Image Builder for CIS Windows Images

Question

Hi 
We have a Windows image builder pipeline that bakes latest OS images
With Windows it is easy to find the latest AMI:
Base IMage: windows-server-2016-english-full-base-x86
Version: x.x.x
We then build and arn in the image pipeline like this:
ParentImage: !Sub "arn:${AWS::Partition}:imagebuilder:${AWS::Region}:aws:image/${BaseImageName}/${BaseImageVersion}"
The current solution is based on CFN stacks
This works without any SSM parameter update via Lambda.

Now I want to create a pipeline for Windows cis image such as CIS Microsoft Windows Server 2016 Benchmark v2.0.0.2 - Level 1-b1776421-c8ab-411d-8a73-34f06d3ceadf

Is there an quick way to get the latest ami id of the CIS AMI for Windows without going through the SSM/Lambda path?
The image builder is to be scheduled every month and bake with the latest AMI.
Thanks

Answer

Hi, yes, it is possible to run a CLI command like the one below to obtain the latest image matching a given name:

```
aws ec2 describe-images --owners amazon --filters Name=platform,Values=windows --filters "Name=name,Values=Windows_Server*" | jq "[.Images[] | {ImageId: .ImageId ,Name: .Name, CreationDate: .CreationDate}] | sort_by(.CreationDate) | .[-1]"

{
  "ImageId": "ami-06277c3639439d32c",
  "Name": "Windows_Server-2022-English-Full-ECS_Optimized-2023.07.11",
  "CreationDate": "2023-07-17T16:58:12.000Z"
}

```

If you use an SDK instead of CLI, use same parameters as above adapted to your programming language of choice.

Best,

Didier

Image Builder for CIS Windows Images

Relevanter Inhalt