Closed ketzacoatl closed 4 years ago
changing the product code is not enough, search for images from official centOS and the unknown source with:
jose@Biribiri:~$ aws ec2 describe-images --filters Name=name,Values='CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-05713873c6794f575.4' --query 'sort_by(Images, &CreationDate)[-1]' --output json
{
"Architecture": "x86_64",
"CreationDate": "2019-01-30T23:43:37.000Z",
"ImageId": "ami-01ed306a12b7d1c96",
"ImageLocation": "aws-marketplace/CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-05713873c6794f575.4",
"ImageType": "machine",
"Public": true,
"OwnerId": "679593333241",
"ProductCodes": [
{
"ProductCodeId": "aw0evgkw8e5c1q413zgy5pjce",
"ProductCodeType": "marketplace"
}
],
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"DeleteOnTermination": false,
"SnapshotId": "snap-040d21883a90fad29",
"VolumeSize": 8,
"VolumeType": "gp2",
"Encrypted": false
}
}
],
"Description": "CentOS Linux 7 x86_64 HVM EBS ENA 1901_01",
"EnaSupport": true,
"Hypervisor": "xen",
"ImageOwnerAlias": "aws-marketplace",
"Name": "CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-05713873c6794f575.4",
"RootDeviceName": "/dev/sda1",
"RootDeviceType": "ebs",
"SriovNetSupport": "simple",
"VirtualizationType": "hvm"
}
jose@Biribiri:~$ aws ec2 describe-images --filters Name=name,Values='CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-691155db-037a-4082-81f2-6936b7091732-ami-07aeae1d312ef8dce.4' --query 'sort_by(Images, &CreationDate)[-1]' --output json
{
"Architecture": "x86_64",
"CreationDate": "2020-02-21T20:55:26.000Z",
"ImageId": "ami-07d0d231fae2220c7",
"ImageLocation": "aws-marketplace/CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-691155db-037a-4082-81f2-6936b7091732-ami-07aeae1d312ef8dce.4",
"ImageType": "machine",
"Public": true,
"OwnerId": "679593333241",
"ProductCodes": [
{
"ProductCodeId": "67xglex2rdpaymxh17620nfoy",
"ProductCodeType": "marketplace"
}
],
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"DeleteOnTermination": false,
"SnapshotId": "snap-08cc350e919d630bb",
"VolumeSize": 8,
"VolumeType": "gp2",
"Encrypted": false
}
}
],
"Description": "CentOS 7 (CentOS7) Minimal Install Gold AMI (Golden Image) Template",
"EnaSupport": true,
"Hypervisor": "xen",
"ImageOwnerAlias": "aws-marketplace",
"Name": "CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-691155db-037a-4082-81f2-6936b7091732-ami-07aeae1d312ef8dce.4",
"RootDeviceName": "/dev/sda1",
"RootDeviceType": "ebs",
"SriovNetSupport": "simple",
"VirtualizationType": "hvm"
}
the only way to differentiate the official ami from the unknown one is by either their descriptions or their ProductCodeId, adding it to the filter will solve the problem
jose@Biribiri:~$ aws ec2 describe-images --filters Name=name,Values='CentOS Linux 7 x86_64 HVM EBS ENA *' Name=product-code,Values='aw0evgkw8e5c1q413zgy5pjce' --query 'sort_by(Images, &CreationDate)[-1]' --output json
{
"Architecture": "x86_64",
"CreationDate": "2019-01-30T23:43:37.000Z",
"ImageId": "ami-01ed306a12b7d1c96",
"ImageLocation": "aws-marketplace/CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-05713873c6794f575.4",
"ImageType": "machine",
"Public": true,
"OwnerId": "679593333241",
"ProductCodes": [
{
"ProductCodeId": "aw0evgkw8e5c1q413zgy5pjce",
"ProductCodeType": "marketplace"
}
],
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"DeleteOnTermination": false,
"SnapshotId": "snap-040d21883a90fad29",
"VolumeSize": 8,
"VolumeType": "gp2",
"Encrypted": false
}
}
],
"Description": "CentOS Linux 7 x86_64 HVM EBS ENA 1901_01",
"EnaSupport": true,
"Hypervisor": "xen",
"ImageOwnerAlias": "aws-marketplace",
"Name": "CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-05713873c6794f575.4",
"RootDeviceName": "/dev/sda1",
"RootDeviceType": "ebs",
"SriovNetSupport": "simple",
"VirtualizationType": "hvm"
}
This is complete, TY for the updates!
We must pull an AMI from a reputable owner. For CentOS, that is either AWS or an official redhat/centos community entity. Update this as needed: https://github.com/fpco/terraform-aws-foundation/blob/master/modules/ami-centos/main.tf#L25