2

So we are trying to frequently build images and update them to our launch configs, and we want our launch configs to always use the latest AMI (Amazon Machine Image).

And of course we want want all this to happen in an automated fashion.

We are trying to find out how to best automate so ASG (Auto Sacling Group) will use latest AMI.

One valid approach here is to have a Lambda apply the latest AMI to the launch configs.

Is there a way where automatically our launch configs would just know to use the latest AMI, would launch templates make this possible?

We don't want to have to use a lambda if possible.

And also if launch templates make this possible. What are suggestions to roll back to previous version in case of a bad AMI.

edmamerto
  • 7,605
  • 11
  • 42
  • 66

3 Answers3

2

Both launch templates and launch configurations are immutable. Once you create them, there is no way to change them so the answer is no, you can't reference variable AMI parameter in any of those which means that you need to build a new launch configuration/template with new (latest) version of AMI of your choice.

There are ways to pull this information from SSM and, for example, reference it in CF template without the need of Lambda function.

Parameters:
  LatestAmiId:
    Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
    Default: '/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2'

Resources:
 Instance:
    Type: 'AWS::EC2::Instance'
    Properties:
      ImageId: !Ref LatestAmiId

but this will take effect only when you are building the stack. Once the stack is running, you are stuck with whatever version was the latest one during launch.

Matus Dubrava
  • 13,637
  • 2
  • 38
  • 54
0

An approach we intend to evaluate is to take the AMI ID from out build pipeline and inject that into the deployment repo which has its own pipeline.

We already do this for tagging of commits with the build ID, so ... in theory ... maybe ... this will work for us.

Richard A Quadling
  • 3,769
  • 30
  • 40
0

You can configure your launch template to use SSM parameters - https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/create-launch-template.html#use-an-ssm-parameter-instead-of-an-ami-id

There are public SSM parameters for AMIs for many popular distributions - https://docs.aws.amazon.com/systems-manager/latest/userguide/parameter-store-public-parameters-ami.html

You will still likely need to find a way to recycle/refresh your ASG.

tgoodhart
  • 3,111
  • 26
  • 37