To demonstrate how to create an automated periodic AMI replacement pipeline, we have created an example implementation. The source code can be found in a private repository within the Airwalk organization on GitHub here.

The entire environment, including an example VPC and EC2 Auto Scaling Group is defined with Terraform.

The pipeline is triggered by a CloudWatch rule scheduled to run daily, which invokes a Lambda function named ami_pipeline_trigger. This Lambda considers an Auto Scaling Group and assesses whether the AMI specified in the associated Launch Configuration is older than n days. If so, it will trigger an SSM automation named ami-pipeline to build a new image.

The SSM automation contains number of steps:

• start instance with specific AMI ID
• provision software on the instance using an SSM run command
• stop instance
• create image from instance
• terminate instance
• invoke a second lambda function named ami_pipeline to handle the roll out of the newly created AMI

The ami_pipeline Lambda is responsible for updating the Launch Template with newly created AMI ID, then it will attempt roll out it across Auto Scaling Group by terminating one instance at a time, which will then be automatically relaunched by the Auto Scaling Group.