Re: Deprecating AMIs for: 6.0.6, 7.1 (pre-ECC hostkey fix)
I can certainly agree with you there Eric.
AWS deregister their MS Windows AMIs regularly without notice (like every 2 months or something). It becomes a management pain and from what I can see there is no changelog or similar, just new dated AMIs even though its likely there was some beneficial updates.
It ironically then feels arbitrary that you are searching under the same AWS account ID for the new AMIs and just choosing them.
Hello AWS employees on this list :)
On Wed, Jul 10, 2013 at 3:03 PM, Eric Hammond <firstname.lastname@example.org>
On 07/09/2013 08:53 PM, Jimmy Kaplowitz wrote:
FWIW, Google deprecates images and kernels in its cloud in a way that's
visible to both users and APIs for a while before removing them, even
when security vulnerabilities exist (of course we fix those in newer
builds and provide release notes). We also have a way for gcutil users
to request the newest squeeze or wheezy image, hide older images for
each version by default, include the image date in the image name, and
sometimes release more than one image revision per Debian release (e.g.
to tune performance or integrate newer Google tools).
It would be great if EC2 could...
- Provide a way to send notices to customers who are running or who
have recently run a specific AMI.
- Provide a way to hide an AMI from general searches, but leave it
available for people to run if they already know the id and
- Provide a way for people to run the "latest" AMI in a "series"
however one wished to define those.
- Provide a way for an AMI publisher to know if the AMI is actively
- Show the date an AMI was created.
...but they don't.
I submitted these requests about 6 years ago back when I was building community Ubuntu AMIs, but they haven't gotten around to implementing them yet :-/
Therefore, you have to make some tough decisions about if and how to phase out AMIs.
It's especially tough since you really can't communicate with the users of your AMIs.
They don't read your documentation, don't subscribe to your mailing lists, don't visit your IRC channels, don't read the motd, and will be very upset when the AMI they have been running their business on for years suddenly disappears with no warning.
My personal decision was to never delete an AMI unless it had a serious known security hole that could be exploited over the network. So, I have many hundreds of public AMIs that people may or may not still be depending on. I hope they are not being used since they are mostly for Ubuntu releases that are past end of life, but I didn't feel comfortable making the decision for them that their business should grind to a halt.
Archive: 51DCEB0E.email@example.com" target="_blank">http://lists.debian.org/51DCEB0E.firstname.lastname@example.org
-- Chris Fordham
Cloud Solutions EngineerRightScale Inc.
Direct: +61 2 9037 2780