
        this,
        'MarketplaceComponent',
        {
          name: 'marketplace-component-name',
          marketplaceProductId: '12345678-1234-1234-1234-123456789012',
        },
      ),
    },
    {
      component: imagebuilder.Component.fromComponentAttributes(this, 'CustomComponent', {
        componentName: 'custom-component',
      }),
      parameters: {
        CUSTOM_PARAMETER_KEY: imagebuilder.ComponentParameterValue.fromString('custom-parameter-value'),
      },
    },
  ],
  workingDirectory: '/var/tmp',
  // Optional - retain the SSM agent after the build, and apply custom userdata
  uninstallSsmAgentAfterBuild: false,
  userDataOverride: userData,
  // Optional - attach additional block device to the build instance
  blockDevices: [
    {
      deviceName: '/dev/sda1',
      mappingEnabled: true,
      volume: ec2.BlockDeviceVolume.ebs(50, {
        deleteOnTermination: true,
        iops: 1000,
        volumeType: ec2.EbsDeviceVolumeType.GP3,
        throughput: 1000,
        encrypted: true,
        kmsKey: kms.Key.fromLookup(this, 'VolumeKey', { aliasName: 'alias/volume-encryption-key' }),
      }),
    },
  ],
  // Optional - specify tags to apply to the output AMI
  amiTags: {
    Environment: 'production',
  },
});

Describe any new or updated permissions being added

N/A - new L2 construct in alpha module

Description of how you validated changes

Validated with unit tests and integration tests. Manually verified generated CFN templates as well.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[ozelalisen]

Thanks for considering patterns from previous PRs, left first round of comments

[ozelalisen]

This should not be belong here, it was related to fromImageRecipeAttributes method

[tarunb12]

yeah good call. we can actually use .getAtt('Version') here (for some reason, that is not modeled as .attrVersion on the L1)

[ozelalisen]

What happens if on my baseimage there is not any ssmagent, and I set this as true?

[tarunb12]

it behaves the same as the default behavior - the output image will not contain the SSM agent

[ozelalisen]

There can be multiple values but, only one value can be saved via this method

[tarunb12]

The API/CFN input is string list, but only one element is supported for now (to support the simple string data type), so that it can be extended once stringList is supported here

[ozelalisen]

I do not see any purpose with this class, because parameter value can only be list of strings, so we do not need create an additional parameter value class, this pattern is useful, when value is any that can be number, string, bool.

[tarunb12]

Yeah - I created it like this so that when Image Builder components support more parameter value data types, we can extend it easily here, rather than having to deprecate the property if we add support for stringLists or booleans for example

[ozelalisen]

So, it is expected that this might be extended for different types?

[tarunb12]

Correct - that was the intent of making this class

[ozelalisen]

This can be simplify as:

Suggested change

	readonly parameters?: { [name: string]: ComponentParameterValue };
	readonly parameters?: { [name: string]: string[] };

[tarunb12]

I think we should keep this as ComponentParameterValue. As noted in the other comment, a string list is accepted in API/CFN, but only one element is supported since only the string data type is supported. When stringList, boolean, etc. is supported, ComponentParameterValue would be the better option here, following CDK design guideline for union data types

Pull request has been modified.

[ozelalisen]

What is the purpose of this?

[tarunb12]

We are gonna use this in Image/ImagePipeline constructs. In those constructs, recipe: IRecipeBase will be accepted which can be either an image or container recipe. This method helps us know which recipe, so that we can map it to the correct parameter in the L1 definition. There will be a similar method for IContainerRecipe.

[ozelalisen]

So, it is expected that this might be extended for different types?

[ozelalisen]

What is purpose of this?