Outdated AMIs in aws_two_tier terraform template

[jeffbrl]

I had to manually update the AMI ID for my region to launch the PA VM. Please update the AMIs.

[sharp99]

Were you expecting panos 9.0? I looked at the vars file and it seems to be referencing what looks like current 8.1 with byol licensing:

variable "PANFWRegionMap" { type = "map" default = { "us-west-2" = "ami-d424b5ac", "ap-northeast-1" = "ami-57662d31", "us-west-1" = "ami-a95b4fc9", "ap-northeast-2" = "ami-49bd1127", "ap-southeast-1" = "ami-27baeb5b", "ap-southeast-2" = "ami-00d61562", "eu-central-1" = "ami-55bfd73a", "eu-west-1" = "ami-a95b4fc9", "eu-west-2" = "ami-876a8de0", "sa-east-1" = "ami-9c0154f0", "us-east-1" = "ami-a2fa3bdf", "us-east-2" = "ami-11e1d774", "ca-central-1" = "ami-64038400", "ap-south-1" = "ami-e780d988" } }

https://docs.paloaltonetworks.com/compatibility-matrix/vm-series-firewalls/aws-cft-amazon-machine-images-ami-list/images-for-pan-os-8-1

[jeffbrl]

I'm expecting the AMIs to exist in the region. I can upgrade during the bootstrap process.

Am I overlooking something?

$ aws ec2 describe-images --image-ids ami-a2fa3bdf --region us-east-1
{
    "Images": []
}

$ aws ec2 describe-images --image-ids ami-876a8de0 --region eu-west-2
{
    "Images": []
}

[sharp99]

Interesting. This query will surface all palo alto images in a particular region and format into a table. Looks like the original AMI have changed. Might need more dynamic filter in the terraform code instead of statically referencing a particular AMI. I'll take a look later and see what I can come up with.

aws ec2 describe-images --owners 679593333241 --query 'sort_by(Images, &CreationDate)[*].[CreationDate,Name,ImageId,VirtualizationType]' --filters "Name=name,Values=PA-VM-AWS*" --region us-west-2 --output table

[sharp99]

I think the dynamic mapping might take a little while -- for now here's an updated static map. Will get a pull request submitted.

`data "aws_availability_zones" "available" {} variable "aws_region" {} variable "WebCIDR_Block" {} variable "PublicCIDR_Block" {} variable "MasterS3Bucket" {} variable "VPCName" {} variable "VPCCIDR" {} variable "ServerKeyName" {} variable "StackName" {} variable "fw_instance_size" {} variable "PANFWRegionMap" { type = "map" description = "panos byol 8.1.9.x version dated 08-14-2019" default = { "us-west-2" = "ami-01d3cf1cef1a0ad21", "ap-northeast-1" = "ami-09bd7cdf45d0d71cd", "us-west-1" = "ami-04729560f2c6ec8b4", "ap-northeast-2" = "ami-0adcb0cda3a791f03", "ap-southeast-1" = "ami-0bdecbb021a4d989e", "ap-southeast-2" = "ami-0ab6e099e1d1883a6", "eu-central-1" = "ami-023f9c215463e0822", "eu-west-1" = "ami-02cb9d170823ba747", "eu-west-2" = "ami-0466c0476b48f39dd", "sa-east-1" = "ami-0ecc83c824ea77377", "us-east-1" = "ami-058c36656fb0ee806", "us-east-2" = "ami-081445037ad293033", "ca-central-1" = "ami-09d8202b9a1ccdd5d", "ap-south-1" = "ami-07c3a22f080d7c830" } } variable "WebServerRegionMap" { type = "map" default = { "us-east-1" = "ami-1ecae776", "us-east-2" = "ami-c55673a0", "us-west-2" = "ami-e7527ed7", "us-west-1" = "ami-d114f295", "eu-west-1" = "ami-a10897d6", "eu-central-1" = "ami-a8221fb5", "ap-northeast-1" = "ami-cbf90ecb", "ap-southeast-1" = "ami-68d8e93a", "ap-southeast-2" = "ami-fd9cecc7", "sa-east-1" = "ami-b52890a8", "cn-north-1" = "ami-f239abcb" } }

variable "UbuntuRegionMap" { type = "map" description = "ubuntu xenial image version 16.04 dated 11-14-2019" default = { "us-west-2" = "ami-0bbe9b07c5fe8e86e", "ap-northeast-1" = "ami-014cc8d7cb6d26dc8", "us-west-1" = "ami-0c0e5a396959508b0", "ap-northeast-2" = "ami-004b3430b806f3b1a", "ap-southeast-1" = "ami-08b3278ea6e379084", "ap-southeast-2" = "ami-00d7116c396e73b04", "eu-central-1" = "ami-0062c497b55437b01", "eu-west-1" = "ami-0987ee37af7792903", "eu-west-2" = "ami-05945867d79b7d926", "sa-east-1" = "ami-0fb487b6f6ab53ff4", "us-east-1" = "ami-09f9d773751b9d606", "us-east-2" = "ami-0891395d749676c2e", "ca-central-1" = "ami-0086bcfbab4b22f60", "ap-south-1" = "ami-0f59afa4a22fad2f0" } }`

[sharp99]

Ok pull submitted. Will see what happens.

Brian