EC2 Image Builder takes the pain out of creating and maintaining custom AMIs. Instead of manually spinning up instances, installing packages, and snapshotting—you define a recipe once and let AWS handle the rest.
In this guide, I’ll walk you through building a custom AMI with NGINX pre-installed.
Step 1: Create Your Pipeline
Head to EC2 Image Builder in the AWS Console and click Create image pipeline.
Give it a name like nginx-webserver-pipeline and set the build schedule to Manual for now. You can automate it later once everything’s working.
Step 2: Configure the Recipe
This is where you define what goes into your AMI.
Image type: Choose AMI (you can also build container images, but we’ll stick with AMIs here).
Base image: Select Amazon Linux 2023. It’s got long-term support, modern packages, and you won’t be scrambling when security patches stop.
The Install Script
Here’s where the real work happens. Add this user data script to install NGINX:
#!/bin/bash
sudo dnf update -y
sudo dnf install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx
That’s it. Four lines. AL2023 has NGINX in the default repos, so no need for extra repositories or workarounds.
amazon-linux-extras command doesn’t exist in AL2023. Use dnf instead of yum, and packages like NGINX are available directly.Step 3: Infrastructure Settings
Pick your instance type (t3.medium works fine for most builds), select an IAM role with Image Builder permissions, and configure your VPC settings.
Make sure your security group allows outbound internet access—the build instance needs to download packages.
Step 4: Run It
Once the pipeline is created, hit Run pipeline. Image Builder will:
- Launch a temporary EC2 instance
- Run your install script
- Run any tests you’ve configured
- Create the final AMI
- Clean up the temporary instance
The whole process takes 15-30 minutes depending on what you’re installing.
Step 5: Verify
Once it’s done, you’ll find your shiny new AMI under EC2 → AMIs. Launch an instance from it and confirm NGINX is running:
sudo systemctl status nginx
curl localhost
You should see the default NGINX welcome page. Done.
AL2 vs AL2023 Quick Reference
If you’re migrating old scripts, here’s what changed:
| Task | AL2 (Dead) | AL2023 |
|---|---|---|
| Install NGINX | amazon-linux-extras install nginx1 | dnf install nginx |
| Install Java 17 | amazon-linux-extras install java-openjdk11 | dnf install java-17-amazon-corretto |
| Enable EPEL | amazon-linux-extras enable epel | dnf install epel-release |
| Update system | yum update -y | dnf update -y |
Tips for Production
- Version your recipes so you can track what changed between AMI builds
- Add test components to validate the AMI before distributing it
- Schedule regular rebuilds (monthly at minimum) to pick up security patches
- Tag everything for cost tracking and resource management
Common Issues
“command not found” errors: You’re probably using yum or amazon-linux-extras on AL2023. Switch to dnf.
NGINX won’t start: Check that you ran systemctl enable nginx and that your security group allows traffic on port 80.
Build stuck forever: Usually a networking issue. Make sure the build instance can reach the internet for package downloads. Check CloudWatch logs for details.
That’s it. You’ve got a repeatable, automated way to build custom AMIs. No more manual snapshots, no more “it worked on my machine” problems.
Next up: set up a schedule to rebuild weekly, and you’ll always have patched, up-to-date images ready to go.