DataDog · jinroh · Jan 16, 2024 · Jan 16, 2024
@@ -22,14 +22,14 @@ No modules.
 |------|------|
 | [aws_autoscaling_group.asg](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group) | resource |
 | [aws_launch_template.launch_template](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/launch_template) | resource |
-| [aws_ami.ubuntu2204](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 
 ## Inputs
 
 | Name | Description | Type | Default | Required |
 |------|-------------|------|---------|:--------:|
 | <a name="input_asg_size"></a> [asg\_size](#input\_asg\_size) | Size of the autoscaling group the instance is in (i.e. number of instances to run) | `number` | `1` | no |
 | <a name="input_iam_instance_profile"></a> [iam\_instance\_profile](#input\_iam\_instance\_profile) | IAM Instance Profile to launch the instance with. Specified as the name of the Instance Profile | `string` | n/a | yes |
+| <a name="input_instance_image_id"></a> [instance\_image\_id](#input\_instance\_image\_id) | The Image ID (aka. AMI) used as baseline for the instance - SSM parameter path is allowed | `string` | `"resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id"` | no |
 | <a name="input_instance_root_volume_size"></a> [instance\_root\_volume\_size](#input\_instance\_root\_volume\_size) | The instance root volume size in GiB | `number` | `30` | no |
 | <a name="input_instance_type"></a> [instance\_type](#input\_instance\_type) | The type of instance | `string` | `"t4g.large"` | no |
 | <a name="input_key_name"></a> [key\_name](#input\_key\_name) | Key name of the Key Pair to use for the instance; which can be managed using the `aws_key_pair` resource | `string` | `null` | no |

@@ -5,33 +5,16 @@ locals {
   }
 }
 
-data "aws_ami" "ubuntu2204" {
-  most_recent = true
-  owners      = ["099720109477"] # Canonical
-  filter {
-    name   = "architecture"
-    values = ["arm64"]
-  }
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
-  }
-  filter {
-    name   = "name"
-    values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-arm64-server-*"]
-  }
-}
-
 resource "aws_launch_template" "launch_template" {
   name_prefix            = "DatadogAgentlessScannerLaunchTemplate"
-  image_id               = data.aws_ami.ubuntu2204.id
+  image_id               = var.instance_image_id
   instance_type          = var.instance_type
   user_data              = base64encode(var.user_data)
   vpc_security_group_ids = var.vpc_security_group_ids
   key_name               = var.key_name
 
   block_device_mappings {
-    device_name = data.aws_ami.ubuntu2204.root_device_name
+    device_name = "/dev/sda1"
     ebs {
       delete_on_termination = true
       encrypted             = true
@@ -82,6 +65,10 @@ resource "aws_autoscaling_group" "asg" {
     version = aws_launch_template.launch_template.latest_version
   }
 
+  # Instances are terminated every 24 hours and recreated with latest AMI.
+  # This allows automated upgrade of our instances baseline.
+  max_instance_lifetime = 24 * 3600
+
   instance_refresh {
     strategy = "Rolling"
     preferences {

@@ -10,6 +10,12 @@ variable "instance_type" {
   default     = "t4g.large"
 }
 
+variable "instance_image_id" {
+  description = "The Image ID (aka. AMI) used as baseline for the instance - SSM parameter path is allowed"
+  type        = string
+  default     = "resolve:ssm:/aws/service/canonical/ubuntu/server/22.04/stable/current/arm64/hvm/ebs-gp2/ami-id"
+}
+
 variable "instance_root_volume_size" {
   description = "The instance root volume size in GiB"
   type        = number