Introduction
Rocky Linux 9 is a bug-by-bug clone of Red Hat Enterprise Linux 9 (RHEL 9). We generally recommend using RHEL 9 for mission-critical workloads, but for less important services Rocky Linux 9 is a very good choice if you're in the Red Hat land already. Official Rocky images are only available in AWS Marketplace, which complicates things when you need to programmatically determine the latest version. This is a common requirement when you do infrastructure as code, for example with Ansible, Terraform or Packer. Although we speak of latest Rocky Linux AMI here, everything in here is applicable for any other AWS Marketplace images, for example Alma Linux.
Step 1: Get AWS Marketplace AWS Marketplace account
As we mentioned above, Rocky Linux is only available in AWS Marketplace. Therefore the it is the AWS Marketplace AWS account that "owns" the Rocky Linux AMIs. That AWS account happens to be 679593333241. That said, you can get the owner of any other AMI following this procedure:
- Launch an EC2 instance from the AMI using the AWS Console
- Copy the AMI ID
- Run aws ec2 describe-images --image-ids <ami-id> --region <your-region>
- Get the value of OwnerId
Step 2: Test with aws command-line tool
The next most reasonable step is to build your filters with the aws command-line tool. You can check the EC2 instance you launched earlier to get started. At the time of writing the "AMI Name" for Rocky Linux 9 is "Rocky-9-EC2-Base-9.5-20241118.0.x86_64-3f230a17-9877-4b16-aa5e-b1ff34ab206b". That's a good start which we can convert to a command-line:
aws ec2 describe-images \
--owners=679593333241 \
--filters "Name=name,Values=Rocky-9-EC2-Base-9.5-*x86_64*"
This would actually be enough to get the correct AMI. However, we prefer using both belt and suspenders, so we add a couple of additional filters:
aws ec2 describe-images \
--owners=679593333241 \
--filters \
"Name=name,Values=Rocky-9-EC2-Base-9.5-*x86_64*" \
"Name=architecture,Values=x86_64" \
"Name=root-device-type,Values=ebs" \
"Name=virtualization-type,Values=hvm"
We're careful because the command must always output a single AMI object in our particular use-case. Take care that you use valid filter names - they are available on this page.
Step 3: Using latest Rocky Linux AMI filters in infrastructure as code tools
Once you have constructed a working filter converting it into infrastructure code is pretty trivial. For example in Ansible the resulting code would look like this:
tasks:
- name: "Get matching AMI"
amazon.aws.ec2_ami_info:
owners:
- 679593333241
filters:
name: "Rocky-9-EC2-Base-9.5-*x64_64*"
architecture: x86_64
root-device-type: ebs
virtualization-type: hvm
register: ami
- name: Add extra facts
ansible.builtin.set_fact:
latest_ami: "{{ ami.images[-1].image_id }}"
In Packer you'd use a data source like this:
data "aws-ami" "rocky_9_amd64" {
filters = {
name = "Rocky-9-EC2-Base-9.5-*x64_64*"
architecture = "x86_64"
root-device-type = "ebs"
virtualization-type = "hvm"
}
most_recent = true
owners = ["679593333241"]
region = "us-east-1"
}
In Terraform you'd have something similar:
data "aws_ami" "example" {
filter {
name = "name"
values = ["Rocky-9-EC2-Base-9.5-*x64_64*"]
}
filter {
name = "architecture"
values = ["x86_64"]
}
filter {
name = "root-device-type"
values = ["ebs"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
most_recent = true
owners = ["679593333241"]
}
Note that you may need to Subscribe to the Rocky Linux 9 Marketplace product before you can create images out of its AMIs.