aws-samples
diff --git a/‎API.md‎
Lines changed: 49 additions & 10 deletions b/‎API.md‎
Lines changed: 49 additions & 10 deletions
diff --git a/‎README.md‎
Lines changed: 33 additions & 9 deletions b/‎README.md‎
Lines changed: 33 additions & 9 deletions
diff --git a/‎src/index.ts‎
Lines changed: 36 additions & 16 deletions b/‎src/index.ts‎
Lines changed: 36 additions & 16 deletions
@@ -85,6 +85,7 @@ Any object.
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
 | <code><a href="#cdk-image-pipeline.ImagePipeline.property.node">node</a></code> | <code>constructs.Node</code> | The tree node. |
+| <code><a href="#cdk-image-pipeline.ImagePipeline.property.imageRecipeComponents">imageRecipeComponents</a></code> | <code>aws-cdk-lib.aws_imagebuilder.CfnImageRecipe.ComponentConfigurationProperty[]</code> | *No description.* |
 
 ---
 
@@ -100,6 +101,16 @@ The tree node.
 
 ---
 
+##### `imageRecipeComponents`<sup>Required</sup> <a name="imageRecipeComponents" id="cdk-image-pipeline.ImagePipeline.property.imageRecipeComponents"></a>
+
+```typescript
+public readonly imageRecipeComponents: ComponentConfigurationProperty[];
+```
+
+- *Type:* aws-cdk-lib.aws_imagebuilder.CfnImageRecipe.ComponentConfigurationProperty[]
+
+---
+
 
 ## Structs <a name="Structs" id="Structs"></a>
 
@@ -117,10 +128,12 @@ const imagePipelineProps: ImagePipelineProps = { ... }
 
 | **Name** | **Type** | **Description** |
 | --- | --- | --- |
-| <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.componentDocPath">componentDocPath</a></code> | <code>string</code> | Relative path to the Image Builder component document. |
-| <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.componentName">componentName</a></code> | <code>string</code> | Name of the Component. |
+| <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.componentDocuments">componentDocuments</a></code> | <code>string[]</code> | Relative path to Image Builder component documents. |
+| <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.componentNames">componentNames</a></code> | <code>string[]</code> | Names of the Component Documents. |
+| <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.componentVersions">componentVersions</a></code> | <code>string[]</code> | Versions for each component document. |
 | <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.imageRecipe">imageRecipe</a></code> | <code>string</code> | Name of the Image Recipe. |
 | <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.infraConfigName">infraConfigName</a></code> | <code>string</code> | Name of the Infrastructure Configuration for Image Builder. |
+| <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.kmsKeyAlias">kmsKeyAlias</a></code> | <code>string</code> | KMS Key used to encrypt the SNS topic. |
 | <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.parentImage">parentImage</a></code> | <code>string</code> | The source (parent) image that the image recipe uses as its base environment. |
 | <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.pipelineName">pipelineName</a></code> | <code>string</code> | Name of the Image Pipeline. |
 | <code><a href="#cdk-image-pipeline.ImagePipelineProps.property.profileName">profileName</a></code> | <code>string</code> | Name of the instance profile that will be associated with the Instance Configuration. |
@@ -133,27 +146,39 @@ const imagePipelineProps: ImagePipelineProps = { ... }
 
 ---
 
-##### `componentDocPath`<sup>Required</sup> <a name="componentDocPath" id="cdk-image-pipeline.ImagePipelineProps.property.componentDocPath"></a>
+##### `componentDocuments`<sup>Required</sup> <a name="componentDocuments" id="cdk-image-pipeline.ImagePipelineProps.property.componentDocuments"></a>
 
 ```typescript
-public readonly componentDocPath: string;
+public readonly componentDocuments: string[];
 ```
 
-- *Type:* string
+- *Type:* string[]
 
-Relative path to the Image Builder component document.
+Relative path to Image Builder component documents.
 
 ---
 
-##### `componentName`<sup>Required</sup> <a name="componentName" id="cdk-image-pipeline.ImagePipelineProps.property.componentName"></a>
+##### `componentNames`<sup>Required</sup> <a name="componentNames" id="cdk-image-pipeline.ImagePipelineProps.property.componentNames"></a>
 
 ```typescript
-public readonly componentName: string;
+public readonly componentNames: string[];
 ```
 
-- *Type:* string
+- *Type:* string[]
+
+Names of the Component Documents.
+
+---
+
+##### `componentVersions`<sup>Required</sup> <a name="componentVersions" id="cdk-image-pipeline.ImagePipelineProps.property.componentVersions"></a>
 
-Name of the Component.
+```typescript
+public readonly componentVersions: string[];
+```
+
+- *Type:* string[]
+
+Versions for each component document.
 
 ---
 
@@ -181,6 +206,20 @@ Name of the Infrastructure Configuration for Image Builder.
 
 ---
 
+##### `kmsKeyAlias`<sup>Required</sup> <a name="kmsKeyAlias" id="cdk-image-pipeline.ImagePipelineProps.property.kmsKeyAlias"></a>
+
+```typescript
+public readonly kmsKeyAlias: string;
+```
+
+- *Type:* string
+
+KMS Key used to encrypt the SNS topic.
+
+Enter an existing KMS Key Alias in your target account/region.
+
+---
+
 ##### `parentImage`<sup>Required</sup> <a name="parentImage" id="cdk-image-pipeline.ImagePipelineProps.property.parentImage"></a>
 
 ```typescript
 
@@ -16,7 +16,7 @@ This construct creates the required infrastructure for an Image Pipeline:
 
 - An EC2 Image Builder recipe defines the base image to use as your starting point to create a new image, along with the set of components that you add to customize your image and verify that everything is working as expected.
 
-- Image Builder uses the AWS Task Orchestrator and Executor (AWSTOE) component management application to orchestrate complex workflows. AWSTOE components are based on YAML documents that define the scripts to customize or test your image
+- Image Builder uses the AWS Task Orchestrator and Executor (AWSTOE) component management application to orchestrate complex workflows. AWSTOE components are based on YAML documents that define the scripts to customize or test your image. Support for multiple components.
 
 - Image Builder image pipelines provide an automation framework for creating and maintaining custom AMIs and container images.
 
@@ -47,14 +47,17 @@ import { Construct } from 'constructs';
 // ...
 // Create a new image pipeline with the required properties
 new ImagePipeline(this, "MyImagePipeline", {
-    componentDocPath: 'path/to/component_doc.yml',
-    componentName: 'MyComponent',
+    componentDocuments: ['component_example.yml', 'component_example_2.yml'],
+    componentNames: ['Component', 'Component2'],
+    componentVersions: ['0.0.1', '0.1.0'],
+    kmsKeyAlias: 'alias/my-key',
     profileName: 'ImagePipelineInstanceProfile',
     infraConfigName: 'MyInfrastructureConfiguration',
     imageRecipe: 'MyImageRecipe',
     pipelineName: 'MyImagePipeline',
     parentImage: 'ami-0e1d30f2c40c4c701'
 })
+// ...
 ```
 
 By default, the infrastructure configuration will deploy EC2 instances for the build/test phases into a default VPC using the default security group. If you want to control where the instances are launched, you can specify an existing VPC `SubnetID` and a list of `SecurityGroupIds`. In the example below, a new VPC is created and referenced in the `ImagePipeline` construct object.
@@ -93,8 +96,10 @@ const private_subnet = vpc.privateSubnets;
 
 
 new ImagePipeline(this, "MyImagePipeline", {
-    componentDocPath: 'path/to/component_doc.yml',
-    componentName: 'MyComponent',
+    componentDocuments: ['component_example.yml', 'component_example_2.yml'],
+    componentNames: ['Component', 'Component2'],
+    componentVersions: ['0.0.1', '0.1.0'],
+    kmsKeyAlias: 'alias/my-key',
     profileName: 'ImagePipelineInstanceProfile',
     infraConfigName: 'MyInfrastructureConfiguration',
     imageRecipe: 'MyImageRecipe',
@@ -103,6 +108,7 @@ new ImagePipeline(this, "MyImagePipeline", {
     securityGroups: [sg.securityGroupId],
     subnetId: private_subnet[0].subnetId,
 })
+// ...
 ```
 
 Python usage:
@@ -115,14 +121,17 @@ from constructs import Construct
 image_pipeline = ImagePipeline(
     self,
     "LatestImagePipeline",
-    component_doc_path="component_example.yml",
-    component_name="Comp4",
+    component_documents=["component_example.yml", "component_example2.yml"],
+    component_names=["Component", "Component2"],
+    component_versions=["0.0.1", "0.1.0"],
+    kms_key_alias="alias/my-key",
     image_recipe="Recipe4",
     pipeline_name="Pipeline4",
     infra_config_name="InfraConfig4",
     parent_image="ami-0e1d30f2c40c4c701",
     profile_name="ImagePipelineProfile4",
 )
+# ...
 ```
 
 ```python
@@ -163,8 +172,10 @@ priv_subnets = vpc.private_subnets
 image_pipeline = ImagePipeline(
     self,
     "LatestImagePipeline",
-    component_doc_path="component_example.yml",
-    component_name="Comp4",
+    component_documents=["component_example.yml", "component_example2.yml"],
+    component_names=["Component", "Component2"],
+    component_versions=["0.0.1", "0.1.0"],
+    kms_key_alias="alias/my-key",
     image_recipe="Recipe4",
     pipeline_name="Pipeline4",
     infra_config_name="InfraConfig4",
@@ -173,6 +184,7 @@ image_pipeline = ImagePipeline(
     security_groups=[sg.security_group_id],
     subnet_id=priv_subnets[0].subnet_id
 )
+# ...
 ```
 
 ### Component Documents
@@ -209,6 +221,18 @@ phases:
             - echo "Hello World! Test.
 ```
 
+### Multiple Components
+
+To specify multiple components, add additional component documents to the `componentDoucments` property. You can also add the names and versions of these components via the `componentNames` and `componentVersions` properties (_See usage examples above_). The components will be associated to the Image Recipe that gets created as part of the construct.
+
+Be sure to update the `imageRecipeVersion` property when making updates to your components after your initial deployment.
+
+### SNS Encryption using KMS
+
+---
+
+Specify an alias via the `kmsKeyAlias` property which will be used to encrypt the SNS topic.
+
 ### Infrastructure Configuration Instance Types
 
 ---
 
@@ -1,19 +1,24 @@
 import { readFileSync } from 'fs';
 import * as iam from 'aws-cdk-lib/aws-iam';
 import * as imagebuilder from 'aws-cdk-lib/aws-imagebuilder';
+import * as kms from 'aws-cdk-lib/aws-kms';
 import * as sns from 'aws-cdk-lib/aws-sns';
 import * as subscriptions from 'aws-cdk-lib/aws-sns-subscriptions';
 import { Construct } from 'constructs';
 
 export interface ImagePipelineProps {
   /**
-   * Relative path to the Image Builder component document
+   * Relative path to Image Builder component documents
    */
-  readonly componentDocPath: string;
+  readonly componentDocuments: string[];
   /**
-   * Name of the Component
+   * Names of the Component Documents
    */
-  readonly componentName: string;
+  readonly componentNames: string[];
+  /**
+   * Versions for each component document
+   */
+  readonly componentVersions: string[];
   /**
    * Name of the instance profile that will be associated with the Instance Configuration.
    */
@@ -38,6 +43,10 @@ export interface ImagePipelineProps {
    * The source (parent) image that the image recipe uses as its base environment. The value can be the parent image ARN or an Image Builder AMI ID
    */
   readonly parentImage: string;
+  /**
+   * KMS Key used to encrypt the SNS topic. Enter an existing KMS Key Alias in your target account/region.
+   */
+  readonly kmsKeyAlias: string;
   /**
    * List of instance types used in the Instance Configuration (Default: [ 't3.medium', 'm5.large', 'm5.xlarge' ])
    */
@@ -60,14 +69,20 @@ export interface ImagePipelineProps {
   readonly subnetId?: string;
 }
 
-
 export class ImagePipeline extends Construct {
+  imageRecipeComponents: imagebuilder.CfnImageRecipe.ComponentConfigurationProperty[];
   constructor(scope: Construct, id: string, props: ImagePipelineProps) {
     super(scope, id);
     let infrastructureConfig = null;
-    // Constuct code below
+    this.imageRecipeComponents = [];
+
+    // Construct code below
+    const kmsKey = kms.Key.fromLookup(this, 'KmsKeyLookup', {
+      aliasName: props.kmsKeyAlias,
+    });
     const topic = new sns.Topic(this, 'ImageBuilderTopic', {
       displayName: 'Image Builder Notify',
+      masterKey: kmsKey,
     });
 
     if (props.email != null) {
@@ -110,22 +125,27 @@ export class ImagePipeline extends Construct {
 
     infrastructureConfig.addDependsOn(profile);
 
-    const component = new imagebuilder.CfnComponent(this, 'Component', {
-      name: props.componentName,
-      platform: props.platform ?? 'Linux',
-      version: '1.0.0',
-      data: readFileSync(props.componentDocPath).toString(),
-    });
-
     const imageRecipe = new imagebuilder.CfnImageRecipe(this, 'ImageRecipe', {
-      components: [{
-        componentArn: component.attrArn,
-      }],
+      components: [],
       name: props.imageRecipe,
       parentImage: props.parentImage,
       version: props.imageRecipeVersion ?? '0.0.1',
     });
 
+    props.componentDocuments.forEach((document, index) => {
+      let component = new imagebuilder.CfnComponent(this, props.componentNames[index], {
+        name: props.componentNames[index],
+        platform: props.platform ?? 'Linux',
+        version: props.componentVersions[index] ?? '0.0.1',
+        data: readFileSync(document).toString(),
+      });
+
+      // add the component to the Image Recipe
+      this.imageRecipeComponents.push({ componentArn: component.attrArn });
+      imageRecipe.components = this.imageRecipeComponents;
+    });
+
+
     new imagebuilder.CfnImagePipeline(this, 'ImagePipeline', {
       infrastructureConfigurationArn: infrastructureConfig.attrArn,
       name: props.pipelineName,