How to script AWS AppStream 2.0 ImageBuilder

Andrew • Nov 16, 2021 • AWS

1 min read 271 words

AppStream (2.0) is a fully managed non-persistent desktop and application service for remotely accessing your work.

The ImageBuilder forms the first stage in the creation and definition of an image that can be used to stream.

You can use the AWS CLI to initiate the creation of an image in ImageBuilder:

aws appstream create-image-builder \
  --name <name> \
  --image-name <image_name> \
  --instance-type <instance_type> \
  --vpc-config SubnetIds=<subnet_ids>,SecurityGroupIds=<security_group_ids> \
  --iam-role-arn <iam_role_arn> \
  --enable-default-internet-access

Swap out the above items with your own values:

<name> = “org-image-name”
<image_name> = “AppStream-WinServer2019-10-08-2021”
<instance_type> = stream.standard.small
<subnet_ids> = subnet-xxxxxxxxxxxx1234
<security_group_ids> = sg-xxxxxxxxxxxx1234
<iam_role_arn> = arn:aws:iam::xxxxxxxx1234:role/SomeRoleName

How to create the role

For the Permissions, you will need to add policy definitions of the services this instance will call out to. This could include AmazonS3FullAccess, AmazonFSxFullAccess and AmazonAppStreamServiceAccess as an example.

Additionally, it is important to make sure the trust relationship is set to appstream.amazonaws.com. A policy trust relationship would look something like this:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "appstream.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

How to Join an Active Directory Domain on Creation

If you would like to join an Active Directory Domain on creation, then you will also need to pass the --domain-join-info flag to the create-image-builder command above.

This can be done as follows:

<meta charset="utf-8">aws appstream create-image-builder \
  --name <name> \
  --image-name <image_name> \
  --instance-type <instance_type> \
  --vpc-config SubnetIds=<subnet_ids>,SecurityGroupIds=<security_group_ids> \
  --iam-role-arn <iam_role_arn> \
  --domain-join-info '{"DirectoryName": "<directory>","OrganizationalUnitDistinguishedName": "<OU>"}' \
  --enable-default-internet-access

The <directory> and <OU> need to be created and configured in the DirectoryConfig section of AppStream.

An example value of the above could be:

--domain-join-info '{"DirectoryName": "your.cloud","OrganizationalUnitDistinguishedName": "OU=Computers,OU=yourcloud,DC=your,DC=cloud"}'

Tags: AWS

Andrew

Andrew is a visionary software engineer and DevOps expert with a proven track record of delivering cutting-edge solutions that drive innovation at Ataiva.com. As a leader on numerous high-profile projects, Andrew brings his exceptional technical expertise and collaborative leadership skills to the table, fostering a culture of agility and excellence within the team. With a passion for architecting scalable systems, automating workflows, and empowering teams, Andrew is a sought-after authority in the field of software development and DevOps.

How to script AWS AppStream 2.0 ImageBuilder

How to create the role

How to Join an Active Directory Domain on Creation

Andrew

Tags

Recent Posts

AI Governance Frameworks: Building Responsible AI Systems

Microservices Monitoring Strategies: Observability in Distributed Systems

Rust's Standard Library: Essential Tools for Every Project

Quantum Computing in Distributed Systems: Preparing for the Quantum Future

Incident Management for SRE: Building Resilient Response Systems

Building Fault-Tolerant Distributed Systems: Strategies and Patterns

Macros in Rust: Metaprogramming Made Simple

Rust for Blockchain in 2025: Libraries, Tools, and Best Practices

API Security Best Practices: Protecting Your Digital Interfaces

Cloud Performance Tuning Tips: Optimizing for Speed, Scale, and Cost

Rust's Memory Safety Guarantees: How the Compiler Protects Your Code

LLM Production Deployment: Architectures, Strategies, and Best Practices

Rust for Robotics in 2025: Libraries, Tools, and Best Practices

Concurrency in Rust: Fearless Parallelism

Data Partitioning Strategies in Distributed Systems

Case Study: How We Cut Cloud Costs by 30% Without Sacrificing Performance

Lifetimes in Rust: Managing References Safely

Rust for Computer Vision in 2025: Libraries, Tools, and Best Practices

Blockchain in Enterprise Distributed Systems: Beyond Cryptocurrencies

Infrastructure as Code Best Practices: Beyond the Basics

How to script AWS AppStream 2.0 ImageBuilder

How to create the role

How to Join an Active Directory Domain on Creation

Share this article:

Related Articles

Tags

Recent Posts