Update AMI IDs for 11.2.2 (#20466)

Co-authored-by: Steven Martin <steven@goteleport.com>
2024-10-19 08:43:58 +00:00 · 2023-01-20 00:43:48 -08:00 · 2023-01-20 00:43:48 -08:00 · ae386a5b23
parent 9fa28188c7
commit ae386a5b23
5 changed files with 86 additions and 121 deletions
--- a/assets/aws/Makefile
+++ b/assets/aws/Makefile
@ -14,7 +14,7 @@ AWS_REGION ?= us-west-2
 # This must be a _released_ version of Teleport, i.e. one which has binaries
 # available for download on https://gravitational.com/teleport/download
 # Unreleased versions will fail to build.
-TELEPORT_VERSION ?= 11.2.1
+TELEPORT_VERSION ?= 11.2.2

 # Teleport UID is the UID of a non-privileged 'teleport' user
 TELEPORT_UID ?= 1007
@ -114,28 +114,21 @@ check-vars:
 	  echo "TELEPORT_VERSION is not set"; exit 1; \
 	fi;

-.PHONY: update-ami-ids-cloudformation
-update-ami-ids-cloudformation:
-	@echo -e "\nUpdating OSS Cloudformation image IDs"
-	./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -m cloudformation -t oss -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION)
-	@echo -e "\nUpdating Enterprise Cloudformation image IDs"
-	./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -m cloudformation -t ent -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION)
-
 .PHONY: update-ami-ids-terraform
 update-ami-ids-terraform:
 	@echo -e "\nUpdating OSS Terraform image IDs"
-	./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -m terraform -t oss -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION)
+	./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -t oss -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION)
 	@echo -e "\nUpdating Enterprise Terraform image IDs"
-	./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -m terraform -t ent -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION)
+	./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -t ent -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION)
 	@echo -e "\nUpdating Enterprise FIPS Terraform image IDs"
-	./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -m terraform -t ent-fips -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION)
+	./update-ami-ids.sh -a $(AWS_ACCOUNT_ID) -t ent-fips -r $(DESTINATION_REGIONS) -v $(TELEPORT_VERSION)

 # you will need the Github 'gh' CLI installed and working to be able to use this target
 # https://github.com/cli/cli/releases/latest
 AUTO_BRANCH_NAME := "ami-auto-branch-$(shell date +%s)"
 MAKEFILE_PATH := $(abspath $(lastword $(MAKEFILE_LIST)))
 .PHONY: create-update-pr
-create-update-pr: update-ami-ids-cloudformation update-ami-ids-terraform
+create-update-pr: update-ami-ids-terraform
 	@echo "Creating PR for updates"
 	sed -i -E "s/^TELEPORT_VERSION \?= [0-9.]+$$/TELEPORT_VERSION ?= $(TELEPORT_VERSION)/g" $(MAKEFILE_PATH)
 	git add -A ../../examples/aws $(shell pwd)
--- a/assets/aws/update-ami-ids.sh
+++ b/assets/aws/update-ami-ids.sh
@ -8,16 +8,12 @@ set -euo pipefail
 # -- (something like "export PATH=/usr/local/opt/findutils/libexec/gnubin:$PATH")

 # shellcheck disable=SC2086
-usage() { echo "Usage: $(basename $0) [-a <AWS account ID>] [-m <cloudformation/terraform>] [-t <oss/ent/ent-fips>] [-r <comma-separated regions>] [-v version]" 1>&2; exit 1; }
-while getopts ":a:m:t:r:v:" o; do
+usage() { echo "Usage: $(basename $0) [-a <AWS account ID>] [-t <oss/ent/ent-fips>] [-r <comma-separated regions>] [-v version]" 1>&2; exit 1; }
+while getopts ":a:t:r:v:" o; do
    case "${o}" in
        a)
            a=${OPTARG}
            ;;
-        m)
-            m=${OPTARG}
-            if [[ ${m} != "cloudformation" && ${m} != "terraform" ]]; then usage; fi
-            ;;
        r)
            r=${OPTARG}
            ;;
@ -35,14 +31,12 @@ while getopts ":a:m:t:r:v:" o; do
 done
 shift $((OPTIND-1))

-if [ -z "${a}" ] || [ -z "${m}" ] || [ -z "${r}" ] || [ -z "${t}" ] || [ -z "${v}" ]; then
+if [ -z "${a}" ]  || [ -z "${r}" ] || [ -z "${t}" ] || [ -z "${v}" ]; then
    usage
 fi

 # account ID that owns the public images
 AWS_ACCOUNT_ID=${a}
-# mode to run in (either 'cloudformation' or 'terraform')
-MODE=${m}
 # comma-separated list of regions to get and update AMI IDs for
 REGIONS=${r}
 # Teleport AMI type (one of 'oss', 'ent' or 'ent-fips')
@ -78,51 +72,29 @@ for REGION in ${REGIONS//,/ }; do
    IMAGE_IDS[${REGION}]=${IMAGE_ID}
 done

-if [[ "${MODE}" == "cloudformation" ]]; then
-    if [[ "${TYPE}" == "oss" ]]; then
-        CLOUDFORMATION_PATH=../../examples/aws/cloudformation/oss.yaml
-    elif [[ "${TYPE}" == "ent" ]]; then
-        CLOUDFORMATION_PATH=../../examples/aws/cloudformation/ent.yaml
-    elif [[ "${TYPE}" == "ent-fips" ]]; then
-        # Enterprise FIPS deployments using Cloudformation are not currently
-        # supported, pending an update to the Cloudformation scripts.
-        echo "Enterprise FIPS mode is not supported for Cloudformation"
-        exit 4
-    fi
-    # replace AMI ID in place
-    for REGION in ${REGIONS//,/ }; do
-        OLD_AMI_ID=$(grep "${REGION}" "${CLOUDFORMATION_PATH}" | sed -n -E "s/$REGION: \{HVM64 : (ami.*)\}/\1/p" | tr -d " ")
-        NEW_AMI_ID=${IMAGE_IDS[$REGION]}
-        sed -i -E "s/$REGION: \{HVM64 : ami(.*)\}$/$REGION: \{HVM64 : $NEW_AMI_ID\}/g" ${CLOUDFORMATION_PATH}
-        echo "[${TYPE}: ${REGION}] ${OLD_AMI_ID} -> ${NEW_AMI_ID}"
-    done
-    # update version number
-    sed -i -E "s/# All AMIs from AWS - gravitational-teleport-ami-(.*)/# All AMIs from AWS - gravitational-teleport-ami-${TYPE}-${VERSION}/g" ${CLOUDFORMATION_PATH}
-elif [[ "${MODE}" == "terraform" ]]; then
-    TERRAFORM_SUBDIR="../../examples/aws/terraform"
-    TERRAFORM_PATH="${TERRAFORM_SUBDIR}/AMIS.md"
-    # get a list of non-hidden directories one level under the terraform directory (one for each of our different terraform modes)
-    pushd ${TERRAFORM_SUBDIR}
-    TERRAFORM_MODES="$(find . -mindepth 1 -maxdepth 1 -type d -not -path '*/\.*' -printf '%P\n' | xargs)"
-    popd
-    if [[ "${TYPE}" == "oss" ]]; then
-        TYPE_STRING="OSS"
-    elif [[ "${TYPE}" == "ent" ]]; then
-        TYPE_STRING="Enterprise"
-    elif [[ "${TYPE}" == "ent-fips" ]]; then
-        TYPE_STRING="Enterprise FIPS"
-    fi
-    # change version numbers in TF_VAR_ami_name strings
-    # shellcheck disable=SC2086
-    for MODE in ${TERRAFORM_MODES}; do
-        echo "Updating version in README for ${MODE}"
-        sed -i -E "s/gravitational-teleport-ami-${TYPE}-([0-9.]+)/gravitational-teleport-ami-${TYPE}-${VERSION}/g" "${TERRAFORM_SUBDIR}/${MODE}/README.md"
-    done
-    # replace AMI ID in place
-    for REGION in ${REGIONS//,/ }; do
-        OLD_AMI_ID=$(grep -E "# $REGION v(.*) ${TYPE_STRING}" $TERRAFORM_PATH | sed -n -E "s/# $REGION v(.*) ${TYPE_STRING}: (ami.*)/\2/p" | tr -d " ")
-        NEW_AMI_ID=${IMAGE_IDS[$REGION]}
-        sed -i -E "s/^# $REGION v(.*) ${TYPE_STRING}: ami(.*)$/# $REGION v${VERSION} ${TYPE_STRING}: $NEW_AMI_ID/g" ${TERRAFORM_PATH}
-        echo "[${TYPE}: ${REGION}] ${OLD_AMI_ID} -> ${NEW_AMI_ID}"
-    done
+TERRAFORM_SUBDIR="../../examples/aws/terraform"
+TERRAFORM_PATH="${TERRAFORM_SUBDIR}/AMIS.md"
+# get a list of non-hidden directories one level under the terraform directory (one for each of our different terraform modes)
+pushd ${TERRAFORM_SUBDIR}
+TERRAFORM_MODES="$(find . -mindepth 1 -maxdepth 1 -type d -not -path '*/\.*' -printf '%P\n' | xargs)"
+popd
+if [[ "${TYPE}" == "oss" ]]; then
+    TYPE_STRING="OSS"
+elif [[ "${TYPE}" == "ent" ]]; then
+    TYPE_STRING="Enterprise"
+elif [[ "${TYPE}" == "ent-fips" ]]; then
+    TYPE_STRING="Enterprise FIPS"
 fi
+# change version numbers in TF_VAR_ami_name strings
+# shellcheck disable=SC2086
+for MODE in ${TERRAFORM_MODES}; do
+     echo "Updating version in README for ${MODE}"
+     sed -i -E "s/gravitational-teleport-ami-${TYPE}-([0-9.]+)/gravitational-teleport-ami-${TYPE}-${VERSION}/g" "${TERRAFORM_SUBDIR}/${MODE}/README.md"
+done
+# replace AMI ID in place
+for REGION in ${REGIONS//,/ }; do
+     OLD_AMI_ID=$(grep -E "# $REGION v(.*) ${TYPE_STRING}" $TERRAFORM_PATH | sed -n -E "s/# $REGION v(.*) ${TYPE_STRING}: (ami.*)/\2/p" | tr -d " ")
+     NEW_AMI_ID=${IMAGE_IDS[$REGION]}
+     sed -i -E "s/^# $REGION v(.*) ${TYPE_STRING}: ami(.*)$/# $REGION v${VERSION} ${TYPE_STRING}: $NEW_AMI_ID/g" ${TERRAFORM_PATH}
+     echo "[${TYPE}: ${REGION}] ${OLD_AMI_ID} -> ${NEW_AMI_ID}"
+done
--- a/examples/aws/terraform/AMIS.md
+++ b/examples/aws/terraform/AMIS.md
@ -6,65 +6,65 @@ is updated when new AMI versions are released.
 ### OSS

 ```
-# eu-north-1 v11.2.1 OSS: ami-0aa32448011d21daa
-# ap-south-1 v11.2.1 OSS: ami-0b5af9873fbbc0d5b
-# eu-west-1 v11.2.1 OSS: ami-060d6a9b73715ccae
-# eu-west-2 v11.2.1 OSS: ami-0fbe8cb2438e8f894
-# eu-west-3 v11.2.1 OSS: ami-0ab0b9ccc2bca36dd
-# ap-northeast-1 v11.2.1 OSS: ami-071c7ecd75607a0c1
-# ap-northeast-2 v11.2.1 OSS: ami-0265b754f6e49372c
-# ap-northeast-3 v11.2.1 OSS: ami-06421346bad9886c8
-# sa-east-1 v11.2.1 OSS: ami-0b06afcf0fade127e
-# ca-central-1 v11.2.1 OSS: ami-0c0dbaf70a80ac000
-# ap-southeast-1 v11.2.1 OSS: ami-068b8888580d6f4d9
-# ap-southeast-2 v11.2.1 OSS: ami-0c869ece8772db4ea
-# eu-central-1 v11.2.1 OSS: ami-00a7e481b0640d69a
-# us-east-1 v11.2.1 OSS: ami-07e4b9bc8c835b6e3
-# us-east-2 v11.2.1 OSS: ami-0c172ff8752585ce0
-# us-west-1 v11.2.1 OSS: ami-059c8e8146896d814
-# us-west-2 v11.2.1 OSS: ami-01df09166f7b4c020
+# eu-north-1 v11.2.2 OSS: ami-0c851105c3986f7f1
+# ap-south-1 v11.2.2 OSS: ami-09de33c07393c1a7a
+# eu-west-1 v11.2.2 OSS: ami-06815d0a95ca7cf06
+# eu-west-2 v11.2.2 OSS: ami-0ad0cf8b038218e97
+# eu-west-3 v11.2.2 OSS: ami-008e4686033ef0d48
+# ap-northeast-1 v11.2.2 OSS: ami-0c6f43f172911a009
+# ap-northeast-2 v11.2.2 OSS: ami-06e832811e86939d5
+# ap-northeast-3 v11.2.2 OSS: ami-072c7e5772c34a2c4
+# sa-east-1 v11.2.2 OSS: ami-07685856e94535bc4
+# ca-central-1 v11.2.2 OSS: ami-074d078b49c9afcf6
+# ap-southeast-1 v11.2.2 OSS: ami-0d6474f832328f797
+# ap-southeast-2 v11.2.2 OSS: ami-08a1eea1b2acefa43
+# eu-central-1 v11.2.2 OSS: ami-0bb7d39643a56be29
+# us-east-1 v11.2.2 OSS: ami-070433cdf086d4b1d
+# us-east-2 v11.2.2 OSS: ami-0080b94ee03a340d3
+# us-west-1 v11.2.2 OSS: ami-031145356b7abb6e3
+# us-west-2 v11.2.2 OSS: ami-04c8949ca8ecde91e
 ```

 ### Enterprise

 ```
-# eu-north-1 v11.2.1 Enterprise: ami-092a894a9f62e06dc
-# ap-south-1 v11.2.1 Enterprise: ami-0f853fa8cd84627df
-# eu-west-1 v11.2.1 Enterprise: ami-03b4ce8d90639774d
-# eu-west-2 v11.2.1 Enterprise: ami-08d415ccb902c56d4
-# eu-west-3 v11.2.1 Enterprise: ami-0f1a3a8ceeca3ebdd
-# ap-northeast-1 v11.2.1 Enterprise: ami-08659c5f6cbb49edd
-# ap-northeast-2 v11.2.1 Enterprise: ami-07d7a9f750de06647
-# ap-northeast-3 v11.2.1 Enterprise: ami-0e98cdb93fb308b21
-# sa-east-1 v11.2.1 Enterprise: ami-0c8479b62ba6ee0d7
-# ca-central-1 v11.2.1 Enterprise: ami-0c2f0f53673145c85
-# ap-southeast-1 v11.2.1 Enterprise: ami-0c3ae9c57460a4336
-# ap-southeast-2 v11.2.1 Enterprise: ami-0e35f53977c167189
-# eu-central-1 v11.2.1 Enterprise: ami-0f343ecb19c6bf618
-# us-east-1 v11.2.1 Enterprise: ami-01d77bebfb9dcfc9e
-# us-east-2 v11.2.1 Enterprise: ami-0d546a6aadae15be1
-# us-west-1 v11.2.1 Enterprise: ami-05b43c3d227ff3c6d
-# us-west-2 v11.2.1 Enterprise: ami-044435dae6a21d224
+# eu-north-1 v11.2.2 Enterprise: ami-0c21260b9253591e6
+# ap-south-1 v11.2.2 Enterprise: ami-087f13674211acdf7
+# eu-west-1 v11.2.2 Enterprise: ami-083708e9ecb365def
+# eu-west-2 v11.2.2 Enterprise: ami-09423301c4a887606
+# eu-west-3 v11.2.2 Enterprise: ami-0bacec7537eb510b4
+# ap-northeast-1 v11.2.2 Enterprise: ami-043801c478eb7f053
+# ap-northeast-2 v11.2.2 Enterprise: ami-04f4d59aa925fbeeb
+# ap-northeast-3 v11.2.2 Enterprise: ami-0f425dca3400e3803
+# sa-east-1 v11.2.2 Enterprise: ami-0c6d5566f50628cb6
+# ca-central-1 v11.2.2 Enterprise: ami-02d74c8e9cf13c513
+# ap-southeast-1 v11.2.2 Enterprise: ami-093e37cb80b7cf9de
+# ap-southeast-2 v11.2.2 Enterprise: ami-026c482d589c45c55
+# eu-central-1 v11.2.2 Enterprise: ami-0ea403e9f620ce056
+# us-east-1 v11.2.2 Enterprise: ami-0be0118d5c4e1f57a
+# us-east-2 v11.2.2 Enterprise: ami-0b96cfec26b745059
+# us-west-1 v11.2.2 Enterprise: ami-08a46487728892243
+# us-west-2 v11.2.2 Enterprise: ami-065f25af33b828b17
 ```

 ### Enterprise FIPS

 ```
-# eu-north-1 v11.2.1 Enterprise FIPS: ami-00b8b982d59e2df89
-# ap-south-1 v11.2.1 Enterprise FIPS: ami-0f8bbe3441169c942
-# eu-west-1 v11.2.1 Enterprise FIPS: ami-0fdcb8cfe8a558951
-# eu-west-2 v11.2.1 Enterprise FIPS: ami-0fc471582ebfe6e7d
-# eu-west-3 v11.2.1 Enterprise FIPS: ami-028e581bc09203025
-# ap-northeast-1 v11.2.1 Enterprise FIPS: ami-04077addf7f9d3ecd
-# ap-northeast-2 v11.2.1 Enterprise FIPS: ami-0142b3fde19937afe
-# ap-northeast-3 v11.2.1 Enterprise FIPS: ami-067f76f0c700ccc1a
-# sa-east-1 v11.2.1 Enterprise FIPS: ami-01478e374c52db331
-# ca-central-1 v11.2.1 Enterprise FIPS: ami-08232f88951493140
-# ap-southeast-1 v11.2.1 Enterprise FIPS: ami-00c2e36bb4144e7b2
-# ap-southeast-2 v11.2.1 Enterprise FIPS: ami-0eae042c38cdf1582
-# eu-central-1 v11.2.1 Enterprise FIPS: ami-0c8853e6dc2baa0fb
-# us-east-1 v11.2.1 Enterprise FIPS: ami-0183d527cedfa27b0
-# us-east-2 v11.2.1 Enterprise FIPS: ami-0aaa5ad01061a9ae3
-# us-west-1 v11.2.1 Enterprise FIPS: ami-0e22e2a7c7d421bf1
-# us-west-2 v11.2.1 Enterprise FIPS: ami-001176d919af8552a
+# eu-north-1 v11.2.2 Enterprise FIPS: ami-02e0bd3579c79eafe
+# ap-south-1 v11.2.2 Enterprise FIPS: ami-0eaa2e192b76c624b
+# eu-west-1 v11.2.2 Enterprise FIPS: ami-07a6ef1d17c56d853
+# eu-west-2 v11.2.2 Enterprise FIPS: ami-06dd9b84f0ec249d9
+# eu-west-3 v11.2.2 Enterprise FIPS: ami-053b818996abee59f
+# ap-northeast-1 v11.2.2 Enterprise FIPS: ami-0903966e3575d5053
+# ap-northeast-2 v11.2.2 Enterprise FIPS: ami-03118497c54092dbf
+# ap-northeast-3 v11.2.2 Enterprise FIPS: ami-0c8c7bea9a9651086
+# sa-east-1 v11.2.2 Enterprise FIPS: ami-07ba02a04b8c4f23f
+# ca-central-1 v11.2.2 Enterprise FIPS: ami-089a696a015a53bf5
+# ap-southeast-1 v11.2.2 Enterprise FIPS: ami-0bc1c4ad0b0c60a65
+# ap-southeast-2 v11.2.2 Enterprise FIPS: ami-0cc4f3da550543d9a
+# eu-central-1 v11.2.2 Enterprise FIPS: ami-0ae8df49711d11a33
+# us-east-1 v11.2.2 Enterprise FIPS: ami-07dcfa61708f97fcc
+# us-east-2 v11.2.2 Enterprise FIPS: ami-044098573bce4dde5
+# us-west-1 v11.2.2 Enterprise FIPS: ami-01eb54b899af8d414
+# us-west-2 v11.2.2 Enterprise FIPS: ami-07d79f27436274ab0
 ```
--- a/examples/aws/terraform/ha-autoscale-cluster/README.md
+++ b/examples/aws/terraform/ha-autoscale-cluster/README.md
@ -45,7 +45,7 @@ export TF_VAR_cluster_name="teleport.example.com"
 # OSS: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-oss*'
 # Enterprise: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-ent*'
 # FIPS 140-2 images are also available for Enterprise customers, look for '-fips' on the end of the AMI's name
-export TF_VAR_ami_name="gravitational-teleport-ami-ent-11.2.1"
+export TF_VAR_ami_name="gravitational-teleport-ami-ent-11.2.2"

 # AWS SSH key name to provision in installed instances, should be available in the region
 export TF_VAR_key_name="example"
--- a/examples/aws/terraform/starter-cluster/README.md
+++ b/examples/aws/terraform/starter-cluster/README.md
@ -86,7 +86,7 @@ TF_VAR_license_path ?= "/path/to/license"
 # OSS: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-oss*'
 # Enterprise: aws ec2 describe-images --owners 126027368216 --filters 'Name=name,Values=gravitational-teleport-ami-ent*'
 # FIPS 140-2 images are also available for Enterprise customers, look for '-fips' on the end of the AMI's name
-TF_VAR_ami_name ?= "gravitational-teleport-ami-ent-11.2.1"
+TF_VAR_ami_name ?= "gravitational-teleport-ami-ent-11.2.2"

 # Route 53 hosted zone to use, must be a root zone registered in AWS, e.g. example.com
 TF_VAR_route53_zone ?= "example.com"