Deploy The Latest AMI everytime!

Terraform: How to Deploy The Latest AMI everytime you Build

One of the more common tasks you will be asked to do as an AWS administrator is to build an instance, but you want to have the very latest version of the base image.

Take Windows Server 2016 for example, every month, AWS releases the latest “patched” AMI which has the latest security updates from Microsoft already built-in.

This article will show you how to automate the building of this instance using infrastructure as code.

Step 1 – Navigate to AWS AMIs

You will need permissions that can access EC2 and view public AMI images. From the AWS management console, log into your account and navigate to:

EC2 > Images > AMIs

Make sure you have the “Public Images” option selected from the drop-down menu.

In the Text box type “Windows_Server-2016-English-Full-Base”

You will see a long list of base images of Windows Server 2016, note that the date changes as AWS patch the base image.

In this example, I will be using AMI Windows_Server-2016-English-Full-Base-2022.01.12 – ami-08ecb1b9bb6122b7b

Step 2 – Gather required facts for Terraform Code

Click on the desire AMI link and make a note of the:

  • AMI Name
  • Owner Account ID (This is an Amazon Account)
  • Virtualization Type

Step 3 – Update your

Add the following code to your

data "aws_ami" "windows_server_latest_AMI" {
  most_recent = true
  owners      = ["801119661308"]

  filter {
    name   = "name"
    values = ["Windows_Server-2016-English-Full-Base-*"]
  filter {
    name   = "virtualization-type"
    values = ["hvm"]

Step 4 – Reference the Latest Windows AMI in your code

Now we need to tell terraform to use this data source to create an instance using this exact AMI. In this example, I will be using a Launch Configuration and an Auto-Scaling Group.

resource "aws_launch_configuration" "launch_b" {
  name                             = "dev-LaunchConfigB"
  instance_type                    = var.instance_size
  image_id                         =
  ebs_optimized                    = false
  vpc_classic_link_security_groups = []
  security_groups                  = [var.secgroup_dc1, var.secgroup_dc2, var.secgroup_dc3, var.secgroup_dc4]
  iam_instance_profile             =
  associate_public_ip_address      = false
  enable_monitoring                = true
  key_name                         = "rb"
  user_data = (
resource "aws_autoscaling_group" "ASG-B" {
  depends_on = [
  name                      = "dev-BAutoScalingGroup"
  max_size                  = 1
  min_size                  = 1
  launch_configuration      =
  health_check_grace_period = "3600"
  vpc_zone_identifier       = ["subnet-<mysubnet>"]

If you have any problems leave a comment below and I will respond asap. Happy Coding!

Elsewhere On TurboGeek:  Bash CLI Terminal Tips and Tricks


Richard Bailey, a seasoned tech enthusiast, combines a passion for innovation with a knack for simplifying complex concepts. With over a decade in the industry, he's pioneered transformative solutions, blending creativity with technical prowess. An avid writer, Richard's articles resonate with readers, offering insightful perspectives that bridge the gap between technology and everyday life. His commitment to excellence and tireless pursuit of knowledge continues to inspire and shape the tech landscape.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

Translate ยป