本文更新于2023年8月,加入了Amazon Linux 2023的查询方法
一、背景
在CloudFormation中,如果采用hardcode方式嵌入了当前的AMI ID,那么在未来一段时间AMI版本升级后,旧的版本就会过期,导致新创建的环境都必须再次运行yum update进行版本升级。同时,当AMI版本达到一定时间后,因为版本较旧存在安全隐患,可能会下架无法调用,这时候CloudFormation就失效了不能在运行。由此,需要一个在CloudFormation中能使用调用到最新AMI的办法。
本文将分别介绍在AWS CLI下调用最新AMI ID和在CloudFormation中调用System Manager查询的方法。
二、使用AWSCLI获取Amazon Linux最新的AMI ID
本章节为Amazon Linux 2/2023系统的查询方法,查询Windows系统最新AMI请参考下一个章节。
1、使用AWSCLI查询Amazon Linux 2系统的AMI ID
首先安装并配置AWS CLI,设置了正确的Region和Access Key后,可以开始操作。以查询Amazon Linux 2系统为例。
执行如下命令显示所有AMI(注意区分当前CLI调用的Region):
aws ec2 describe-images --owners amazon --filters "Name=name,Values=amzn*" --query 'sort_by(Images, &CreationDate)[].Name' | sort返回结果部分节选如下:
"amzn2-ami-kernel-5.10-hvm-2.0.20230612.0-arm64-gp2",
"amzn2-ami-kernel-5.10-hvm-2.0.20230612.0-x86_64-ebs",
"amzn2-ami-kernel-5.10-hvm-2.0.20230612.0-x86_64-gp2",
"amzn2-ami-kernel-5.10-hvm-2.0.20230628.0-arm64-gp2",
"amzn2-ami-kernel-5.10-hvm-2.0.20230628.0-x86_64-ebs",
"amzn2-ami-kernel-5.10-hvm-2.0.20230628.0-x86_64-gp2",
"amzn2-ami-kernel-5.10-hvm-2.0.20230719.0-arm64-gp2",
"amzn2-ami-kernel-5.10-hvm-2.0.20230719.0-x86_64-ebs",
"amzn2-ami-kernel-5.10-hvm-2.0.20230719.0-x86_64-gp2",
"amzn2-ami-kernel-5.10-hvm-2.0.20230727.0-arm64-gp2",
"amzn2-ami-kernel-5.10-hvm-2.0.20230727.0-x86_64-ebs",
"amzn2-ami-kernel-5.10-hvm-2.0.20230727.0-x86_64-gp2",
"amzn2-ami-kernel-5.10-hvm-2.0.20230808.0-arm64-gp2",
"amzn2-ami-kernel-5.10-hvm-2.0.20230808.0-x86_64-ebs",
"amzn2-ami-kernel-5.10-hvm-2.0.20230808.0-x86_64-gp2",从中可以看到,名为x86_64的是基于Intel Xeon处理器的EC2 AMI,名称带有arm64的是适合Graviton2的AMI。以当前为例,我们将使用 amzn2-ami-kernel-5.10-hvm-2.0.20230808.0-x86_64-gp2 创建EC2。
接下来执行如下命令查询完整的AMI信息。
aws ec2 describe-images --owners amazon --filters "Name=name,Values=amzn2-ami-kernel-5.10-hvm-2.0.20230808.0-x86_64-gp2"由此将输入完整的AMI信息如下。
{
"Images": [
{
"Architecture": "x86_64",
"CreationDate": "2023-08-08T18:01:32.000Z",
"ImageId": "ami-02bfb7ab7fbe1bd32",
"ImageLocation": "amazon/amzn2-ami-kernel-5.10-hvm-2.0.20230808.0-x86_64-gp2",
"ImageType": "machine",
"Public": true,
"OwnerId": "137112412989",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": true,
"SnapshotId": "snap-070ea36e38078354d",
"VolumeSize": 8,
"VolumeType": "gp2",
"Encrypted": false
}
}
],
"Description": "Amazon Linux 2 Kernel 5.10 AMI 2.0.20230808.0 x86_64 HVM gp2",
"EnaSupport": true,
"Hypervisor": "xen",
"ImageOwnerAlias": "amazon",
"Name": "amzn2-ami-kernel-5.10-hvm-2.0.20230808.0-x86_64-gp2",
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SriovNetSupport": "simple",
"VirtualizationType": "hvm",
"DeprecationTime": "2025-06-30T00:00:00.000Z"
}
]
}在以上返回信息中,ImageId": "ami-0fabc2ef286ed7b51" 就是在本Region开通Graviton2处理器的EC2所需要的AMI ID。
2、使用AWSCLI查询Amazon Linux 2023系统的AMI ID
执行如下命令:
aws ec2 describe-images --owners amazon --filters "Name=name,Values=al2023*" --query 'sort_by(Images, &CreationDate)[].Name' | sort获得输出结果,节选如下:
"al2023-ami-2023.1.20230629.0-kernel-6.1-arm64",
"al2023-ami-2023.1.20230629.0-kernel-6.1-x86_64",
"al2023-ami-2023.1.20230705.0-kernel-6.1-arm64",
"al2023-ami-2023.1.20230705.0-kernel-6.1-x86_64",
"al2023-ami-2023.1.20230719.0-kernel-6.1-arm64",
"al2023-ami-2023.1.20230719.0-kernel-6.1-x86_64",
"al2023-ami-2023.1.20230725.0-kernel-6.1-arm64",
"al2023-ami-2023.1.20230725.0-kernel-6.1-x86_64",
"al2023-ami-2023.1.20230809.0-kernel-6.1-arm64",
"al2023-ami-2023.1.20230809.0-kernel-6.1-x86_64",以Graviton处理器的ARM机型为例,再次运行查询命令获取详情:
aws ec2 describe-images --owners amazon --filters "Name=name,Values=al2023-ami-2023.1.20230809.0-kernel-6.1-arm64"返回详情信息如下:
{
"Images": [
{
"Architecture": "arm64",
"CreationDate": "2023-08-07T22:54:42.000Z",
"ImageId": "ami-0c4d2cd18c3005f99",
"ImageLocation": "amazon/al2023-ami-2023.1.20230809.0-kernel-6.1-arm64",
"ImageType": "machine",
"Public": true,
"OwnerId": "137112412989",
"PlatformDetails": "Linux/UNIX",
"UsageOperation": "RunInstances",
"State": "available",
"BlockDeviceMappings": [
{
"DeviceName": "/dev/xvda",
"Ebs": {
"DeleteOnTermination": true,
"Iops": 3000,
"SnapshotId": "snap-06aa1ef9177c5f4d7",
"VolumeSize": 8,
"VolumeType": "gp3",
"Throughput": 125,
"Encrypted": false
}
}
],
"Description": "Amazon Linux 2023 AMI 2023.1.20230809.0 arm64 HVM kernel-6.1",
"EnaSupport": true,
"Hypervisor": "xen",
"ImageOwnerAlias": "amazon",
"Name": "al2023-ami-2023.1.20230809.0-kernel-6.1-arm64",
"RootDeviceName": "/dev/xvda",
"RootDeviceType": "ebs",
"SriovNetSupport": "simple",
"VirtualizationType": "hvm",
"BootMode": "uefi",
"DeprecationTime": "2023-11-05T22:55:00.000Z",
"ImdsSupport": "v2.0"
}
]
}由此就可以看到AMI的详情了。
三、通过System Manager获取最新AMI的Path以供CloudFormation使用
1、查询Amazon Linux 2/2023系统的AMI在System Manager中Parameters的Path
首先在命令行下获取所有AMI清单。
aws ssm get-parameters-by-path --path "/aws/service/ami-amazon-linux-latest" --query 'Parameters[*].Name' | sort输出结果如下:
"/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64",
"/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64",
"/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-arm64",
"/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-default-x86_64",
"/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-arm64",
"/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-6.1-x86_64",
"/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-arm64",
"/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64",
"/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-ebs",
"/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-gp2",
"/aws/service/ami-amazon-linux-latest/amzn-ami-hvm-x86_64-s3",
"/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-ebs",
"/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-hvm-x86_64-s3",
"/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-ebs",
"/aws/service/ami-amazon-linux-latest/amzn-ami-minimal-pv-x86_64-s3",
"/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-ebs",
"/aws/service/ami-amazon-linux-latest/amzn-ami-pv-x86_64-s3",
"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2",
"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs",
"/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2",
"/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2",
"/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs",
"/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2",
"/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs",
"/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs"以Graviton ARM处理器为例,在这个清单中/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64是Amazon Linux 2023的系统参数,/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2是Amazon Linux 2的系统参数。Intel处理器架构为x86_64可以由此类推。
2、查询Windos Server操作系统的AMI在System Manager中Parameters的Path
如果需要查询Windows的AMI,命令如下:
aws ssm describe-parameters --parameter-filters "Key=Name, Option=BeginsWith, Values=/aws/service/ami-windows-latest/Windows_Server-2022" --query 'Parameters[*].Name' | sort返回结果如下:
"/aws/service/ami-windows-latest/Windows_Server-2022-Chinese_Simplified-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Chinese_Traditional-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Czech-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Dutch-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-ECS_Optimized",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-ECS_Optimized/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-1.23",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-1.23/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-1.24",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-1.24/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-1.25",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-1.25/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-1.26",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-1.26/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-1.27",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-1.27/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-ECS_Optimized",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-ECS_Optimized/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-1.23",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-1.23/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-1.24",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-1.24/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-1.25",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-1.25/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-1.26",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-1.26/image_id",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-1.27",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-1.27/image_id"
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2017_Enterprise",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2017_Express",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2017_Standard",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2017_Web",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2019_Enterprise",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2019_Express",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2019_Standard",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2019_Web",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2022_Enterprise",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2022_Express",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2022_Standard",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-SQL_2022_Web",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-STIG-Core",
"/aws/service/ami-windows-latest/Windows_Server-2022-English-STIG-Full",
"/aws/service/ami-windows-latest/Windows_Server-2022-French-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-German-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Hungarian-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Italian-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Japanese-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Japanese-Full-SQL_2017_Enterprise",
"/aws/service/ami-windows-latest/Windows_Server-2022-Japanese-Full-SQL_2017_Standard",
"/aws/service/ami-windows-latest/Windows_Server-2022-Japanese-Full-SQL_2017_Web",
"/aws/service/ami-windows-latest/Windows_Server-2022-Japanese-Full-SQL_2019_Enterprise",
"/aws/service/ami-windows-latest/Windows_Server-2022-Japanese-Full-SQL_2019_Standard",
"/aws/service/ami-windows-latest/Windows_Server-2022-Japanese-Full-SQL_2019_Web",
"/aws/service/ami-windows-latest/Windows_Server-2022-Japanese-Full-SQL_2022_Enterprise",
"/aws/service/ami-windows-latest/Windows_Server-2022-Japanese-Full-SQL_2022_Standard",
"/aws/service/ami-windows-latest/Windows_Server-2022-Japanese-Full-SQL_2022_Web",
"/aws/service/ami-windows-latest/Windows_Server-2022-Korean-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Polish-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Portuguese_Brazil-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Portuguese_Portugal-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Russian-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Spanish-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Swedish-Full-Base",
"/aws/service/ami-windows-latest/Windows_Server-2022-Turkish-Full-Base",在这个Windows清单中,选择/aws/service/ami-windows-latest/Windows_Server-2022-Chinese_Simplified-Full-Base就是带有Windows GUI图形界面的简体中文系统。
现在可以开始编写CloudFormation了。
3、编写CloudFormation时候调用AMI在System Manager中Parameters的Path的例子
编写如下一个最小化的CloudFormation用于测试。下文使用gp3为例创建系统盘。
# Use public Systems Manager Parameter
Parameters:
LatestAmiId:
Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>'
Default: '/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64'
Resources:
EC2Instance01:
Type: 'AWS::EC2::Instance'
Properties:
ImageId: !Ref LatestAmiId
InstanceType: t4g.micro
Monitoring: true
BlockDeviceMappings: # Use gp3 as root disk
- DeviceName: /dev/xvda
Ebs:
VolumeType: gp3
VolumeSize: 10
DeleteOnTermination: true
Outputs:
LatestAMI:
Value: !Ref LatestAmiId
EC2PrivateIP:
Value: !GetAtt EC2Instance01.PrivateIp使用这个CloudFormation创建环境,可以看到EC2创建成功。
使用SSM的好处:
- 始终使用最新的AMI创建EC2,不需要在维护AMI ID版本
- 不区分区域,不需要在逐个针对Region嵌入AMI ID清单
四、参考资料
参考文档(英文):