Automate ISE EKS Image copies from/to accounts/regions

[nickumia-reisys]

User Story

In order to relieve the manual toil of coping AMIs from one account/region to another, the data.gov team wants to implement an automated process for this action.

Acceptance Criteria

[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]

• [ ] GIVEN [a contextual precondition] \ [AND optionally another precondition] \ WHEN [a triggering event] happens \ THEN [a verifiable outcome] \ [AND optionally another verifiable outcome]

Background

Discussion surrounding https://github.com/GSA/data.gov/issues/3668#issuecomment-1081107533

That process should be a candidate for automation in the future... Jeremy said in the email thread that they only maintain/share the most recent two releases.

Also, https://github.com/GSA/data.gov/issues/3668#issuecomment-1082446546

Useful for this, can be driven from the CLI (and hence GitHub Actions): https://aws.amazon.com/blogs/mt/managing-aws-resources-across-multiple-accounts-and-regions-using-aws-systems-manager-automation/

Security Considerations (required)

[Any security concerns that might be implicated in the change. "None" is OK, just be explicit here!]

Sketch

[Notes or a checklist reflecting our understanding of the selected approach]

[jbrown-xentity]

https://github.com/GSA/data.gov/wiki/Operation-and-Maintenance-Responsibilities#apply-new-amis

[hkdctol]

ISE creates AMIs. We need to find POC. They were able to copy AMI to one of our accounts (SSB production, USEast1, and we copied to USWest2), to use AMI in all accounts (dev, staging), all regions. (The last one we got is in 2022). First step is re-engaging with ISE team. There could be new releases.

[nickumia-reisys]

This is the form to request the GSA ISE AMI.

Revived from

• https://github.com/GSA/data.gov/issues/3668