Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Follow-up to run ECS/EKS AMI monitoring script #8329

Closed
3 tasks done
Khatraf opened this issue Oct 24, 2024 · 3 comments
Closed
3 tasks done

Follow-up to run ECS/EKS AMI monitoring script #8329

Khatraf opened this issue Oct 24, 2024 · 3 comments
Assignees
@Khatraf

Comments

@Khatraf
Copy link
Contributor

Khatraf commented Oct 24, 2024
edited
Loading

User Story

As a MP engineer
I want to monitor the versions of ECS/EKS-optimised AMIs in use by members' clusters
So that I can notify members when their AMIs are outdated

Value / Purpose

Following on #7189, this issue is to run the ECS/EKS AMI script. Any accounts found using outdated AMIs should be flagged, and the relevant teams should be notified. Analytical Platform and data-platform-apps-and-tools can be ignored.
Additionally, it can be recommended that teams consider using the SSM Parameter resolve syntax to automatically reference the latest ECS/EKS AMI. This approach ensures that instances always launch with the latest AMI, eliminating the need to manually update or re-apply Terraform when using a data call.

Useful Contacts

No response

Additional Information

No response

Definition of Done

  • The ECS/EKS outdated AMI monitoring script is successfully executed across all accounts
  • Accounts that are found to have outdated AMIs contacted for remediation
  • Raise another follow on ticket for script to be run again in 1-2 months.
@Khatraf Khatraf mentioned this issue Oct 24, 2024
Closed
5 tasks
@Khatraf Khatraf self-assigned this Jan 9, 2025
@Khatraf Khatraf moved this from To Do to In Progress in Modernisation Platform Jan 9, 2025
@Khatraf
Copy link
Contributor Author

Khatraf commented Jan 9, 2025
edited
Loading

outdated-amis .csv
Same accounts as the last time I ran the script are being flagged. From looking at the AMI ids, I can see that the ones in use are pretty recent, from Oct/Nov release.

ami-095cfe74465b7f5e8 - Windows_Server-2019-English-Full-ECS_Optimized-2024.11.13
ami-08b32d78bce8fc05e - Windows_Server-2019-English-Core-ECS_Optimized-2024.11.13
ami-0aed5f2215de82996 - Windows_Server-2019-English-Full-ECS_Optimized-2024.10.17
ami-03e8b3c35fa0619ce - Amazon Linux AMI 2.0.20241023 x86_64 ECS HVM GP2, 2024.10.23

Apex are using outdated AMIs that were released prior to September. I've contacted them to update to the latest AMIs to ensure better performance and security.


I'll raise another follow on ticket to run the script again in a couple months. Also, there's a ticket in the backlog looking at AWS Systems Manager Inventory, which can be useful to manage and track outdated AMIs.

@Khatraf Khatraf mentioned this issue Jan 9, 2025
Open
3 tasks
@Khatraf
Copy link
Contributor Author

Khatraf commented Jan 9, 2025

Follow on ticket raised here: #8886

@Khatraf Khatraf moved this from In Progress to For Review in Modernisation Platform Jan 9, 2025
@mikereiddigital
Copy link
Contributor

Happy to consider this completed given that it's very difficult to identify out-of-support operating systems whose EC2s are launched as custom AMIs.

Another option is to look into those EC2 that are running on older generation infrastructure - such as T2, M4, and enquire regarding the O/S being run.

@mikereiddigital mikereiddigital moved this from For Review to Done in Modernisation Platform Jan 14, 2025
@mikereiddigital mikereiddigital closed this as completed by moving to Done in Modernisation Platform Jan 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Khatraf Khatraf

Labels
None yet
Projects
Modernisation Platform
Status: Done
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikereiddigital @SimonPPledger @Khatraf