Write a script to launch an Amazon EC2 instance from the previous golden image. Apply the patch updates. Install the new version of the Chef agent, generate a new golden image, and then modify the AMI permissions to share only the new image with the department’s accounts.
Use Amazon EC2 Image Builder to create an image pipeline that consists of the base Linux AMI and components to install the Chef agent. Use AWS Resource Access Manager to share EC2 Image Builder images with the department’s accounts.
Use an AWS Systems Manager Automation runbook to update the Linux AMI by using the previous image. Provide the URL for the script that will update the Chef agent. Use AWS Organizations to replace the previous golden image in the department’s accounts.
Use Amazon EC2 Image Builder to create an image pipeline that consists of the base Linux AMI and components to install the Chef agent. Create a parameter in AWS Systems Manager Parameter Store to store the new AMI ID that can be referenced by the department’s accounts.
Explanations:
While this option outlines a manual process to update and share AMIs, it involves significant management overhead due to the need to write and maintain scripts for each step, including launching instances and modifying AMI permissions. Automation tools would reduce this overhead.
This option leverages Amazon EC2 Image Builder to automate the creation of the AMI pipeline, which includes updating the AMI and installing the Chef agent. It also utilizes AWS Resource Access Manager to share the newly created images with department accounts, thereby minimizing manual management and streamlining the process.
Although using AWS Systems Manager Automation can automate some tasks, this option requires providing a script for updating the Chef agent, which adds complexity. Additionally, it does not directly address the sharing of AMIs across accounts, which is efficiently handled by using Image Builder.
This option includes the use of EC2 Image Builder but complicates the sharing process by requiring an extra step of storing the new AMI ID in Systems Manager Parameter Store. This adds unnecessary management overhead compared to directly sharing AMIs via AWS Resource Access Manager.