AMI environmental context provider

[ggoodman]

During execution, I would like to be able to perform an ec2.describeImages() operation in the context of the privileges available to my CDK App. I would use the resulting image list to seed the image map in an AutoScaleGroup.

[eladb]

to seed the image map in an AutoScaleGroup

Can you elaborate a little bit about what you mean, or provide a sketch of how would you expect the API to look like from a user's point of view?

[ggoodman]

I feel like I don't have a good enough understanding of the canonical way of using the CDK or its long-term vision so I don't feel like I can make a good API suggestion. Let me present the use case instead.

• There is another team that produces AMIs and tags these so that they can be filtered by different criteria. These AMIs are produced regularly to capture security patches and other little things.
• I would like to capture the newest such AMI according to a set of criteria. This exercise would need to be done on a per-region basis to seed things like AutoScaleGroup launch configurations.
• Because the produced AMIs are private, listing these requires appropriate credentials. It would simplify the experience if the credential provider(s) made available by the CDK could be leveraged.
• I've also produced a Credentials Plugin to facilitate assuming a role w/ 2FA. This is the logic I would like to cleanly re-use (if needed, subject to opt-out via instance profile flag).

[eladb]

@ggoodman thanks, very helpful. Can you provide an example for a describeImages invocation (with query details) that you might use?

[otterley]

I'm interested in such a feature, though the implementation details/design may be different.

Here's a user story:

As a user, I want to be able to determine at runtime which AMI to use for an EC2 instance or Auto Scaling Group, based on a set of predicate attributes I provide; and if multiple images are returned that match the predicate, use the latest one.

It'd be useful to look at Terraform's AMI data source for inspiration.

[eladb]

Sounds that this will exactly fit our environmental context provider model.

[otterley]

@eladb Sounds good to me, but I didn't see an AMI provider yet. Should we make this the issue requesting one be made?

[eladb]

Looks like this issue is good enough!

[otterley]

Shall we rename it? I don't have the privileges to do so.

[github-actions]

This issue has not received any attention in 1 year. If you want to keep this issue open, please leave a comment below and auto-close will be canceled.