Closed satya-dillikar closed 1 year ago
I have tested the below AWS SSM CLI and Cloud-formation template
@tlindsay42 , Is it okay to replace hard-corded AMI values for US2204HVM with /aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id
SSM CLI:
aws ssm get-parameters --names /aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id --region us-east-2
{
"Parameters": [
{
"Name": "/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id",
"Type": "String",
"Value": "ami-03ba6c40a876f6ed6",
"Version": 15,
"LastModifiedDate": "2022-11-01T11:25:46.059000-07:00",
"ARN": "arn:aws:ssm:us-east-2::parameter/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id",
"DataType": "aws:ec2:image"
}
],
"InvalidParameters": []
}
CFT template for the same
AWSTemplateFormatVersion: 2010-09-09
Description: >-
AWS CloudFormation template
Parameters:
LatestAmiId:
Description: >-
LatestAmiId
Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
Default: /aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id
Resources:
NullResource:
Type: AWS::CloudFormation::WaitConditionHandle
Mappings:
AwsAmiRegionMap:
us-east-2:
US2204HVM: '{{resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/amd64/hvm/ebs-gp2/ami-id}}'
WS2022FullBase: '{{resolve:ssm:/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-Base}}'
Outputs:
LatestAmiId:
Description: >-
LatestAmiId
Value: !Ref LatestAmiId
WindowsImageId:
Description: >-
WindowsImageId
Value: !FindInMap [AwsAmiRegionMap, !Ref AWS::Region, WS2022FullBase]
UbuntuImageId:
Description: >-
UbuntuImageId
Value: !FindInMap [AwsAmiRegionMap, !Ref AWS::Region, US2204HVM]
In past, you have shared Bash Script to pull the latest AMI
#!/bin/bash
for r in $(aws ec2 describe-regions --query 'Regions | sort_by([], &RegionName) | [].RegionName' --output text)
do
printf " ${r}:\n"
for a in 'US2204HVM'
do
case "${a}" in
'US2204HVM')
IMAGE_FILTER="ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-amd64-server-????????*"
OWNER='099720109477,513442679011,837727238323'
;;
esac
ami=$(aws ec2 describe-images --query 'Images[*].[ImageId][0][0]' --filters "Name=name,Values='${IMAGE_FILTER}'" "Name=owner-id,Values=${OWNER}" --region ${r} --output text)
printf " ${a}: ${ami}\n"
done
done
@tlindsay42 , I am not sure about how to get the above OWNER Ids
Update VMwareLinuxBastionInstance EC2 AMI affected by the recent OpenSSL security vulnerability CVE-2022-3786 & CVE-2022-3602
More info: https://www.openssl.org/news/secadv/20221101.txt https://ubuntu.com/security/CVE-2022-3786 https://ubuntu.com/security/CVE-2022-3602
This work is the enhancement of PR-115