Development tools environment


  1. AWS account that is a member of an AWS organization

  2. Install the AWS CLI and Configure CLI credentials

  3. Install the Attini CLI

  4. Setup/Configure the Attini framework with the following command:

attini setup --accept-license-agreement --create-deployment-plan-default-role --create-init-deploy-default-role --give-admin-access


This configuration gives Attini a lot of access so only do this in a sandbox account.


This solution generate some AWS Cost and it takes ca 5 min to clean up.


Many organizations have a “central” environment with CI/CD and maintenance recourses for their applications. In this example, we call this environment “devtools” because its setting up resources for the developers.

We will create 2 ECR repository’s and then set up 2 AWS EC2 Image Builders that will build images for the repository’s anytime some configuration changed and on a monthly schedule.

We will also create an AWS CodeBuild project that uses one of the images we just built.

Environment content

This example shows how to create 2 different images:

  • One application base image (golden image).

  • One build image which is used by AWS CodeBuild that can be used for CI/CD.

Resources needed:

  • S3 bucket that allows the whole AWS organization to get objects from it. (This one is not needed for the images but its a very common use case to have a central bucket for build artifacts, scripts, config etc)

  • Two ECR repository’s (one application base image and one build container for AWS CodeBuild) that are available to the whole AWS organization.

  • AWS CodeBuild project that uses the build containers.

  • EC2 Image Builders to keep the containers up to date.

EC2 Image Builder will have 2 CloudFormation stacks:

  1. EC2 Image Builder pipeline (generic template used by both images)

  2. EC2 Image Builder component (use-case specific template)

In addition to this, the image builder needs an IAM role (Instance profile) and a Security Group.

Work around for annoying configuration limitations in AWS EC2 Image Builder

The EC2 Image Builder components and recipes are immutable, which in it self is a good thing. However the way its implemented means that the DevOps engineer will have to update the version if he/she wants to update the configuration. This is not a problem if you work manually in the console, but if you configure the EC2 Image Builder via CloudFormation you have to remember to always bump the version in your config files every time you do a code change.

Hard to configure certain parts of the platform

We have built a lambda that will create a CloudFormation change-set on the CloudFormation stack and check if the EC2 Image Builder components or recipes will be replaced. If it will be replaced the lambda will generate a new patch version.

CloudFormation architecture


Deployment plan



Attini Merge is a function that will merge a list into an object. It is very useful when you use AWS StepFunction Parallel or Map steps. These types outputs a list with objects from all previous steps which is a bit painful to work with. So we created the AttiniMergeOutput to make this easier.

Deployment guide

  1. Clone the example repository:

git clone
  1. Deploy the distribution using the Attini CLI:

attini environment create test
attini deploy run example-devtools


Now we name the environment “test”, you can change this to any name you want. Keep in mind that it will effect the name of the CloudFormation stacks.

Verify the environment

  1. Go to CloudFormation and look at the newly created stacks

  2. Go the EC2 Image Builder and verify your pipeline runs

  3. When the EC2 Image Builder is done you can find the images in ECR

Clean up

Clean up is done using the AWS console.

  1. Empty the ECR repository’s from images

  2. Delete the CloudFormation stack test-application-base-image-builder

  3. Delete the CloudFormation stack test-application-base-image-component

  4. Delete the CloudFormation stack test-application-base-image-repository

  5. Delete the CloudFormation stack test-build-image-builder

  6. Delete the CloudFormation stack test-build-image-component

  7. Delete the CloudFormation stack test-build-images

  8. Delete the CloudFormation stack test-base-image-repository

  9. Delete the CloudFormation stack test-build-container-repository

  10. Delete the CloudFormation stack test-build-artifacts-bucket (the bucket must be empty before you delete the stack)

  11. Delete the CloudFormation stack test-build-systems-security-resources

  12. Delete the CloudFormation stack test-build-resources-init-deploy

If you want to remove the whole Attini framework, see Deleting/Clean up the Attini framework