We are running CI/CD pipelines that take the latest EC2 Image of Windows or Red Hat then it will automatically install the required security agents and check if they are properly installed.
At first, it was a hassle since we had to always be on the lookout for the latest EC2 Image ID of our target operating system and input this manually into our pipeline. But as it turns out AWS maintains SSM Parameters that holds the latest Image IDs of various operating systems and their versions.
Sometimes I see these in CloudFormation scripts.
Here are the AWS docs for the SSM Parameters of the latest Amazon Linux 2 and Windows.
As it turns out there are other public SSM Parameters for other operating systems.
So I’m writing this blog post to list the public SSM Parameters that hold the latest EC2 AMIs since I am always trying to find them.
Below is the Python code that I used to extract the values below.
import boto3
service_path_list = [
'/aws/service/ami-windows-latest/',
'/aws/service/canonical/',
'/aws/service/debian/',
'/aws/service/freebsd/',
'/aws/service/redhat/',
'/aws/service/suse/',
'/aws/service/ami-amazon-linux-latest/',
'/aws/service/ami-macos-latest/',
]
if __name__ == "__main__":
for service_path in service_path_list:
print(service_path)
ssm_client = boto3.client('ssm')
paginator = ssm_client.get_paginator('get_parameters_by_path')
page_iterator = paginator.paginate(
Path=service_path,
Recursive=True
)
for page in page_iterator:
for parameter in page['Parameters']:
print(parameter['Name'])
print()
You can run the Python script to list all of the SSM Parameters that hold the latest EC2 Image IDs.
See below for the list of Public SSM Parameters of EC2 Images.
Windows
The results below for the SSM Parameters of Windows are filtered to only list the English versions. If you want to see the other version you can run the Python script above.
/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-English-64Bit-Base
/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-English-64Bit-SQL_2016_SP3_Enterprise
/aws/service/ami-windows-latest/Windows_Server-2012-R2_RTM-English-64Bit-SQL_2016_SP3_Standard
/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-Base
/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-Containers
/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-SQL_2016_SP3_Enterprise
/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-SQL_2016_SP3_Standard
/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-SQL_2017_Enterprise
/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-SQL_2017_Standard
/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-SQL_2019_Enterprise
/aws/service/ami-windows-latest/Windows_Server-2016-English-Full-SQL_2019_Standard
/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-Base
/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-ContainersLatest
/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-SQL_2017_Enterprise
/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-SQL_2017_Standard
/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-SQL_2019_Enterprise
/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-SQL_2019_Standard
/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-Base
/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-ContainersLatest
Amazon Linux 2
Filtered to only show the list of Amazon Linux 2 since the first version of Amazon Linux has already reach end of life.
/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-arm64-gp2
/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-ebs
/aws/service/ami-amazon-linux-latest/amzn2-ami-hvm-x86_64-gp2
/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-arm64-gp2
/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-ebs
/aws/service/ami-amazon-linux-latest/amzn2-ami-kernel-5.10-hvm-x86_64-gp2
/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-arm64-ebs
/aws/service/ami-amazon-linux-latest/amzn2-ami-minimal-hvm-x86_64-ebs2
Ubuntu
Filtered to only show the stable
and current
version of Ubuntu.
/aws/service/canonical/ubuntu/server-minimal/16.04/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/18.04/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/19.10/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/20.10/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/21.04/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/21.10/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/bionic/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/eoan/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/focal/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/groovy/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/hirsute/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/impish/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server-minimal/xenial/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/16.04/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/16.04/stable/current/amd64/hvm/instance-store/ami-id
/aws/service/canonical/ubuntu/server/16.04/stable/current/amd64/pv/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/16.04/stable/current/amd64/pv/instance-store/ami-id
/aws/service/canonical/ubuntu/server/16.04/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/18.04/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/18.04/stable/current/amd64/hvm/instance-store/ami-id
/aws/service/canonical/ubuntu/server/18.04/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/19.10/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/19.10/stable/current/amd64/hvm/instance-store/ami-id
/aws/service/canonical/ubuntu/server/19.10/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/20.04/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/20.10/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/20.10/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/21.04/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/21.04/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/21.10/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/21.10/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/bionic/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/bionic/stable/current/amd64/hvm/instance-store/ami-id
/aws/service/canonical/ubuntu/server/bionic/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/eoan/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/eoan/stable/current/amd64/hvm/instance-store/ami-id
/aws/service/canonical/ubuntu/server/eoan/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/focal/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/focal/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/groovy/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/groovy/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/hirsute/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/hirsute/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/impish/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/impish/stable/current/arm64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/xenial/stable/current/amd64/hvm/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/xenial/stable/current/amd64/hvm/instance-store/ami-id
/aws/service/canonical/ubuntu/server/xenial/stable/current/amd64/pv/ebs-gp2/ami-id
/aws/service/canonical/ubuntu/server/xenial/stable/current/amd64/pv/instance-store/ami-id
/aws/service/canonical/ubuntu/server/xenial/stable/current/arm64/hvm/ebs-gp2/ami-id
SUSE Linux Enterprise Server
Filtered to only show SUSE 12 sp5
and SUSE 15 sp3
.
/aws/service/suse/sles/12-sp5/x86_64/latest
/aws/service/suse/sles/15-sp3/arm64/latest
/aws/service/suse/sles/15-sp3/x86_64/latest
Debian
Filtered to show the latest
Debian SSM parameters.
/aws/service/debian/release/10-backports/latest/amd64
/aws/service/debian/release/10-backports/latest/arm64
/aws/service/debian/release/10/latest/amd64
/aws/service/debian/release/10/latest/arm64
/aws/service/debian/release/11/latest/amd64
/aws/service/debian/release/11/latest/arm64
/aws/service/debian/release/bullseye/latest/amd64
/aws/service/debian/release/bullseye/latest/arm64
/aws/service/debian/release/buster-backports/latest/amd64
/aws/service/debian/release/buster-backports/latest/arm64
/aws/service/debian/release/buster/latest/amd64
/aws/service/debian/release/buster/latest/arm64
FreeBSD
Filtered to only show the CURRENT
or STABLE
version of the SSM Parameter for FreeBSD.
/aws/service/freebsd/arm64/base/ufs/14.0/CURRENT
/aws/service/freebsd/amd64/base/ufs/14.0/CURRENT
/aws/service/freebsd/arm64/base/ufs/12.3/STABLE
/aws/service/freebsd/amd64/base/ufs/12.3/STABLE
/aws/service/freebsd/arm64/base/ufs/13.0/STABLE
/aws/service/freebsd/amd64/base/ufs/13.0/STABLE
Now that we have listed all of the Public SSM parameters for EC2 Images of their respective Operative systems. It will now be easier for me to search and use them.
I hope this helped you.