search

fpco / terraform-aws-foundation

Establish a solid Foundation on AWS with these modules for Terraform
MIT License
203 stars 99 forks source link

correct centos AMI owner #298

Closed ketzacoatl closed 4 years ago

ketzacoatl commented 4 years ago

We must pull an AMI from a reputable owner. For CentOS, that is either AWS or an official redhat/centos community entity. Update this as needed: https://github.com/fpco/terraform-aws-foundation/blob/master/modules/ami-centos/main.tf#L25

JoseD92 commented 4 years ago

changing the product code is not enough, search for images from official centOS and the unknown source with:

jose@Biribiri:~$ aws ec2 describe-images --filters Name=name,Values='CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-05713873c6794f575.4' --query 'sort_by(Images, &CreationDate)[-1]' --output json
{
    "Architecture": "x86_64",
    "CreationDate": "2019-01-30T23:43:37.000Z",
    "ImageId": "ami-01ed306a12b7d1c96",
    "ImageLocation": "aws-marketplace/CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-05713873c6794f575.4",
    "ImageType": "machine",
    "Public": true,
    "OwnerId": "679593333241",
    "ProductCodes": [
        {
            "ProductCodeId": "aw0evgkw8e5c1q413zgy5pjce",
            "ProductCodeType": "marketplace"
        }
    ],
    "State": "available",
    "BlockDeviceMappings": [
        {
            "DeviceName": "/dev/sda1",
            "Ebs": {
                "DeleteOnTermination": false,
                "SnapshotId": "snap-040d21883a90fad29",
                "VolumeSize": 8,
                "VolumeType": "gp2",
                "Encrypted": false
            }
        }
    ],
    "Description": "CentOS Linux 7 x86_64 HVM EBS ENA 1901_01",
    "EnaSupport": true,
    "Hypervisor": "xen",
    "ImageOwnerAlias": "aws-marketplace",
    "Name": "CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-05713873c6794f575.4",
    "RootDeviceName": "/dev/sda1",
    "RootDeviceType": "ebs",
    "SriovNetSupport": "simple",
    "VirtualizationType": "hvm"
}
jose@Biribiri:~$ aws ec2 describe-images --filters Name=name,Values='CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-691155db-037a-4082-81f2-6936b7091732-ami-07aeae1d312ef8dce.4' --query 'sort_by(Images, &CreationDate)[-1]' --output json
{
    "Architecture": "x86_64",
    "CreationDate": "2020-02-21T20:55:26.000Z",
    "ImageId": "ami-07d0d231fae2220c7",
    "ImageLocation": "aws-marketplace/CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-691155db-037a-4082-81f2-6936b7091732-ami-07aeae1d312ef8dce.4",
    "ImageType": "machine",
    "Public": true,
    "OwnerId": "679593333241",
    "ProductCodes": [
        {
            "ProductCodeId": "67xglex2rdpaymxh17620nfoy",
            "ProductCodeType": "marketplace"
        }
    ],
    "State": "available",
    "BlockDeviceMappings": [
        {
            "DeviceName": "/dev/sda1",
            "Ebs": {
                "DeleteOnTermination": false,
                "SnapshotId": "snap-08cc350e919d630bb",
                "VolumeSize": 8,
                "VolumeType": "gp2",
                "Encrypted": false
            }
        }
    ],
    "Description": "CentOS 7 (CentOS7) Minimal Install Gold AMI (Golden Image) Template",
    "EnaSupport": true,
    "Hypervisor": "xen",
    "ImageOwnerAlias": "aws-marketplace",
    "Name": "CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-691155db-037a-4082-81f2-6936b7091732-ami-07aeae1d312ef8dce.4",
    "RootDeviceName": "/dev/sda1",
    "RootDeviceType": "ebs",
    "SriovNetSupport": "simple",
    "VirtualizationType": "hvm"
}

the only way to differentiate the official ami from the unknown one is by either their descriptions or their ProductCodeId, adding it to the filter will solve the problem

jose@Biribiri:~$ aws ec2 describe-images --filters Name=name,Values='CentOS Linux 7 x86_64 HVM EBS ENA *' Name=product-code,Values='aw0evgkw8e5c1q413zgy5pjce' --query 'sort_by(Images, &CreationDate)[-1]' --output json
{
    "Architecture": "x86_64",
    "CreationDate": "2019-01-30T23:43:37.000Z",
    "ImageId": "ami-01ed306a12b7d1c96",
    "ImageLocation": "aws-marketplace/CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-05713873c6794f575.4",
    "ImageType": "machine",
    "Public": true,
    "OwnerId": "679593333241",
    "ProductCodes": [
        {
            "ProductCodeId": "aw0evgkw8e5c1q413zgy5pjce",
            "ProductCodeType": "marketplace"
        }
    ],
    "State": "available",
    "BlockDeviceMappings": [
        {
            "DeviceName": "/dev/sda1",
            "Ebs": {
                "DeleteOnTermination": false,
                "SnapshotId": "snap-040d21883a90fad29",
                "VolumeSize": 8,
                "VolumeType": "gp2",
                "Encrypted": false
            }
        }
    ],
    "Description": "CentOS Linux 7 x86_64 HVM EBS ENA 1901_01",
    "EnaSupport": true,
    "Hypervisor": "xen",
    "ImageOwnerAlias": "aws-marketplace",
    "Name": "CentOS Linux 7 x86_64 HVM EBS ENA 1901_01-b7ee8a69-ee97-4a49-9e68-afaee216db2e-ami-05713873c6794f575.4",
    "RootDeviceName": "/dev/sda1",
    "RootDeviceType": "ebs",
    "SriovNetSupport": "simple",
    "VirtualizationType": "hvm"
}
ketzacoatl commented 4 years ago

This is complete, TY for the updates!