Amazon Machine Image (AMI) / twtech-Custom-AMI | Overview & Hands-On.

An Overview & Hands-On for Amazon Machine Image (AMI) / twtech-Custom-AMI.

Focus,

• Tailored for Devops, DevSecops & Cloud Engineers.

Breakdown:

• How to start and customize its EC2 instances.
• How to stops its running instances (for data integrity).
• Insights,
• How twtech builds Custom AMI,(step-by-step)
• How twtech launches instances with Custom AMIs. 
• twtech Custom-AIM is built with dependencies, packages & the application ready to run within any linux enviroment.
• Hands-On,

The concept of : AMI

An Amazon Machine Image (AMI) is a pre-configured virtual machine image used to launch EC2 instances in Amazon Web Services (AWS).

AMIs, includes all the information required to boot an instance, such as:

• Operating System (OS)
• Application Server
• Applications
• Runtime libraries
• Configurations

AMI Components

1. A root volume template (e.g., OS and installed software)
2. Launch permissions (controls who can use the AMI)
3. Block device mapping (defines volumes attached when launched)

Types of AMIs

1. AWS-Provided AMIs
• Maintained by AWS (e.g., Amazon Linux, Ubuntu, Windows Server)
2. Marketplace AMIs
• Provided by vendors (twtech often preconfigured for specific software)
3. Community AMIs
• Shared by users publicly
4. Custom AMIs(private AMIs)
• Created by users (twtech) from an existing EC2 instance

Common Use Cases

• Quickly deploy identical servers
• Backup EC2 instances
• Build golden images for compliance
• Speed up auto scaling group launch time

AMI Lifecycle

1. Launch EC2 instance
2. Customize instance
3. Create Image (AMI) from instance
4. Use AMI to launch more instances

Key Attributes

• Region-specific: AMIs are available only in the region they are created
• Can be copied to other regions
• Support for encryption when using encrypted volumes

Insights

•  Public AMI:  AWS provided,
•  Private AMI: twtech private AMI is created and maintained by twtech. 

The Difference between public and private AMIs

• The difference between public and private AMIs in AWS comes down to access control—who can see and use the AMI.

 Public AMIs

• Visibility: Accessible to any AWS account.
• Use Case: Shared for general use—e.g., Amazon Linux AMIs, community AMIs, or marketplace images.
• Management: Created by AWS, third-party vendors, or users who choose to share them publicly.
• Security Risk: If not properly sanitized, they could expose sensitive data or contain vulnerabilities.

Example: An open-source developer publishes a hardened Ubuntu AMI for the public to use.

 Private AMIs

• Visibility: Only accessible to the AWS account that created it (twtech), or to specific AWS accounts explicitly granted permission or if published in the marketplace.
• Use Case: Used to launch internal systems with custom configurations (e.g., enterprise applications, golden images).
• Access Control: twtech can share with specific AWS account IDs using Launch Permissions.
• Secure: Ideal for internal, regulated, or production environments.

Example: twtech  creates a private AMI with custom monitoring agents and internal software for internal deployments.

 Summary Table

Feature	Public AMI	Private AMI
Visibility	Everyone on AWS	Only your account or shared accounts
Sharing Control	Open to all	Explicitly shared
Security Risk	Higher (if not sanitized)	Lower (restricted access)
Use Case	Community use, demos, marketplaces	Internal apps, enterprise images

Project: AMI / Custom AMI boostrapped wih application and dependecies (Hands-on).

Project scope:

• twtech Launches an instance: twtech-instance,
• Sonarqube application and dependencies bootstrapped at launch,
• twtech verifies that the applications bootstrapped is running seamlessly,
• twtech Creates a custom AMIs from instance image (with the applications sonarqube/depencies already installed in it),
• twtech uses the custom image (twtech-custom-AMI) to quickly create other instances. Remenber the twtech-custome AMi comes already equipped with testable depenencies, packages and applications.
• twtech,  Also test that the application  created from twtech-custome AMI is running as expected. 
• twtech can possibly, publish twtech-custom AIM to AWS Marketplace...fetch money if it passes aws compliance /test.

Project: Handso-On

How twtech uses AMI to create custom-AMI which comes with ready  to use applications and its dependencies.

Step-1:

• Go to EC2 UI and Launch an instance: twtech-instance

Launch instance:  twtech-instance

• Select Application and OS Images (Amazon Machine Image)
• An AMI is a template that contains the software configuration (operating system, application server, and applications) required to launch your instance. 
• twtech Searches or Browse for AMIs if it doesn’t see  the AMI it is looking for.
• twtech Choice for this Project: Amazon linux 2023 AMI

• Select the Instance type: t2.medium is the minimum recommendation for sonarqube to run

• Select the Key pair if twtech would subsequently SSH into the instance:  twtech-keyPair

• For Network settings, select a security group initially created or create one: sonarqube-SG

• Configure storage: root-volume can only be added. It can not be reduced.
•  From: 8GiB

• To: 15GiB

Step-2:

• twtech configures advance settings for: userdata:

• Scroll down to: userdata: upload the script or write one.
• Link to script: 

https://github.com/Devopspat35/Package-management/blob/master/twtech-sonarqube.sh

• twtech version of java recommended for amazon linux 2023 and the application to run seamlessly: java-11-amazon-corretto

 sudo dnf install java-11-amazon-corretto -y

Step-3:

• Go through summary and lunch instance(twtech-instance): Dependencies, packages and sonarqube application would be bootstrapped. 

• Verify on EC2-console that instance is lunched: twtech-instance

• Connect (ssh) to instance to verify that all packages are bootstrapped.

• Choose the connection method: SSH client

Step-4:

• Switch user to sonar and verify that sonarqube was bootstrapped

sudo su - sonar

Step-5:

•  Verify who owns the sonarqube directory, it should be: sonar:sonar

 ls -al /opt/sonarqube

Step-6:

• Verify installed packages and dependencies installed : Sudo dnf install java-11-amazon-corretto -y

 java -version

Step-7:

•  Start sonarqube

sh /opt/sonarqube/bin/linux-x86-64/sonar.sh start

# Verify status of sonarqube:

sh /opt/sonarqube/bin/linux-x86-64/sonar.sh status

Step-8:

• Access sonarqube logs: CLI
• Get pubip for twtech-instance: curl ifconfig.me

curl -v <twtechPubIP>:9000

curl -v 3.12.xxx.146:9000

Step-9:

• Access sonarqube application on browser: UI

Step-10:

• Login to browser as admin user and create other twtech users: twtech-patpat

Step-11:

• Alternatively: twtech may also: run sonarque as a service with a soft link
• Alternative way to start sonarqube as a service:
• sudo vi into the file:

sudo vi /etc/systemd/system/sonarqube.service

# configure the file with the follow to settings for : sonarqube service

[Unit]

Description=SonarQube service

After=syslog.target network.target

[Service]

Type=forking

ExecStart=/opt/sonarqube/bin/linux-x86-64/sonar.sh start

ExecStop=/opt/sonarqube/bin/linux-x86-64/sonar.sh stop

User=sonar

Group=sonar

Restart=always

[Install]

WantedBy=multi-user.target

Step-12:

•  Run system daemon-reexec to fresh server

sudo systemctl daemon-reexec

•  Roload the system:

sudo systemctl daemon-reload

•  enable sonarqube service:

sudo systemctl status sonarqube

• start sonarQube server

sudo systemctl start sonarqube

Step-13:

•  verify status of sonarqube:

sudo systemctl status

•  Access the sonarqube application: Get the host PubIPaddress:

curl ifconfig.me

• Acessing the sonarqube  logs : CLI

• Acessing the sonarqube on the browser: GUI (UI)
• http://<twtech-instance-public-ip>:9000

3.12.xxx.146:9000

Step-14:

Login as admin user:

#Default USERNAME: admin

#Default password: admin

Step-15:

•  How twtech admin  creates custom AMI from ec2-instance: sonarqube-server
• This will save the state of the sonarqube-server as a custom AMI: twtech-sonarqube-custom-ami
•  twtech creates custom AMIs from: image-and-template
•  Select Instance and Create custom-image: 

• Create image from twtech-instance (with sonarqube application fully installed and running) on amonzon linux 2023. 

Step-16:

• Add tags and create image:
• Name: sonarqube-image-for-amazon-linux-2023

• Step-17:
• twtech verifies  custom AMIs (image) created 

• After a couple of minutes, twtech custom ami for amazon-linux 2023 with sonarqube should be full created and available:

Step-17:

• twtech used its custom AMIs(sonarqube-image-for-amzon-linux-2023) to create other instances.

Step-18:

• Assign a name and tag: twtech-sonar-server-from-custom-amazon-linux2023-ami

• Select instance type: sonarqube runs on, t2.medium or above

• Select a key pair : If twtech would ssh into instance subsequently

• Select the security group or create one: sonarqube-SG 

• Launch instance from custom ami:

Step-19:

• Connect to the instance (twtech-sonar-server-from-custom-amazon-linux2023-ami) when it is fully initialized.

Step-20:

• Accessing the logs of sonarqube server from: twtech-custom ami 

Step-21:

• Access sonarqube application provisioned from custom ami:

• Login as admin user and start creating users and projects:

Successfully, 

• twtech created a Custom AMI with sonarqube application already installed. it is for amazon linux-2023. This application can be put to the aws marketplace. People can buy and use easily.

up-NEXT

• How to Publish a custom Amazon Machine Image to AWS Marketplace.

Youtube resources: https://www.youtube.com/watch?v=xvYUN6HB8aQ