Automate updates to ECS Optimized AMIs
PaulMaddox opened this issue · 8 comments
Currently this is a manual process, and normally kind members of the community will submit a pull request updating the AMI identifiers in the infrastructure/ecs-cluster.yaml file.
We should either:
-
Use AWS CodeBuild to check for the latest AMIs for each region, and automatically open a pull request for the changes. I've done similar in another project (awslabs/goformation) before and it's worked well.
-
Replace the hardcoded AMIs in the CloudFormation templates with a custom resource that looks up the latest AMI for the region.
I think option 1 would be preferable, as i'm not sure CloudFormation update-stack evaluates the result of custom resources, so would not update stacks properly when the AMIs change.
FWIW I got tired of updating the AMI list by hand, and am now using this little Python script to generate the mapping:
#! ./venv/bin/python3
#
# python -m venv .venv
# .venv/bin/pip install lxml requests cssselect
# .venv/bin/python ecs-dump
from lxml import html
import requests
url = 'https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html'
page = requests.get(url)
tree = html.fromstring(page.content)
regions = [e.text_content() for e in tree.cssselect('tr td:nth-child(1) code')]
amis = [e.text_content() for e in tree.cssselect('tr td:nth-child(3)')]
version = tree.cssselect('table tr:nth-child(2) td:nth-child(2)')[0].text_content()
print(' # Current AMI version: %s' % version)
print(' AWSRegionToAMI:')
for (region, ami) in sorted(zip(regions, amis)):
print(' %s:' % region)
print(' AMI: %s' % ami)@PaulMaddox : what about using Lambda to check the actual AMI ?
This just got much easier:
Amazon ECS provides ECS-Optimized AMI metadata via SSM Parameters
Amazon Elastic Container Service (Amazon ECS) now allows you to dynamically get the latest ECS-optimized Amazon Machine Image (AMI) ID when creating a cluster made up of EC2 instances
CloudFormation supports pulling parameters directly from SSM Parameter Store.
@PaulMaddox Neat! I am wondering if using that should be considered a best practice. My experience has been that the a-c releases of an image series tend to be quite unstable, so upgrading automatically can be dangerous.
Is there any API to get latest AMI per region? ECS AMI ID is a parameter from my customized CFN so if there is an API to get the latest AMI for ECS, it'd be great.