feat(imagebuilder-alpha): add support for Container Recipe Construct

[tarunb12]

Issue

aws/aws-cdk-rfcs#789

Reason for this change

This change adds a new alpha module for EC2 Image Builder L2 Constructs (@aws-cdk/aws-imagebuilder-alpha), as outlined in aws/aws-cdk-rfcs#789. This PR specifically implements the ContainerRecipe construct.

Description of changes

This change implements the ContainerRecipe construct, which is a higher-level construct of CfnContainerRecipe.

Example

const containerRecipe = new imagebuilder.ContainerRecipe(this, 'ContainerRecipe', {
  containerRecipeName: 'test-container-recipe',
  containerRecipeVersion: '1.0.0',
  description: 'A Container Recipe',
  baseImage: imagebuilder.BaseImage.fromEcr(
    this,
    'ECRImage',
    ecr.Repository.fromRepositoryName(this, 'SourceRepository', 'source-repository'),
    'latest',
  ),
  dockerfile: imagebuilder.DockerfileData.fromInline(`
    FROM {{{ imagebuilder:parentImage }}}
    CMD ["echo", "Hello, world!"]
    {{{ imagebuilder:environments }}}
    {{{ imagebuilder:components }}}
  `),
  targetRepository: imagebuilder.Repository.fromEcr(
    ecr.Repository.fromRepositoryName(this, 'TargetRepository', 'imagebuilder-repository'),
  ),
  // Use an AWS-managed component, shared component, and a self-owned component with parameters
  components: [
    {
      component: imagebuilder.AwsManagedComponent.fromAwsManagedComponentName(
        this,
        'update-linux-component',
        'update-linux',
      ),
    },
    {
      component: imagebuilder.Component.fromComponentArn(
        this,
        'ComplianceTestComponent',
        `arn:${this.partition}:imagebuilder:${this.region}:123456789012:component/compliance-test/2025.x.x.x`,
      ),
    },
    {
      component: imagebuilder.Component.fromComponentAttributes(this, 'CustomComponent', {
        componentName: 'custom-component',
      }),
      parameters: {
        CUSTOM_PARAMETER: imagebuilder.ComponentParameterValue.fromString('custom-parameter-value'),
      },
    },
  ],
  workingDirectory: '/var/tmp',
  // The image + block devices to use for the EC2 instance used for building the container image
  instanceImage: imagebuilder.ContainerInstanceImage.fromSsmParameterName(
    this,
    'ContainerInstanceImage',
    '/aws/service/ecs/optimized-ami/amazon-linux-2023/recommended',
  ),
  instanceBlockDevices: [
    {
      deviceName: '/dev/sda1',
      mappingEnabled: true,
      volume: ec2.BlockDeviceVolume.ebs(50, {
        deleteOnTermination: true,
        iops: 1000,
        volumeType: ec2.EbsDeviceVolumeType.GP3,
        throughput: 1000,
        encrypted: true,
        kmsKey: kms.Key.fromLookup(this, 'VolumeKey', { aliasName: 'alias/volume-encryption-key' }),
      }),
    },
  ],
});

Describe any new or updated permissions being added

N/A - new L2 construct in alpha module

Description of how you validated changes

Validated with unit tests and integration tests. Manually verified generated CFN templates as well.

Checklist

• My code adheres to the CONTRIBUTING GUIDE and DESIGN GUIDELINES

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[kumsmrit]

Isn't the expected return type BaseContainerImage here?

[kumsmrit]

Can we elaborate what could this string value represent.

[kumsmrit]

Can we elaborate what could this string value represent.

[kumsmrit]

Why is this validation error needed? Can we just not parse the attributes as required?

[kumsmrit]

Can we add JSDoc here explaining what this helper does.

[kumsmrit]

Param name string is not intuitive, rename this to something meaningful and update doc string accordingly.

Pull request has been modified.

[kumsmrit]

The method says parameterName, this should be changed to:

Suggested change

	return this.fromSsmParameterName(parameter.parameterArn);
	return this.fromSsmParameterName(parameter.parameterName);

[kumsmrit]

Based on the CFN docs, this should be more explicit for SSM parameter:

Suggested change

	* The string value of the container instance image to use in a container recipe. This can either be an SSM parameter,
	* The string value of the container instance image to use in a container recipe. This can either be:
	* - an SSM parameter reference, prefixed with `ssm:` and followed by the parameter name or ARN
	* - an AMI ID

[kumsmrit]

Can we add JSDoc here explaining what this magic value x.x.x represents, and link reference docs.

[kumsmrit]

CFN docs doesn’t define a return value with Version attribute for Fn::GetAtt

[kumsmrit]

Why is this marked as an attribute? CFN docs don’t define a Version return value.

[kumsmrit]

nit:

Suggested change

	* run all components in the recipe
	* run all components in the recipe

[kumsmrit]

nit:

Suggested change

	* Windows builds, this would be C:/
	* Windows builds, this would be C:/

[kumsmrit]

Can this be extracted to enum to support other containerTypes?

[kumsmrit]

This is marked optional, but CFN doc states - "Recipes require a minimum of one build component" ?

[kumsmrit]

nit: Can also add:

* - For inline dockerfiles, this is the Dockerfile template text
* - For S3-backed dockerfiles, this is the S3 URL