Deploy The Latest AMI everytime!

Reading Time: 2 minutes

Terraform: How to Deploy The Latest AMI everytime you Build

One of the more common tasks you will be asked to do as an AWS administrator is to build an instance, but you want to have the very latest version of the base image.

Take Windows Server 2016 for example, every month, AWS releases the latest “patched” AMI which has the latest security updates from Microsoft already built-in.

This article will show you how to automate the building of this instance using infrastructure as code.

Step 1 – Navigate to AWS AMIs

You will need permissions that can access EC2 and view public AMI images. From the AWS management console, log into your account and navigate to:

EC2 > Images > AMIs

Make sure you have the “Public Images” option selected from the drop-down menu.

In the Text box type “Windows_Server-2016-English-Full-Base”

Terraform public ami, Deploy The Latest AMI everytime!

You will see a long list of base images of Windows Server 2016, note that the date changes as AWS patch the base image.

In this example, I will be using AMI Windows_Server-2016-English-Full-Base-2022.01.12 – ami-08ecb1b9bb6122b7b

Step 2 – Gather required facts for Terraform Code

Click on the desire AMI link and make a note of the:

  • AMI Name
  • Owner Account ID (This is an Amazon Account)
  • Virtualization Type
Terraform public ami, Deploy The Latest AMI everytime!

Step 3 – Update your main.tf

Add the following code to your main.tf

data "aws_ami" "windows_server_latest_AMI" {
  most_recent = true
  owners      = ["801119661308"]

  filter {
    name   = "name"
    values = ["Windows_Server-2016-English-Full-Base-*"]
  }
  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
}

Step 4 – Reference the Latest Windows AMI in your code

Now we need to tell terraform to use this data source to create an instance using this exact AMI. In this example, I will be using a Launch Configuration and an Auto-Scaling Group.

resource "aws_launch_configuration" "launch_b" {
  name                             = "dev-LaunchConfigB"
  instance_type                    = var.instance_size
  image_id                         = data.aws_ami.windows_server_latest_AMI.id
  ebs_optimized                    = false
  vpc_classic_link_security_groups = []
  security_groups                  = [var.secgroup_dc1, var.secgroup_dc2, var.secgroup_dc3, var.secgroup_dc4]
  iam_instance_profile             = aws_iam_instance_profile.accessmgmt_zone_b_instance_profile.name
  associate_public_ip_address      = false
  enable_monitoring                = true
  key_name                         = "rb"
  user_data = (
    templatefile(
      "../templates/dev_userdata_launch_b.tpl")}
resource "aws_autoscaling_group" "ASG-B" {
  depends_on = [
    aws_launch_configuration.launch_b
  ]
  name                      = "dev-BAutoScalingGroup"
  max_size                  = 1
  min_size                  = 1
  launch_configuration      = aws_launch_configuration.launch_b.id
  health_check_grace_period = "3600"
  vpc_zone_identifier       = ["subnet-<mysubnet>"]

If you have any problems leave a comment below and I will respond asap. Happy Coding!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *