feat: Storage size settings for AMI builder (#617)

Author: kichik

API.md

@@ -3,7 +3,7 @@ import { aws_imagebuilder as imagebuilder } from 'aws-cdk-lib';
 import { Construct } from 'constructs';
 import { ImageBuilderComponent } from './builder';
 import { ImageBuilderObjectBase } from './common';
-import { Architecture, Os } from '../../providers';
+import { amiRootDevice, Architecture, Os } from '../../providers';
 import { uniqueImageBuilderName } from '../common';
 
 /**
@@ -27,6 +27,11 @@ interface AmiRecipeProperties {
    */
   readonly baseAmi: string;
 
+  /**
+   * Storage size for the builder.
+   */
+  readonly storageSize?: cdk.Size;
+
   /**
    * Components to add to target container image.
    */
@@ -57,12 +62,23 @@ export class AmiRecipe extends ImageBuilderObjectBase {
       };
     });
 
+    const blockDeviceMappings = props.storageSize ? [
+      {
+        deviceName: amiRootDevice(this, props.baseAmi).ref,
+        ebs: {
+          volumeSize: props.storageSize.toGibibytes(),
+          deleteOnTermination: true,
+        },
+      },
+    ] : undefined;
+
     this.name = uniqueImageBuilderName(this);
     this.version = this.generateVersion('ImageRecipe', this.name, {
       platform: props.platform,
       components,
       parentAmi: props.baseAmi,
       tags: props.tags,
+      blockDeviceMappings,
     });
 
     let workingDirectory;
@@ -81,6 +97,7 @@ export class AmiRecipe extends ImageBuilderObjectBase {
       components,
       workingDirectory,
       tags: props.tags,
+      blockDeviceMappings,
     });
 
     this.arn = recipe.attrArn;

src/image-builders/aws-image-builder/ami.ts

@@ -39,6 +39,15 @@ export interface AwsImageBuilderRunnerImageBuilderProps {
    */
   readonly instanceType?: ec2.InstanceType;
 
+  /**
+   * Size of volume available for builder instances. This modifies the boot volume size and doesn't add any additional volumes.
+   *
+   * Use this if you're building images with big components and need more space.
+   *
+   * @default default size for AMI (usually 30GB for Linux and 50GB for Windows)
+   */
+  readonly storageSize?: cdk.Size;
+
   /**
    * Options for fast launch.
    *
@@ -312,6 +321,7 @@ export class AwsImageBuilderRunnerImageBuilder extends RunnerImageBuilderBase {
   private infrastructure: imagebuilder.CfnInfrastructureConfiguration | undefined;
   private readonly role: iam.Role;
   private readonly fastLaunchOptions?: FastLaunchOptions;
+  private readonly storageSize?: cdk.Size;
   private readonly waitOnDeploy: boolean;
   private readonly dockerSetupCommands: string[];
   private readonly tags: { [key: string]: string };
@@ -335,6 +345,7 @@ export class AwsImageBuilderRunnerImageBuilder extends RunnerImageBuilderBase {
     this.baseAmi = props?.baseAmi ?? defaultBaseAmi(this, this.os, this.architecture);
     this.instanceType = props?.awsImageBuilderOptions?.instanceType ?? ec2.InstanceType.of(ec2.InstanceClass.M6I, ec2.InstanceSize.LARGE);
     this.fastLaunchOptions = props?.awsImageBuilderOptions?.fastLaunchOptions;
+    this.storageSize = props?.awsImageBuilderOptions?.storageSize;
     this.waitOnDeploy = props?.waitOnDeploy ?? true;
     this.dockerSetupCommands = props?.dockerSetupCommands ?? [];
 
@@ -766,6 +777,7 @@ export class AwsImageBuilderRunnerImageBuilder extends RunnerImageBuilderBase {
       components: this.bindComponents(),
       architecture: this.architecture,
       baseAmi: this.baseAmi,
+      storageSize: this.storageSize,
       tags: this.tags,
     });
 

src/image-builders/aws-image-builder/builder.ts

@@ -1,10 +1,12 @@
 import { DescribeImagesCommand, DescribeLaunchTemplateVersionsCommand, EC2Client } from '@aws-sdk/client-ec2';
+import { GetImageCommand, ImagebuilderClient } from '@aws-sdk/client-imagebuilder';
 import { GetParameterCommand, SSMClient } from '@aws-sdk/client-ssm';
 import * as AWSLambda from 'aws-lambda';
 import { customResourceRespond } from '../lambda-helpers';
 
 const ssm = new SSMClient();
 const ec2 = new EC2Client();
+const ib = new ImagebuilderClient();
 
 
 async function handleAmi(event: AWSLambda.CloudFormationCustomResourceEvent, ami: string) {
@@ -75,6 +77,20 @@ export async function handler(event: AWSLambda.CloudFormationCustomResourceEvent
           break;
         }
 
+        if (ami.match('^arn:aws[^:]*:imagebuilder:[^:]+:[^:]+:image/.*$')) {
+          console.log(`Checking Image Builder ${ami}`);
+
+          const img = await ib.send(new GetImageCommand({ imageBuildVersionArn: ami }));
+          const actualAmi = img.image?.outputResources?.amis?.[0]?.image;
+          if (!actualAmi) {
+            await customResourceRespond(event, 'FAILED', `${ami} doesn't have an AMI`, 'ERROR', {});
+            break;
+          }
+
+          await handleAmi(event, actualAmi);
+          break;
+        }
+
         await customResourceRespond(event, 'FAILED', `Unknown type of AMI ${ami}`, 'ERROR', {});
         break;
       case 'Delete':

src/providers/ami-root-device.lambda.ts

@@ -507,6 +507,8 @@ export abstract class BaseProvider extends Construct {
 /**
  * Use custom resource to determine the root device name of a given AMI, Launch Template, or SSM parameter pointing to AMI.
  *
+ * TODO move somewhere more common as it's used by both providers and AMI builder now
+ *
  * @internal
  */
 export function amiRootDevice(scope: Construct, ami?: string) {
@@ -521,6 +523,7 @@ export function amiRootDevice(scope: Construct, ami?: string) {
           'ssm:GetParameter',
           'ec2:DescribeImages',
           'ec2:DescribeLaunchTemplateVersions',
+          'imagebuilder:GetImage',
         ],
         resources: ['*'],
       }),

src/providers/common.ts

@@ -105,54 +105,54 @@
         }
       }
     },
-    "83c9fbef7e367049876156e1b2fd8fb89d8044003b26b693e2e7aca16fd4fb7f": {
+    "88cc171bf3103a3b98ba0006fc7e5c6fdfd338c03591b344bb4cf60f1a9da18c": {
       "source": {
-        "path": "asset.83c9fbef7e367049876156e1b2fd8fb89d8044003b26b693e2e7aca16fd4fb7f.lambda",
+        "path": "asset.88cc171bf3103a3b98ba0006fc7e5c6fdfd338c03591b344bb4cf60f1a9da18c.lambda",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "83c9fbef7e367049876156e1b2fd8fb89d8044003b26b693e2e7aca16fd4fb7f.zip",
+          "objectKey": "88cc171bf3103a3b98ba0006fc7e5c6fdfd338c03591b344bb4cf60f1a9da18c.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     },
-    "58d5d36cd7892b7fd12ad066a7375852ea9dccee4d69b43d39d22c6017650342": {
+    "83c9fbef7e367049876156e1b2fd8fb89d8044003b26b693e2e7aca16fd4fb7f": {
       "source": {
-        "path": "asset.58d5d36cd7892b7fd12ad066a7375852ea9dccee4d69b43d39d22c6017650342.lambda",
+        "path": "asset.83c9fbef7e367049876156e1b2fd8fb89d8044003b26b693e2e7aca16fd4fb7f.lambda",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "58d5d36cd7892b7fd12ad066a7375852ea9dccee4d69b43d39d22c6017650342.zip",
+          "objectKey": "83c9fbef7e367049876156e1b2fd8fb89d8044003b26b693e2e7aca16fd4fb7f.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     },
-    "49869fe027dea4e6f2328c09949544583e341ef66f515b3b37ddacf60879a30c": {
+    "58d5d36cd7892b7fd12ad066a7375852ea9dccee4d69b43d39d22c6017650342": {
       "source": {
-        "path": "asset.49869fe027dea4e6f2328c09949544583e341ef66f515b3b37ddacf60879a30c.lambda",
+        "path": "asset.58d5d36cd7892b7fd12ad066a7375852ea9dccee4d69b43d39d22c6017650342.lambda",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "49869fe027dea4e6f2328c09949544583e341ef66f515b3b37ddacf60879a30c.zip",
+          "objectKey": "58d5d36cd7892b7fd12ad066a7375852ea9dccee4d69b43d39d22c6017650342.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
     },
-    "2b3e3110ffb96a7df77acaa663361ec1c03e985af62941397f4806ba6fbde75f": {
+    "49869fe027dea4e6f2328c09949544583e341ef66f515b3b37ddacf60879a30c": {
       "source": {
-        "path": "asset.2b3e3110ffb96a7df77acaa663361ec1c03e985af62941397f4806ba6fbde75f.lambda",
+        "path": "asset.49869fe027dea4e6f2328c09949544583e341ef66f515b3b37ddacf60879a30c.lambda",
         "packaging": "zip"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "2b3e3110ffb96a7df77acaa663361ec1c03e985af62941397f4806ba6fbde75f.zip",
+          "objectKey": "49869fe027dea4e6f2328c09949544583e341ef66f515b3b37ddacf60879a30c.zip",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }
@@ -209,15 +209,15 @@
         }
       }
     },
-    "3567610749b1cf82857927a0f111cfd36a7121619b529d37f8173ea62c8e5352": {
+    "ad6535663e15be1d9ef317b02833ee916c2e2121ebf0a5bf118355124cce1a65": {
       "source": {
         "path": "github-runners-test.template.json",
         "packaging": "file"
       },
       "destinations": {
         "current_account-current_region": {
           "bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
-          "objectKey": "3567610749b1cf82857927a0f111cfd36a7121619b529d37f8173ea62c8e5352.json",
+          "objectKey": "ad6535663e15be1d9ef317b02833ee916c2e2121ebf0a5bf118355124cce1a65.json",
           "assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
         }
       }