By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

create new AMI only on updates

0

Hi AWS, I need to know how to figure out if there is any change on the EC2 instance, like installed some more software or done some upgradations and then only create the new AMI else not but that has to be done using CI/CD in my case GitHub Actions. This question is an extension to the question https://repost.aws/questions/QUMG7e6kufTQCvXv56XibpLg/ci-cd-for-ec2-amis.

I asked ChatGPT the same question and it came up with a complex setup just for this small change, i.e.

1. Install SSM Agent on EC2 Instances: Ensure that the SSM Agent is installed and running on your EC2 instances. This agent allows AWS Systems Manager to interact with your instances.

2. Create an SSM Automation Document: Create an SSM Automation Document that defines the actions you want to perform when triggered. For example, you can include steps to update software, apply patches, and perform configuration changes.

3. Set Up AWS Lambda Function: Create an AWS Lambda function that can be triggered by an AWS CloudWatch Events rule. This Lambda function will execute the SSM Automation Document on specific conditions.

4. Configure CloudWatch Events Rule: Create a CloudWatch Events rule that monitors EC2 instance changes, such as changes to instance tags, that indicate an update is required. Configure this rule to trigger the Lambda function when specific criteria are met.

5. Lambda Function Logic: In the Lambda function, use the AWS SDK (boto3 for Python, for example) to call AWS Systems Manager to start an SSM Automation execution for the selected EC2 instances.

6. GitHub Actions Workflow (Optional): If you wish to trigger the Lambda function from a GitHub Actions workflow, you can use the AWS CLI or AWS SDK to invoke the Lambda function with specific input parameters when there are updates in your GitHub repository.

Please guide

Topics
ComputeDevOps
Tags
Amazon EC2Amazon EC2 Auto ScalingDevOpsAmazon Machine Images (AMI)
Language
English
profile picture
Arjun Goel
asked 7 months ago468 views
1 Answer
1

Capturing changes made to a live instance and encapsulating them automatically into an AMI is not easy. The OS and applications are constantly making changes to the filesystem (storage) and it would be difficult to determine which changes are the result of intentional configuration/application modifications, and which are the result of normal housekeeping, application operations, etc.

So your choices are:

  1. Manually create a snapshot of the instance's EBS volumes after you make your intended changes, and register an AMI from those snapshots

  2. Best practice: Build your AMI using a reproducible, automated process that starts from scratch (a "base AMI"), installs all the necessary patches and applications, writes all the necessary configuration, then builds your custom AMI at the end. EC2 Image Builder and third-party applications like Hashicorp Packer can do this for you. Both can be integrated into GitHub Actions by running the appropriate commands in a Runner context.

AWS
EXPERT
MichaelFischer
answered 7 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content