Skip to content

Commit 2462b0b

Browse files
pahudpahud
authored
feat(ec2): support using ssm parameter to resolve AMI ID at instance launch time (#26273)
Launch Template and EC2 instance support using SSM parameter to resolve the AMI ID at instance launch time(`resolve:ssm:parameter`) rather than the CFN deploy time(`CfnDynamicReference`). This PR introduces a new support for that. - [Using SSM Parameter with Autoscaling and Launch Template](https://docs.aws.amazon.com/autoscaling/ec2/userguide/using-systems-manager-parameters.html) - [Launch an instance using a Systems Manager parameter](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html#using-systems-manager-parameter-to-find-AMI) Remove `latestAmazonLinux2022()` from the integ test as it does not return any valid al2022 images anymore as described in #26274 Closes #24551 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent 1e33586 commit 2462b0b

File tree

11 files changed

+604
-287
lines changed

11 files changed

+604
-287
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.js.snapshot/cdk.out

+1-1
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
{"version":"31.0.0"}
1+
{"version":"32.0.0"}

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.js.snapshot/integ-ec2-machine-image-test.assets.json

+3-3
Original file line numberDiff line numberDiff line change
@@ -1,15 +1,15 @@
11
{
2-
"version": "31.0.0",
2+
"version": "32.0.0",
33
"files": {
4-
"09b19c98d056dc3ddd9d9852de04232c8c27cdfbb4aa83797c6f9e1e118068d5": {
4+
"fa6690179ed0aff2d045f19741af965ccdb151c74c58ea99393b00c3d47ceed9": {
55
"source": {
66
"path": "integ-ec2-machine-image-test.template.json",
77
"packaging": "file"
88
},
99
"destinations": {
1010
"current_account-current_region": {
1111
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
12-
"objectKey": "09b19c98d056dc3ddd9d9852de04232c8c27cdfbb4aa83797c6f9e1e118068d5.json",
12+
"objectKey": "fa6690179ed0aff2d045f19741af965ccdb151c74c58ea99393b00c3d47ceed9.json",
1313
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
1414
}
1515
}

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.js.snapshot/integ-ec2-machine-image-test.template.json

+113-32
Original file line numberDiff line numberDiff line change
@@ -617,10 +617,10 @@
617617
"amzn2InstanceRole3F1DBBD2"
618618
]
619619
},
620-
"al2022InstanceSecurityGroupD2B46A06": {
620+
"al2023InstanceSecurityGroupB018A9BC": {
621621
"Type": "AWS::EC2::SecurityGroup",
622622
"Properties": {
623-
"GroupDescription": "integ-ec2-machine-image-test/al2022/InstanceSecurityGroup",
623+
"GroupDescription": "integ-ec2-machine-image-test/al2023/InstanceSecurityGroup",
624624
"SecurityGroupEgress": [
625625
{
626626
"CidrIp": "0.0.0.0/0",
@@ -631,15 +631,15 @@
631631
"Tags": [
632632
{
633633
"Key": "Name",
634-
"Value": "integ-ec2-machine-image-test/al2022"
634+
"Value": "integ-ec2-machine-image-test/al2023"
635635
}
636636
],
637637
"VpcId": {
638638
"Ref": "Vpc8378EB38"
639639
}
640640
}
641641
},
642-
"al2022InstanceRole6711C818": {
642+
"al2023InstanceRoleECC2D6DD": {
643643
"Type": "AWS::IAM::Role",
644644
"Properties": {
645645
"AssumeRolePolicyDocument": {
@@ -657,36 +657,36 @@
657657
"Tags": [
658658
{
659659
"Key": "Name",
660-
"Value": "integ-ec2-machine-image-test/al2022"
660+
"Value": "integ-ec2-machine-image-test/al2023"
661661
}
662662
]
663663
}
664664
},
665-
"al2022InstanceProfileAA7ED3DD": {
665+
"al2023InstanceProfileAB8077E0": {
666666
"Type": "AWS::IAM::InstanceProfile",
667667
"Properties": {
668668
"Roles": [
669669
{
670-
"Ref": "al2022InstanceRole6711C818"
670+
"Ref": "al2023InstanceRoleECC2D6DD"
671671
}
672672
]
673673
}
674674
},
675-
"al20225AC492C0": {
675+
"al20231AC01FE4": {
676676
"Type": "AWS::EC2::Instance",
677677
"Properties": {
678678
"AvailabilityZone": "test-region-1a",
679679
"IamInstanceProfile": {
680-
"Ref": "al2022InstanceProfileAA7ED3DD"
680+
"Ref": "al2023InstanceProfileAB8077E0"
681681
},
682682
"ImageId": {
683-
"Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2022amikernel515x8664C96584B6F00A464EAD1953AFF4B05118Parameter"
683+
"Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter"
684684
},
685685
"InstanceType": "t3.nano",
686686
"SecurityGroupIds": [
687687
{
688688
"Fn::GetAtt": [
689-
"al2022InstanceSecurityGroupD2B46A06",
689+
"al2023InstanceSecurityGroupB018A9BC",
690690
"GroupId"
691691
]
692692
}
@@ -697,21 +697,30 @@
697697
"Tags": [
698698
{
699699
"Key": "Name",
700-
"Value": "integ-ec2-machine-image-test/al2022"
700+
"Value": "integ-ec2-machine-image-test/al2023"
701701
}
702702
],
703703
"UserData": {
704704
"Fn::Base64": "#!/bin/bash"
705705
}
706706
},
707707
"DependsOn": [
708-
"al2022InstanceRole6711C818"
708+
"al2023InstanceRoleECC2D6DD"
709709
]
710710
},
711-
"al2023InstanceSecurityGroupB018A9BC": {
711+
"AmiParameter": {
712+
"Type": "AWS::SSM::Parameter",
713+
"Properties": {
714+
"Type": "String",
715+
"Value": "ami-06ca3ca175f37dd66",
716+
"DataType": "aws:ec2:image",
717+
"Name": "myAmi"
718+
}
719+
},
720+
"ssmresolveinstanceInstanceSecurityGroupEACCDB27": {
712721
"Type": "AWS::EC2::SecurityGroup",
713722
"Properties": {
714-
"GroupDescription": "integ-ec2-machine-image-test/al2023/InstanceSecurityGroup",
723+
"GroupDescription": "integ-ec2-machine-image-test/ssm-resolve-instance/InstanceSecurityGroup",
715724
"SecurityGroupEgress": [
716725
{
717726
"CidrIp": "0.0.0.0/0",
@@ -722,15 +731,15 @@
722731
"Tags": [
723732
{
724733
"Key": "Name",
725-
"Value": "integ-ec2-machine-image-test/al2023"
734+
"Value": "integ-ec2-machine-image-test/ssm-resolve-instance"
726735
}
727736
],
728737
"VpcId": {
729738
"Ref": "Vpc8378EB38"
730739
}
731740
}
732741
},
733-
"al2023InstanceRoleECC2D6DD": {
742+
"ssmresolveinstanceInstanceRoleCC771AEF": {
734743
"Type": "AWS::IAM::Role",
735744
"Properties": {
736745
"AssumeRolePolicyDocument": {
@@ -748,36 +757,34 @@
748757
"Tags": [
749758
{
750759
"Key": "Name",
751-
"Value": "integ-ec2-machine-image-test/al2023"
760+
"Value": "integ-ec2-machine-image-test/ssm-resolve-instance"
752761
}
753762
]
754763
}
755764
},
756-
"al2023InstanceProfileAB8077E0": {
765+
"ssmresolveinstanceInstanceProfileAD70EB72": {
757766
"Type": "AWS::IAM::InstanceProfile",
758767
"Properties": {
759768
"Roles": [
760769
{
761-
"Ref": "al2023InstanceRoleECC2D6DD"
770+
"Ref": "ssmresolveinstanceInstanceRoleCC771AEF"
762771
}
763772
]
764773
}
765774
},
766-
"al20231AC01FE4": {
775+
"ssmresolveinstanceDC2C8573": {
767776
"Type": "AWS::EC2::Instance",
768777
"Properties": {
769778
"AvailabilityZone": "test-region-1a",
770779
"IamInstanceProfile": {
771-
"Ref": "al2023InstanceProfileAB8077E0"
772-
},
773-
"ImageId": {
774-
"Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter"
780+
"Ref": "ssmresolveinstanceInstanceProfileAD70EB72"
775781
},
782+
"ImageId": "resolve:ssm:myAmi",
776783
"InstanceType": "t3.nano",
777784
"SecurityGroupIds": [
778785
{
779786
"Fn::GetAtt": [
780-
"al2023InstanceSecurityGroupB018A9BC",
787+
"ssmresolveinstanceInstanceSecurityGroupEACCDB27",
781788
"GroupId"
782789
]
783790
}
@@ -788,27 +795,101 @@
788795
"Tags": [
789796
{
790797
"Key": "Name",
791-
"Value": "integ-ec2-machine-image-test/al2023"
798+
"Value": "integ-ec2-machine-image-test/ssm-resolve-instance"
792799
}
793800
],
794801
"UserData": {
795802
"Fn::Base64": "#!/bin/bash"
796803
}
797804
},
798805
"DependsOn": [
799-
"al2023InstanceRoleECC2D6DD"
806+
"ssmresolveinstanceInstanceRoleCC771AEF"
800807
]
808+
},
809+
"LTC4631592": {
810+
"Type": "AWS::EC2::LaunchTemplate",
811+
"Properties": {
812+
"LaunchTemplateData": {
813+
"ImageId": "resolve:ssm:myAmi",
814+
"InstanceType": "t3.nano",
815+
"TagSpecifications": [
816+
{
817+
"ResourceType": "instance",
818+
"Tags": [
819+
{
820+
"Key": "Name",
821+
"Value": "integ-ec2-machine-image-test/LT"
822+
}
823+
]
824+
},
825+
{
826+
"ResourceType": "volume",
827+
"Tags": [
828+
{
829+
"Key": "Name",
830+
"Value": "integ-ec2-machine-image-test/LT"
831+
}
832+
]
833+
}
834+
],
835+
"UserData": {
836+
"Fn::Base64": "#!/bin/bash"
837+
}
838+
},
839+
"TagSpecifications": [
840+
{
841+
"ResourceType": "launch-template",
842+
"Tags": [
843+
{
844+
"Key": "Name",
845+
"Value": "integ-ec2-machine-image-test/LT"
846+
}
847+
]
848+
}
849+
]
850+
}
851+
},
852+
"ASG46ED3070": {
853+
"Type": "AWS::AutoScaling::AutoScalingGroup",
854+
"Properties": {
855+
"MaxSize": "1",
856+
"MinSize": "1",
857+
"DesiredCapacity": "1",
858+
"LaunchTemplate": {
859+
"LaunchTemplateId": {
860+
"Ref": "LTC4631592"
861+
},
862+
"Version": {
863+
"Fn::GetAtt": [
864+
"LTC4631592",
865+
"LatestVersionNumber"
866+
]
867+
}
868+
},
869+
"VPCZoneIdentifier": [
870+
{
871+
"Ref": "VpcPrivateSubnet1Subnet536B997A"
872+
},
873+
{
874+
"Ref": "VpcPrivateSubnet2Subnet3788AAA1"
875+
},
876+
{
877+
"Ref": "VpcPrivateSubnet3SubnetF258B56E"
878+
}
879+
]
880+
},
881+
"UpdatePolicy": {
882+
"AutoScalingScheduledAction": {
883+
"IgnoreUnmodifiedGroupSizeProperties": true
884+
}
885+
}
801886
}
802887
},
803888
"Parameters": {
804889
"SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amikernel510hvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": {
805890
"Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
806891
"Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2"
807892
},
808-
"SsmParameterValueawsserviceamiamazonlinuxlatestal2022amikernel515x8664C96584B6F00A464EAD1953AFF4B05118Parameter": {
809-
"Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
810-
"Default": "/aws/service/ami-amazon-linux-latest/al2022-ami-kernel-5.15-x86_64"
811-
},
812893
"SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter": {
813894
"Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
814895
"Default": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64"

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.js.snapshot/integ.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"enableLookups": true,
3-
"version": "31.0.0",
3+
"version": "32.0.0",
44
"testCases": {
55
"integ-test/DefaultTest": {
66
"stacks": [

packages/@aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.js.snapshot/integtestDefaultTestDeployAssert24D5C536.assets.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
{
2-
"version": "31.0.0",
2+
"version": "32.0.0",
33
"files": {
44
"21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
55
"source": {

0 commit comments

Comments
 (0)