Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Import verified Windows ISO disk images with Image Builder
A Windows operating system ISO file is a disk image file that contains the complete
installation package for a specific version of the Windows operating system. Microsoft
provides official Windows operating system ISO files for download, either directly from
their website or through authorized resellers. It's important to ensure that you obtain
the ISO files from a trusted and legitimate source to avoid potential malware or
unauthorized versions.
EC2 Image Builder uses the build-image-from-iso
import workflow to the ISO disk
file and create a secondary volume from it. After configuration is complete, Image Builder takes
a snapshot of the volume it created from the import and uses it to create an Amazon Machine
Image (AMI).
Supported operating systems for ISO disk image import
Image Builder supports the following Windows operating system ISO disk images:
Prerequisites to import an ISO disk image
To import an ISO disk image, you must first meet the following prerequisites:
-
The operating system of the disk image must be one that Image Builder supports. For
a list of supported operating systems, see Supported operating systems for ISO disk image import.
-
Before you can run the import process, you must upload your ISO disk
file to Amazon S3 in the same Amazon Web Services account and Amazon Web Services Region where the import runs.
-
The file extension is case sensitive for the import process, and must be
.ISO
.
-
Microsoft licensing is not automatically included with the import. You must bring
your own license (BYOL). For more information about licensing for Microsoft software,
see Licensing on the
Amazon Web Services and Microsoft Frequently Asked Questions
page.
-
The import process uses two separate IAM roles, as follows:
- Execution role
-
This role grants permission for Image Builder to call Amazon Web Services services on
your behalf. You can specify the
AWSServiceRoleForImageBuilder service-linked
role, which includes the permissions needed for the execution role, or
you can create your own role.
- Instance profile role
-
This role grants permission for the actions that the service
performs on the EC2 instance. You can specify an instance profile
role in your infrastructure configuration resource. You can
attach the EC2InstanceProfileForImageBuilder managed
policy to your instance profile role. This policy has the permissions
needed for the import process. For more information, see
Manage Image Builder infrastructure configuration.
Import an ISO disk image into Image Builder
Before you start the import process, make sure that you've met all of the
Prerequisites.
- Console
-
To import an ISO disk image with the Image Builder console, follow these steps:
-
Open the EC2 Image Builder console at
https://console.amazonaws.cn/imagebuilder/.
-
Choose Images from the
navigation pane.
-
To open the import dialog, choose Import image.
-
Enter the following General information:
-
Choose the import type: ISO import.
-
Enter the following ISO import configuration
details. Then choose Import image when you're done.
-
S3 URI – Enter the location
where your ISO disk file is stored. To browse for the file,
choose Browse S3.
-
IAM role – To associate an IAM role
with your import configuration, select the role from the
IAM role dropdown list, or choose
Create new role to create a new one. If you
create a new role, the IAM Roles console page opens in a
separate tab.
You can specify the AWSServiceRoleForImageBuilder service-linked
role, or you can specify your own custom role for service access.
-
You can optionally add tags to your Image Builder image resource. This does
not add the tags to your AMI.
-
The ISO infrastructure configuration defines
settings for the instance that Image Builder launches to host the import
process. You can use an infrastructure configuration that Image Builder creates,
based on service defaults, or you can use an existing infrastructure
configuration. For more information, see Manage Image Builder infrastructure configuration.
To create a new infrastructure configuration , choose
Create infrastructure configuration. This opens
in a separate tab. When you're done creating the new resource, you
can return to the import configuration, and choose Use
existing infrastructure configuration.
-
To start the import process, choose Import image.
After the import is complete, your image appears in the list of images
that you own. For more details, see List images.
- Amazon CLI
-
To import an image from an ISO disk file and create an AMI from it,
follow these steps from the Amazon CLI:
-
Create a CLI input JSON file
To streamline the Image Builder import-disk-image command
that is used in the Amazon CLI, we create a JSON file that contains
all of the import configuration that we want to pass into the command.
The naming convention for the data values in the JSON file follows the
pattern that is specified for the Image Builder API operation request parameters. To review the API operation request
parameters, see the
ImportDiskImage
operation in the EC2 Image Builder API Reference.
To provide the data values as command line parameters, refer to the
parameter names specified in the Amazon CLI Command Reference. to the Image Builder import-disk-image
command as options.
Here is a summary of the parameters that we specify in this example:
-
description (string) –
The description of the image recipe.
-
executionRole (string)
– The name or Amazon Resource Name (ARN) for the IAM role that
grants Image Builder access to perform workflow actions to import
an image from a Microsoft ISO file. You can specify the AWSServiceRoleForImageBuilder service-linked
role, or you can specify your own custom role for service access.
-
infrastructureConfigurationArn
(string, required) – The Amazon Resource Name (ARN) of the
infrastructure configuration resource that's used for launching the
EC2 instance on which the ISO image is built.
-
name (string, required) –
The name for the Image Builder image resource to create as output from the import.
-
osVersion (string, required) –
The operating system version for the ISO disk image. Valid values include
Microsoft Windows 11
.
-
platform (string, required) –
The operating system platform for the ISO disk image. Valid values include
Windows
.
-
semanticVersion (string, required) –
The semantic version for the output image that specifies the version
in the following format, with numeric values in each position to indicate
a specific version: <major>.<minor>.<patch>. For example,
1.0.0
. To learn more about semantic versioning for Image Builder resources, see
Semantic versioning in Image Builder.
-
uri (string, required) – The
URI of the ISO disk file that's stored in Amazon S3.
Save the file as import-iso-image.json
, to use in the
Image Builder import-disk-image command.
{
"name": "example-iso-disk-import",
"semanticVersion": "1.0.0",
"description": "Import an ISO disk image",
"executionRole": "ExampleExecutionRole",
"platform": "Windows",
"osVersion": "Microsoft Windows 11",
"infrastructureConfigurationArn": "arn:aws:imagebuilder:us-east-1
:111122223333
:infrastructure-configuration/example-infrastructure-configuration-123456789abc
",
"uri": "s3://amzn-s3-demo-source-bucket
/examplefile.iso
"
}
-
Import the image
Run the import-disk-image
command, with the file that you created as input:
aws imagebuilder import-disk-image --cli-input-json file://import-iso-image.json
-
You must include the file://
notation
at the beginning of the JSON file path.
-
The path for the JSON file should follow the appropriate
convention for the base operating system where you are running
the command. For example, Windows uses the backslash (\) to
refer to the directory path, while Linux and macOS use the forward slash (/).
After the import is complete, your image appears in the list of images
that you own. For more details, see List images.