We would like to ensure we are always running the latest version of the Amazon EC2 AMI to keep our OS running the latest security updates.
Currently to determine the latest release we are scraping http://aws.amazon.com/amazon-linux-ami/ but I am hoping there is either a mailing list or an API to determine new releases?
As this question is tagged ubuntu, I make the assumption this question is Ubuntu specific. Ubuntu's EC2 AMI Locator will tell you what is the latest AMI for every release, region, root device type ... This page uses https://cloud-images.ubuntu.com/locator/ec2/releasesTable which is in json which allow you do to it programatically.
Other AMI publishers may also have a way to retrieve latest AMI, fedora has this for example: http://fedoraproject.org/en/get-fedora#clouds, that isn't available as json, but still allows you to extract the latest AMI.
Amazon releases their Linux AMIs periodically in 6 months cycles (March and September), pretty much as Ubuntu does with their normal distributions. So, you have Amazon Linux AMIs for the last years coded 2014.03, 2013.9, 2013.3 and so on... and it's been a stable cycle since september 2011, when they switched to their continuously updated yum repo.
Also, if you purchase premium support, you will receive periodically a newsletter with AWS products, including the new Linux AMI releases.
Run the following shell script in cron once per week on your servers will always have the latest Amazon Linux AMI:
#!/bin/bash
YUM=/usr/bin/yum
$YUM -y -d 2 -e 0 update yum
$YUM -y -e 2 -d 0 update
http://en.wikipedia.org/wiki/Backporting
If you're paranoid, just update the yum command to report only.
You can also rollback changes if issues occur.
