AWS SSM Parameters

Share
Share

Referencing SUSE Images in AWS Parameter Store

Thanks to the AWS Systems Manager Parameter Store it is now easier to reference the latest SUSE images in AWS. SUSE image information still exists in the Public cloud INformation Tracker (pint) tool as mentioned in the “Riddle me this” blog post. That being said, the goal here is to make it easier for you to find and use the most up-to-date versions of SUSE images in EC2.

If you are not familiar with the Parameter Store it provides hierarchical storage for config data, strings, and other values. As well as being used for storing private information the parameter store provides a public namespace for SUSE, /aws/service/suse, which is now being leveraged to provide the latest image id’s for all active SUSE images.

As it was discussed in the “Life Cycle” blog post all active images get refreshed at least every three months. This can happen more frequently if any security issue comes up. Given the AMI (image) id’s are different in every region and there’s a constant flow of new images it can be difficult to follow the bouncing ball.

 

SUSE Public Parameters

To make this easier, especially in automation workflows or in scripts you can now reference a single parameter which will always point to the latest image. The name of the parameter is based on the offer type, sku and architecture. The format for these parameters is as follows:

/aws/service/suse/{offer}/{sku}/{architecture}/latest

For example, the image id for the most recent version of SLES BYOS 15-SP2 is stored in the following namespace:

/aws/service/suse/sles-byos/15-sp2/x86_64/latest

 

SUSE Offers

As mentioned this is now available for most SUSE offers. This currently includes (not limited to):

sles
sles-byos
manager-proxy-byos
manager-server-byos
sles-sapcal
sles-sap-byos
sles-hpc
sles-ecs

Also, the available skus include (not limited to):

12-sp5
15-sp4
4.3 (SUSE Manager)

Combining these, along with the desired architecture will produce the parameter name or namespace:

SLES 12-SP5 x86_64:      /aws/service/suse/sles/12-sp5/x86_64/latest
SLES 15-SP2 arm64:       /aws/service/suse/sles/15-sp2/arm64/latest
SLES 12-SP5 BYOS x86_64: /aws/service/suse/sles-byos/12-sp5/x86_64/latest
SUSE Manager Proxy 4.1:  /aws/service/suse/manager-proxy-byos/4.1/x86_64/latest
SLES SAP 12-SP5 x86_64:  /aws/service/suse/sles-sap/12-sp5/x86_64/latest
SLES HPC 15-SP2 x86_64:  /aws/service/suse/sles-hpc/15-sp2/x86_64/latest

To see all the available parameters in the SUSE namespace see the AWS CLI section below. This will be available for most new images. For example when the new images are released for a new sku such as 15-sp4, the latest SLES-BYOS image will be SLES 15-SP4 BYOS and the x86_64 image id will map to /aws/service/suse/sles-byos/15-sp4/x86_64/latest.

Note that all SUSE offers support x86_64 architecture. Additionally, arm64 based images exist for both the SLES and SLES BYOS images. Also, keep in mind that the image id’s are region specific thus the parameter value differs in every region for a given image.

With this all in mind you may be wondering how you can take advantage of the new information. Below are a few examples of how to get a specific image id through either AWS CLI or Python Boto3 SDK.


Using AWS CLI to Retrieve Parameters

To get the parameter information for a given image you can use the AWS CLI. To see what parameters are available in the SUSE namespace run the following AWS CLI command:

> aws ssm get-parameters-by-path --path /aws/service/suse --recursive --query 'Parameters[].Name'
[
    "/aws/service/suse/manager-proxy-byos/4.1/x86_64/latest",
    "/aws/service/suse/manager-proxy-byos/4.2/x86_64/latest",
    "/aws/service/suse/manager-proxy-byos/4.3/x86_64/latest",
    ...
]

With a chosen parameter you can get the data and AMI ID with the following command:

> aws ssm get-parameter --name "/aws/service/suse/sles-byos/15-sp2/x86_64/latest"
{
  "Parameter": {
    "Name": "/aws/service/suse/sles-byos/15-sp2/x86_64/latest",
    "Type": "String",
    "Value": "ami-071cda9799ca72a8d",
    "Version": 1,
    "LastModifiedDate": 1623786505.796,
    "ARN": "arn:aws:ssm:us-east-2::parameter/aws/service/suse/sles-byos/15-sp2/x86_64/latest",
    "DataType": "aws:ec2:image"
  }
}

The example above assumes that you have AWS CLI configured to return json formatted results (–output json) and it’s using the us-east-2 region (–region us-east-2). Since the images have different id’s in every region each parameter is region specific. To get the image id for the same image in us-east-1 you can provide the region option as part of the command:

> aws --region us-east-1 ssm get-parameter --name "/aws/service/suse/sles-byos/15-sp2/x86_64/latest"
{
  "Parameter": {
    "Name": "/aws/service/suse/sles-byos/15-sp2/x86_64/latest",
    "Type": "String",
    "Value": "ami-08fba030012141602",
    "Version": 1,
    "LastModifiedDate": 1623786505.503,
    "ARN": "arn:aws:ssm:us-east-1::parameter/aws/service/suse/sles-byos/15-sp2/x86_64/latest",
    "DataType": "aws:ec2:image"
  }
}

If you are using json output the value of the image id can be parsed using a tool like jq:

> aws ssm get-parameter --name "/aws/service/suse/sles-byos/15-sp2/x86_64/latest" | jq --raw-output '.Parameter.Value'
ami-071cda9799ca72a8d

To simplify usage you could create a shell function like the following:

get-latest-ami() {
  P=$(aws ssm get-parameter --name "/aws/service/suse/$1/latest" | jq -r '.Parameter.Value')
  echo "$P"
}
> get-latest-ami "sles-byos/15-sp2/x86_64"
ami-071cda9799ca72a8d

Using Boto3 and Python to Retrieve Parameters

Another option you can use for retrieving the parameters from AWS Systems Manager could be with Python and Boto3:

param_name = '/aws/service/suse/sles-byos/15-sp2/x86_64/latest'

client = boto3.client(
  service_name='ssm',
  region_name='us-east-2'
)
param = client.get_parameter(Name=param_name)

return param['Parameter']['Value']

This would return the id for the most recent SLES BYOS image in the us-east-2 region.


Of course you are not limited to the CLI or Python. You can retrieve the parameters from any of the AWS SDK’s. They can also be found through the web console.

One last thing to reiterate is that these parameters are dynamic. As the images get refreshed the value of each parameter will change to the new image id. Keep this mind when using the parameters as the values will be frequently changing.

We hope this new information will make your life easier and ensure you are always running the most up-to-date SUSE images.

Share
(Visited 36 times, 1 visits today)
Avatar photo
8,691 views