search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.61k stars 3.91k forks source link

(aws-ec2): Support Amazon Linux 2023 as a first-class option for BastionHostLinux #29493

Open blimmer opened 7 months ago

blimmer commented 7 months ago

Describe the feature

Today, the excellent BastionHostLinux construct defaults to an Amazon Linux 2 base image: https://github.com/aws/aws-cdk/blob/fac4a9c23f8e9090b3dc7e26a8306d3a8034b4c9/packages/aws-cdk-lib/aws-ec2/lib/bastion-host.ts#L63-L69

However, Amazon Linux 2 will hit end of life in June 2025.

I see that I can pass my own MachineImage, but it'd be nice if there was a first-class flag to opt-in.

Use Case

It'd be nice to still be able to use BastionHostLinux, but use the newer Amazon Linux so I don't have to worry about upgrading next year.

Proposed Solution

It'd probably be a good idea to introduce a new feature flag and plan to automatically opt people into Amazon Linux 2023 on the next major version.

Other Information

No response

Acknowledgements

CDK version used

2.132.1

Environment details (OS name and version, etc.)

macOS sonoma

pahud commented 7 months ago

I support that but changing the default image would cause breaking changes and the deployed bastion hosts would be replaced. I guess we probably need a feature flag in this case. Need input and ack from the maintainers.

We welcome and appreciate PRs for this. Are you interested to submit a PR for it?

blimmer commented 7 months ago

It looks like it'd be as simple as just updating this line to use a different machine image: https://github.com/aws/aws-cdk/blob/1c829308205fd5d4cd1f11ecba041fb35213d8f1/packages/aws-cdk-lib/aws-ec2/lib/bastion-host.ts#L183-L185

So it seems like people could just pass 2023 as their image: https://github.com/aws/aws-cdk/blob/1c829308205fd5d4cd1f11ecba041fb35213d8f1/packages/aws-cdk-lib/aws-ec2/lib/machine-image/machine-image.ts#L64-L78

So the real question is "can/should we feature flag this as a new default?". I understand that it'd be a breaking change, but that's kinda the point of feature flags. There's a pattern for this with other deprecations like this. Since AmazonLinux2 goes EOL in about 1 year, people are going to have to think about this anyway.

If I can get validation that changing this default via a feature flag is acceptable, I could make the PR.