Skip to content

Commit

Permalink
feat(ec2): support using ssm parameter to resolve AMI ID at instance …
Browse files Browse the repository at this point in the history 
…launch time (#26273)

Launch Template and EC2 instance support using SSM parameter to resolve the AMI ID at instance launch time(`resolve:ssm:parameter`) rather than the CFN deploy time(`CfnDynamicReference`). This PR introduces a new support for that.

- [Using SSM Parameter with Autoscaling and Launch Template](https://docs.aws.amazon.com/autoscaling/ec2/userguide/using-systems-manager-parameters.html)
- [Launch an instance using a Systems Manager parameter](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/finding-an-ami.html#using-systems-manager-parameter-to-find-AMI)

Remove `latestAmazonLinux2022()` from the integ test as it does not return any valid al2022 images anymore as described in #26274

Closes #24551

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
  • Loading branch information
@pahud
pahud committed Jul 10, 2023
1 parent 1e33586 commit 2462b0b
Show file tree
Hide file tree
Showing 11 changed files with 604 additions and 287 deletions.
2 changes: 1 addition & 1 deletion ...aws-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.js.snapshot/cdk.out
View file
Original file line number Diff line number Diff line change
@@ -1 +1 @@
{"version":"31.0.0"}
{"version":"32.0.0"}
6 changes: 3 additions & 3 deletions ...est/aws-ec2/test/integ.machine-image.js.snapshot/integ-ec2-machine-image-test.assets.json
View file
Original file line number Diff line number Diff line change
@@ -1,15 +1,15 @@
{
"version": "31.0.0",
"version": "32.0.0",
"files": {
"09b19c98d056dc3ddd9d9852de04232c8c27cdfbb4aa83797c6f9e1e118068d5": {
"fa6690179ed0aff2d045f19741af965ccdb151c74c58ea99393b00c3d47ceed9": {
"source": {
"path": "integ-ec2-machine-image-test.template.json",
"packaging": "file"
},
"destinations": {
"current_account-current_region": {
"bucketName": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}",
"objectKey": "09b19c98d056dc3ddd9d9852de04232c8c27cdfbb4aa83797c6f9e1e118068d5.json",
"objectKey": "fa6690179ed0aff2d045f19741af965ccdb151c74c58ea99393b00c3d47ceed9.json",
"assumeRoleArn": "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/cdk-hnb659fds-file-publishing-role-${AWS::AccountId}-${AWS::Region}"
}
}
Expand Down
145 changes: 113 additions & 32 deletions ...t/aws-ec2/test/integ.machine-image.js.snapshot/integ-ec2-machine-image-test.template.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -617,10 +617,10 @@
"amzn2InstanceRole3F1DBBD2"
]
},
"al2022InstanceSecurityGroupD2B46A06": {
"al2023InstanceSecurityGroupB018A9BC": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "integ-ec2-machine-image-test/al2022/InstanceSecurityGroup",
"GroupDescription": "integ-ec2-machine-image-test/al2023/InstanceSecurityGroup",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
Expand All @@ -631,15 +631,15 @@
"Tags": [
{
"Key": "Name",
"Value": "integ-ec2-machine-image-test/al2022"
"Value": "integ-ec2-machine-image-test/al2023"
}
],
"VpcId": {
"Ref": "Vpc8378EB38"
}
}
},
"al2022InstanceRole6711C818": {
"al2023InstanceRoleECC2D6DD": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
Expand All @@ -657,36 +657,36 @@
"Tags": [
{
"Key": "Name",
"Value": "integ-ec2-machine-image-test/al2022"
"Value": "integ-ec2-machine-image-test/al2023"
}
]
}
},
"al2022InstanceProfileAA7ED3DD": {
"al2023InstanceProfileAB8077E0": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Roles": [
{
"Ref": "al2022InstanceRole6711C818"
"Ref": "al2023InstanceRoleECC2D6DD"
}
]
}
},
"al20225AC492C0": {
"al20231AC01FE4": {
"Type": "AWS::EC2::Instance",
"Properties": {
"AvailabilityZone": "test-region-1a",
"IamInstanceProfile": {
"Ref": "al2022InstanceProfileAA7ED3DD"
"Ref": "al2023InstanceProfileAB8077E0"
},
"ImageId": {
"Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2022amikernel515x8664C96584B6F00A464EAD1953AFF4B05118Parameter"
"Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter"
},
"InstanceType": "t3.nano",
"SecurityGroupIds": [
{
"Fn::GetAtt": [
"al2022InstanceSecurityGroupD2B46A06",
"al2023InstanceSecurityGroupB018A9BC",
"GroupId"
]
}
Expand All @@ -697,21 +697,30 @@
"Tags": [
{
"Key": "Name",
"Value": "integ-ec2-machine-image-test/al2022"
"Value": "integ-ec2-machine-image-test/al2023"
}
],
"UserData": {
"Fn::Base64": "#!/bin/bash"
}
},
"DependsOn": [
"al2022InstanceRole6711C818"
"al2023InstanceRoleECC2D6DD"
]
},
"al2023InstanceSecurityGroupB018A9BC": {
"AmiParameter": {
"Type": "AWS::SSM::Parameter",
"Properties": {
"Type": "String",
"Value": "ami-06ca3ca175f37dd66",
"DataType": "aws:ec2:image",
"Name": "myAmi"
}
},
"ssmresolveinstanceInstanceSecurityGroupEACCDB27": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "integ-ec2-machine-image-test/al2023/InstanceSecurityGroup",
"GroupDescription": "integ-ec2-machine-image-test/ssm-resolve-instance/InstanceSecurityGroup",
"SecurityGroupEgress": [
{
"CidrIp": "0.0.0.0/0",
Expand All @@ -722,15 +731,15 @@
"Tags": [
{
"Key": "Name",
"Value": "integ-ec2-machine-image-test/al2023"
"Value": "integ-ec2-machine-image-test/ssm-resolve-instance"
}
],
"VpcId": {
"Ref": "Vpc8378EB38"
}
}
},
"al2023InstanceRoleECC2D6DD": {
"ssmresolveinstanceInstanceRoleCC771AEF": {
"Type": "AWS::IAM::Role",
"Properties": {
"AssumeRolePolicyDocument": {
Expand All @@ -748,36 +757,34 @@
"Tags": [
{
"Key": "Name",
"Value": "integ-ec2-machine-image-test/al2023"
"Value": "integ-ec2-machine-image-test/ssm-resolve-instance"
}
]
}
},
"al2023InstanceProfileAB8077E0": {
"ssmresolveinstanceInstanceProfileAD70EB72": {
"Type": "AWS::IAM::InstanceProfile",
"Properties": {
"Roles": [
{
"Ref": "al2023InstanceRoleECC2D6DD"
"Ref": "ssmresolveinstanceInstanceRoleCC771AEF"
}
]
}
},
"al20231AC01FE4": {
"ssmresolveinstanceDC2C8573": {
"Type": "AWS::EC2::Instance",
"Properties": {
"AvailabilityZone": "test-region-1a",
"IamInstanceProfile": {
"Ref": "al2023InstanceProfileAB8077E0"
},
"ImageId": {
"Ref": "SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter"
"Ref": "ssmresolveinstanceInstanceProfileAD70EB72"
},
"ImageId": "resolve:ssm:myAmi",
"InstanceType": "t3.nano",
"SecurityGroupIds": [
{
"Fn::GetAtt": [
"al2023InstanceSecurityGroupB018A9BC",
"ssmresolveinstanceInstanceSecurityGroupEACCDB27",
"GroupId"
]
}
Expand All @@ -788,27 +795,101 @@
"Tags": [
{
"Key": "Name",
"Value": "integ-ec2-machine-image-test/al2023"
"Value": "integ-ec2-machine-image-test/ssm-resolve-instance"
}
],
"UserData": {
"Fn::Base64": "#!/bin/bash"
}
},
"DependsOn": [
"al2023InstanceRoleECC2D6DD"
"ssmresolveinstanceInstanceRoleCC771AEF"
]
},
"LTC4631592": {
"Type": "AWS::EC2::LaunchTemplate",
"Properties": {
"LaunchTemplateData": {
"ImageId": "resolve:ssm:myAmi",
"InstanceType": "t3.nano",
"TagSpecifications": [
{
"ResourceType": "instance",
"Tags": [
{
"Key": "Name",
"Value": "integ-ec2-machine-image-test/LT"
}
]
},
{
"ResourceType": "volume",
"Tags": [
{
"Key": "Name",
"Value": "integ-ec2-machine-image-test/LT"
}
]
}
],
"UserData": {
"Fn::Base64": "#!/bin/bash"
}
},
"TagSpecifications": [
{
"ResourceType": "launch-template",
"Tags": [
{
"Key": "Name",
"Value": "integ-ec2-machine-image-test/LT"
}
]
}
]
}
},
"ASG46ED3070": {
"Type": "AWS::AutoScaling::AutoScalingGroup",
"Properties": {
"MaxSize": "1",
"MinSize": "1",
"DesiredCapacity": "1",
"LaunchTemplate": {
"LaunchTemplateId": {
"Ref": "LTC4631592"
},
"Version": {
"Fn::GetAtt": [
"LTC4631592",
"LatestVersionNumber"
]
}
},
"VPCZoneIdentifier": [
{
"Ref": "VpcPrivateSubnet1Subnet536B997A"
},
{
"Ref": "VpcPrivateSubnet2Subnet3788AAA1"
},
{
"Ref": "VpcPrivateSubnet3SubnetF258B56E"
}
]
},
"UpdatePolicy": {
"AutoScalingScheduledAction": {
"IgnoreUnmodifiedGroupSizeProperties": true
}
}
}
},
"Parameters": {
"SsmParameterValueawsserviceamiamazonlinuxlatestamzn2amikernel510hvmx8664gp2C96584B6F00A464EAD1953AFF4B05118Parameter": {
"Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
"Default": "/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2"
},
"SsmParameterValueawsserviceamiamazonlinuxlatestal2022amikernel515x8664C96584B6F00A464EAD1953AFF4B05118Parameter": {
"Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
"Default": "/aws/service/ami-amazon-linux-latest/al2022-ami-kernel-5.15-x86_64"
},
"SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter": {
"Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>",
"Default": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64"
Expand Down
2 changes: 1 addition & 1 deletion ...-cdk-testing/framework-integ/test/aws-ec2/test/integ.machine-image.js.snapshot/integ.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"enableLookups": true,
"version": "31.0.0",
"version": "32.0.0",
"testCases": {
"integ-test/DefaultTest": {
"stacks": [
Expand Down
2 changes: 1 addition & 1 deletion ...test/integ.machine-image.js.snapshot/integtestDefaultTestDeployAssert24D5C536.assets.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"version": "31.0.0",
"version": "32.0.0",
"files": {
"21fbb51d7b23f6a6c262b46a9caee79d744a3ac019fd45422d988b96d44b2a22": {
"source": {
Expand Down

0 comments on commit 2462b0b

Please sign in to comment.