Sign in Subscribe
By Javier Carrera in HOWTO

Dynamically use the latest AMI in a Launch Template using Public Parameter Store values

AWS allows specifying AWS Systems Manager parameters in EC2 launch templates for dynamic AMI selection. This post leverages public parameters for easier AMI management. The correct format specification in launch templates is crucial, as errors may occur with improper AMI references.

Dynamically use the latest AMI in a Launch Template using Public Parameter Store values

Instead of specifying an AMI value statically in your launch templates, you can specify an AWS Systems Manager parameter as a reference. This functionality, announced in January 2023, can be used for EC2 instances launched via launch templates and single instance type Amazon EC2 Auto Scaling groups.

You can combine this feature with the fact that some AWS services publish information about common artifacts as AWS Systems Manager Parameter Store public parameters.

Let's review which public parameters are available and how to use the correct format to specify them in the Launch Template (as the documentation is unclear on this important detail).

Public Parameters in Parameter Store

Currently, the following services provide public parameters:

ami-windows-latest
appmesh
canonical
datasync
ecs
eks
freebsd
global-infrastructure
redhat
storagegateway
ami-amazon-linux-latest
aws-for-fluent-bit
aws-sdk-pandas
aws-storage-gateway-latest
bottlerocket
cloud9
debian
internal-ami-amazon-linux-latest
marketplace
suse

You can find the exact parameters available either using the AWS CLI or the Management Console, as shown below:

Note: All public parameters aren't published to all AWS Regions.

Specifying the AMI in the Launch Template using the CORRECT format


 
The procedure to specify a Systems Manager parameter in a launch template is explained here:
 
To specify a Systems Manager parameter that will resolve to an AMI at the time an instance is launched from the launch template, choose the arrow button to the right of the search bar, and then choose Specify custom value/Systems Manager parameter.

The following screenshots show "where to click":

The above configuration would work (when using parameter /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64).

However, some public parameters do not contain the AMI value directly. Instead, you need to inspect its content to extract the path to the AMI you are interested in.

For instance, if you specify resolve:ssm:/aws/service/ecs/optimized-ami/amazon-linux-2/recommended as the AMI in the Launch Template, you'll get the following error when trying to use it:

Let's check the value of the public parameter used in the first example (/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64):

aws ssm get-parameters --names /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64

The output looks like this:

{
    "Parameters": [
        {
            "Name": "/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64",
            "Type": "String",
            "Value": "ami-0766b4b472db7e3b9",
            "Version": 66,
            "LastModifiedDate": "2024-02-07T20:33:30.475000+01:00",
            "ARN": "arn:aws:ssm:eu-west-1::parameter/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64",
            "DataType": "text"
        }
    ],
    "InvalidParameters": []
}

As expected, the "Value" key contains "ami-0766b4b472db7e3b9", a valid AMI.

If you look into the details of the second public parameter mentioned (/aws/service/ecs/optimized-ami/amazon-linux-2/recommended) by running the command:

aws ssm get-parameters --names /aws/service/ecs/optimized-ami/amazon-linux-2/recommended

You get:

{
    "Parameters": [
        {
            "Name": "/aws/service/ecs/optimized-ami/amazon-linux-2/recommended",
            "Type": "String",
            "Value": "{\"ecs_agent_version\":\"1.81.0\",\"ecs_runtime_version\":\"Docker version 20.10.25\",\"image_id\":\"ami-02d8a5e46ec66afac\",\"image_name\":\"amzn2-ami-ecs-hvm-2.0.20240207-x86_64-ebs\",\"image_version\":\"2.0.20240207\",\"os\":\"Amazon Linux 2\",\"schema_version\":1,\"source_image_name\":\"amzn2-ami-minimal-hvm-2.0.20240131.0-x86_64-ebs\"}",
            "Version": 134,
            "LastModifiedDate": "2024-02-12T17:05:54.648000+01:00",
            "ARN": "arn:aws:ssm:eu-west-1::parameter/aws/service/ecs/optimized-ami/amazon-linux-2/recommended",
            "DataType": "text"
        }
    ],
    "InvalidParameters": []
}

The contents of "Value" are not directly the AMI ID, but contain the AMI in the image_id key.

To avoid the issue above, you need to specify the reference to the AMI as resolve:ssm:/aws/service/ecs/optimized-ami/amazon-linux-2/recommended/image_id

I have highlighted the critical part of the solution on the screenshot above (adding /image_id at the end of the base parameter).

References

Amazon EC2 Launch Templates now support AWS Systems Manager parameters for AMIs
Amazon Web Services, Inc.
Create a launch template - Amazon Elastic Compute Cloud
Create a new launch template using parameters that you define, or use an existing launch template or an instance as the basis for a new launch template.
Amazon Elastic Compute Cloud
Finding public parameters - AWS Systems Manager
You can search for public parameters using the Parameter Store console or the AWS Command Line Interface. A public parameter name begins with aws/service/list . The next part of the name corresponds to the service that owns that parameter.
AWS Systems Manager

Subscribe to Javier in the Cloud

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe