AWS Automation Documents

Automate AWS AMIs

What Do We Want? When Do We Want It?

The end result is, of course, simply an AMI ID. That’s a special, customized, and secured AMI ID (well, with updated packages by default, anyway) from which you can spin up your crafted instances.

The final challenge is capturing that AMI ID in AWS CloudFormation or HashiCorp Terraform or through some other scripting mechanism so you can use it to spin up EC2 instances. AWS offers some suggestions (e.g., using the Systems Manager Parameter Store AWS Lambda service), but that’s for another day. You might change the AMI every day, week, or month, but automating this part means you have a trustworthy source on which you can run your applications.


When you get a little more adept at triggering, watching, and debugging any issues that crop up, you can speed things up with the CLI. Obviously, you will need to change some of these settings (and the X characters), but here’s a starter:

$ aws ssm start-automation-execution --document-name "ChrisBinnie-UpdateLinuxAmi" --parameters "AutomationAssumeRole=arn:aws:iam::XXXXXXXX:role/AutomationRole, SourceAmiId=ami-XXXXXXX, InstanceIamRole=InstanceRole, SubnetId=subnet-XXXXXXX"

To check for a current job and any error output (which is also available in the GUI if you look into the progress of each step), use the

$ aws ssm get-automation-execution --automation-execution-id "XXXXX-XXX-XXX-XXX-XXXX"


SSM Parameter Store

If you want to get further involved with Lambda functions and pre-defining parameters with your automation, then AWS provides a Parameter Store as part of your Systems Manager (look bottom left in the navigation pane in the EC2 section of the AWS console for a link; Figure 8). This enables you to set up a source AMI permanently. In other docs provided by AWS, Lambda functions reference and prefer this functionality.

To register a parameter over the CLI, run the command:

$ aws ssm put-parameter --name "ChrisBinnie" --type "String" --value "ami-4d46d534"

You can check that it has been set correctly (note the camelCase):

$ aws ssm get-parameter --name "ChrisBinnie"

Your scripts might reference and update the Parameter Store entries in some way, or perhaps Ubuntu’s base AMI is fine to reference for a few months (because you’re updating all of its packages automatically anyway) by the Automation document. The ways of using it are varied and many.

Buy ADMIN Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”>


		<div class=