Write a script to launch an Amazon EC2 instance from the previous golden image. Apply the patch updates. Install the new version of the Chef agent, generate a new golden image, and then modify the AMI permissions to share only the new image with the department’s accounts.
Use Amazon EC2 Image Builder to create an image pipeline that consists of the base Linux AMI and components to install the Chef agent. Use AWS Resource Access Manager to share EC2 Image Builder images with the department’s accounts.
Use an AWS Systems Manager Automation runbook to update the Linux AMI by using the previous image. Provide the URL for the script that will update the Chef agent. Use AWS Organizations to replace the previous golden image in the department’s accounts.
Use Amazon EC2 Image Builder to create an image pipeline that consists of the base Linux AMI and components to install the Chef agent. Create a parameter in AWS Systems Manager Parameter Store to store the new AMI ID that can be referenced by the department’s accounts.
Explanations:
While this option does automate the process of creating a new AMI, it requires manual scripting and management of permissions, leading to higher overhead. It also does not utilize services designed for managing AMIs efficiently.
This option leverages Amazon EC2 Image Builder to automate the creation of the golden image and includes components for installing the Chef agent. It also allows sharing the generated images across accounts via AWS Resource Access Manager, minimizing management overhead.
Using AWS Systems Manager Automation to update the AMI requires manual intervention for script URL management and may not provide the streamlined image creation and sharing process that EC2 Image Builder offers. It also does not inherently handle the Chef agent installation as part of the image generation.
While this option utilizes EC2 Image Builder for image creation, relying on Systems Manager Parameter Store for AMI ID management introduces additional complexity and management overhead compared to directly sharing images with AWS Resource Access Manager as in option B.