only use base AL2023 for bastion (#279)

* only use base AL2023 for bastion * use an SSM parameter instead
dominodatalab · Oct 11, 2024 · 6caf724 · 6caf724
1 parent 88e37ed
commit 6caf724
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 15 deletions.
diff --git a/modules/infra/submodules/bastion/README.md b/modules/infra/submodules/bastion/README.md
@@ -38,11 +38,11 @@ No modules.
 | [aws_security_group_rule.bastion_outbound](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule) | resource |
 | [null_resource.install_binaries](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource) | resource |
 | [terraform_data.check_bastion_instance_profile](https://registry.terraform.io/providers/hashicorp/terraform/latest/docs/resources/data) | resource |
-| [aws_ami.al2023](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ami) | data source |
 | [aws_caller_identity.aws_account](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
 | [aws_iam_policy_document.bastion](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_iam_policy_document.bastion_assume_role](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
 | [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
+| [aws_ssm_parameter.al2023_ami](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/ssm_parameter) | data source |
 
 ## Inputs
 

diff --git a/modules/infra/submodules/bastion/main.tf b/modules/infra/submodules/bastion/main.tf
@@ -130,24 +130,13 @@ resource "terraform_data" "check_bastion_instance_profile" {
   depends_on = [aws_iam_instance_profile.bastion]
 }
 
-data "aws_ami" "al2023" {
-  count       = var.bastion.ami_id == null ? 1 : 0
-  most_recent = true
-  owners      = ["amazon"]
-
-  filter {
-    name   = "name"
-    values = ["al2023-ami*"]
-  }
 
-  filter {
-    name   = "architecture"
-    values = ["x86_64"]
-  }
+data "aws_ssm_parameter" "al2023_ami" {
+  name = "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64"
 }
 
 locals {
-  ami_id = var.bastion.ami_id != null ? var.bastion.ami_id : data.aws_ami.al2023[0].id
+  ami_id = var.bastion.ami_id != null ? var.bastion.ami_id : data.aws_ssm_parameter.al2023_ami.value
 }
 
 resource "aws_instance" "bastion" {