发表新帖
发表新帖

CloudFormation - always use latest AMI

后端 未结
关注
2 1479
不思量自难忘°
不思量自难忘° 2021-01-04 05:56

The blog post Query for the latest Amazon Linux AMI IDs using AWS Systems Manager Parameter Store | AWS Compute Blog describes how to always reference the latest version of

相关标签:
2条回答
  • 清歌不尽
    2021-01-04 06:56

    As @John Rotenstein said, SSM seems to only have Amazon Linux AMIs. But you can still get others with DescribeImages. You can then create a custom resource to query it for you and use the result as the AMI value.

    Resources:
  DescribeImagesRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Action: sts:AssumeRole
            Effect: Allow
            Principal:
              Service: lambda.amazonaws.com
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
      Policies:
        - PolicyName: DescribeImages
          PolicyDocument:
            Version: '2012-10-17'
            Statement:
              - Action: ec2:DescribeImages
                Effect: Allow
                Resource: "*"
  GetLatestAMI:
    Type: AWS::Lambda::Function
    Properties:
      Runtime: python3.6
      Handler: index.handler
      Role: !Sub ${DescribeImagesRole.Arn}
      Timeout: 60
      Code:
        ZipFile: |
          import boto3
          import cfnresponse
          import json
          import traceback

          def handler(event, context):
            try:
              response = boto3.client('ec2').describe_images(
                  Owners=[event['ResourceProperties']['Owner']],
                  Filters=[
                    {'Name': 'name', 'Values': [event['ResourceProperties']['Name']]},
                    {'Name': 'architecture', 'Values': [event['ResourceProperties']['Architecture']]},
                    {'Name': 'root-device-type', 'Values': ['ebs']},
                  ],
              )

              amis = sorted(response['Images'],
                            key=lambda x: x['CreationDate'],
                            reverse=True)
              id = amis[0]['ImageId']

              cfnresponse.send(event, context, cfnresponse.SUCCESS, {}, id)
            except:
              traceback.print_last()
              cfnresponse.send(event, context, cfnresponse.FAIL, {}, "ok")
  CentOSAmi:
    Type: Custom::FindAMI
    Properties:
      ServiceToken: !Sub ${GetLatestAMI.Arn}
      Owner: "679593333241"
      Name: "CentOS Linux 7 x86_64 HVM EBS *"
      Architecture: "x86_64"

    You would update the values in CentOSAmi so you can find the right AMI and then use the output with:

    ImageId: !Ref CentOSAmi
    0 讨论(0)
  • 隐瞒了意图╮
    2021-01-04 07:01

    Those parameter store AMI values appear to be hand-managed by AWS. I've only found references to:

    • Amazon Linux
    • Windows
    • ECS
    0 讨论(0)
 看不清?
提交回复
热议问题