jeremymcgee73
commented
2 months ago We are doing something very similar, this would be a great feature to add to Image Builder.
Open mjvirt opened 1 year ago
jeremymcgee73
commented
2 months ago We are doing something very similar, this would be a great feature to add to Image Builder.
Community Note
Tell us about your request We need to add hardening to our EKS AMIs before we can use them. We would like base images for EKS Optimized AMIs so that we can rely on x.x.x to pick up the latest EKS Optimized AMI for a particular EKS/Kubernetes version (1.23, 1.24 ,...). From the table here: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
Currently, several image types are provided as base images by EC2 Image Builder. This includes e.g.
amazon-linux-2-ecs-optimized-*images. But EKS Optimized AMI's are not available.As SSM parameters are not yet an option (https://github.com/aws/ec2-image-builder-roadmap/issues/67) only way to update to pick up the latest EKS Optimized AMI is regularly by creating a new pipeline recipe and the AMI id.
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We use CDK/Cloudformation to deploy our EC2 Image Builder pipelines to harden various Linux and Windows flavours. We have many pipelines. The EKS AMI's are currently the only ones where we need to keep an eye on the latest provided EKS Optimized AMI and then update the EC2 Image Builder pipeline.
Are you currently working around this issue? We are currently manually keeping an eye on new EKS Optimized AMI versions here: https://github.com/awslabs/amazon-eks-ami/blob/master/CHANGELOG.md. Then when there are new versions we need to make pipeline recipe changes, bump the recipe version, deploy the pipeline and then manually run the pipeline to create the first hardened EKS Optimized AMI.