Closed kverstr closed 5 months ago
Most of 10.2.x PAN-OS images were deprecated in AWS Marketplace because of CVE-2024-3400. Still you can use deprecated image, if you set include_deprecated_ami
to true
(by default its value is false
):
It's strongly advised to use the latest PAN-OS version 10.2.9-h1
, which contains required hotfixes for CVE-2024-3400. You can change PAN-OS version in variable vmseries_version
:
So you have 2 options (use deprecated image or new PAN-OS with hotfix) - is any of them acceptable by you ?
Hey,
Thanks for your prompt reply, I added the -h3
to the version and that's ok I guess.
Kr
Describe the bug
I was trying to redeploy our FWs, but I run into the issue that the datasource aws_ami that gets the correct AMI is failing. The query is returning no results.
I did some further digging and it seems that it's the name_regex
name_regex = "^PA-VM-AWS-${var.vmseries_version}-[[:alnum:]]{8}-([[:alnum:]]{4}-){3}[[:alnum:]]{12}$"
Looks like the normal releases have been removed and there's only hotfix AMI's available for V11.1.2. The following name_regex would fix the issue but then of course we would filter out the normal releases which is also not what you want...
name_regex = "^PA-VM-AWS-${var.vmseries_version}-[[:alnum:]]{2}-[[:alnum:]]{8}-[[:alnum:]]{4}-[[:alnum:]]{4}-[[:alnum:]]{4}-[[:alnum:]]{12}$"
Would removing the name_regex altogether cause issues or would that allow us to query for both the normal and hotfix releases?
Kr
Module Version
main
Terraform version
N/A
Expected behavior
The aws_ami datasource query should return the correct AMI's and use the latest one it gets back.
Current behavior
The aws_ami datasource is not returning any AMI's.
Anything else to add?
No response