Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

(aws-ec2): Support Amazon Linux 2023 as a first-class option for BastionHostLinux #29493

Closed
2 tasks
blimmer opened this issue Mar 14, 2024 · 3 comments · Fixed by #31996
Closed
2 tasks

(aws-ec2): Support Amazon Linux 2023 as a first-class option for BastionHostLinux #29493

blimmer opened this issue Mar 14, 2024 · 3 comments · Fixed by #31996
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2

Comments

@blimmer
Copy link
Contributor

blimmer commented Mar 14, 2024

Describe the feature

Today, the excellent BastionHostLinux construct defaults to an Amazon Linux 2 base image:

/**
* The machine image to use, assumed to have SSM Agent preinstalled.
*
* @default - An Amazon Linux 2 image which is kept up-to-date automatically (the instance
* may be replaced on every deployment) and already has SSM Agent installed.
*/
readonly machineImage?: IMachineImage;

However, Amazon Linux 2 will hit end of life in June 2025.

I see that I can pass my own MachineImage, but it'd be nice if there was a first-class flag to opt-in.

Use Case

It'd be nice to still be able to use BastionHostLinux, but use the newer Amazon Linux so I don't have to worry about upgrading next year.

Proposed Solution

It'd probably be a good idea to introduce a new feature flag and plan to automatically opt people into Amazon Linux 2023 on the next major version.

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.132.1

Environment details (OS name and version, etc.)

macOS sonoma

@blimmer blimmer added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Mar 14, 2024
@blimmer blimmer changed the title (aws-ec2): Support Amazon Linux 2023 as a first-class option in BastionHost (aws-ec2): Support Amazon Linux 2023 as a first-class option for BastionHostLinux Mar 14, 2024
@github-actions github-actions bot added the @aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud label Mar 14, 2024
@pahud
Copy link
Contributor

pahud commented Mar 15, 2024

I support that but changing the default image would cause breaking changes and the deployed bastion hosts would be replaced. I guess we probably need a feature flag in this case. Need input and ack from the maintainers.

We welcome and appreciate PRs for this. Are you interested to submit a PR for it?

@pahud pahud added effort/small Small work item – less than a day of effort p2 and removed needs-triage This issue or PR still needs to be triaged. labels Mar 15, 2024
@blimmer
Copy link
Contributor Author

blimmer commented Mar 15, 2024

It looks like it'd be as simple as just updating this line to use a different machine image:

machineImage: props.machineImage ?? MachineImage.latestAmazonLinux2({
cpuType: this.toAmazonLinuxCpuType(instanceType.architecture),
}),

So it seems like people could just pass 2023 as their image:

/**
* An Amazon Linux 2023 image that is automatically kept up-to-date
*
* This Machine Image automatically updates to the latest version on every
* deployment. Be aware this will cause your instances to be replaced when a
* new version of the image becomes available. Do not store stateful information
* on the instance if you are using this image.
*/
public static latestAmazonLinux2023(props?: AmazonLinux2023ImageSsmParameterProps): IMachineImage {
return new AmazonLinux2023ImageSsmParameter({
cachedInContext: false,
...props,
kernel: AmazonLinux2023Kernel.CDK_LATEST,
});
}

So the real question is "can/should we feature flag this as a new default?". I understand that it'd be a breaking change, but that's kinda the point of feature flags. There's a pattern for this with other deprecations like this. Since AmazonLinux2 goes EOL in about 1 year, people are going to have to think about this anyway.

If I can get validation that changing this default via a feature flag is acceptable, I could make the PR.

@mergify mergify bot closed this as completed in #31996 Dec 2, 2024
mergify bot pushed a commit that referenced this issue Dec 2, 2024
…eature flag) (#31996)

### Issue #29493

Closes #29493

### Reason for this change

Right now, if a `machineImage` property isn't passed to `BastionHostLinux`, it defaults to an Amazon Linux 2 image. Since Amazon Linux 2 is hitting end-of-life in June 2025, it'd be better to default to Amazon Linux 2023.

Since changing this default would be a breaking change, I placed it behind a feature flag, `@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault`.

### Description of changes

- Added the `@aws-cdk/aws-ec2:bastionHostUseAmazonLinux2023ByDefault`
- When set, and a `machineImage` is not provided, we use the latest Amazon Linux 2023 image, instead of Amazon Linux 2.

### Description of how you validated changes

- Unit Tests
- Integration Test

### Checklist
- [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md)

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Copy link

github-actions bot commented Dec 2, 2024

Comments on closed issues and PRs are hard for our team to see.
If you need help, please open a new issue that references this one.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Dec 2, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
@aws-cdk/aws-ec2 Related to Amazon Elastic Compute Cloud effort/small Small work item – less than a day of effort feature-request A feature should be added or improved. p2
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants