Puppeteers Blog

Getting latest Rocky Linux AMI ID

December 2, 2024 
Image of a mountain composed of alternativing vertical slabs and plateaus.

Introduction

Rocky Linux 9 is a bug-by-bug clone of Red Hat Enterprise Linux 9 (RHEL 9). We generally recommend using RHEL 9 for mission-critical workloads, but for less important services Rocky Linux 9 is a very good choice if you're in the Red Hat land already. Official Rocky images are only available in AWS Marketplace, which complicates things when you need to programmatically determine the latest version. This is a common requirement when you do infrastructure as code, for example with Ansible, Terraform or Packer. Although we speak of latest Rocky Linux AMI here, everything in here is applicable for any other AWS Marketplace images, for example Alma Linux.

Step 1: Get AWS Marketplace AWS Marketplace account

As we mentioned above, Rocky Linux is only available in AWS Marketplace. Therefore the it is the AWS Marketplace AWS account that "owns" the Rocky Linux AMIs. That AWS account happens to be 679593333241. That said, you can get the owner of any other AMI following this procedure:

  1. Launch an EC2 instance from the AMI using the AWS Console
  2. Copy the AMI ID
  3. Run aws ec2 describe-images --image-ids <ami-id> --region <your-region>
  4. Get the value of OwnerId

Step 2: Test with aws command-line tool

The next most reasonable step is to build your filters with the aws command-line tool. You can check the EC2 instance you launched earlier to get started. At the time of writing the "AMI Name" for Rocky Linux 9 is "Rocky-9-EC2-Base-9.5-20241118.0.x86_64-3f230a17-9877-4b16-aa5e-b1ff34ab206b". That's a good start which we can convert to a command-line:

aws ec2 describe-images \
  --owners=679593333241 \
  --filters "Name=name,Values=Rocky-9-EC2-Base-9.5-*x86_64*" 

This would actually be enough to get the correct AMI. However, we prefer using both belt and suspenders, so we add a couple of additional filters:

aws ec2 describe-images \
  --owners=679593333241 \
  --filters \
  "Name=name,Values=Rocky-9-EC2-Base-9.5-*x86_64*" \
  "Name=architecture,Values=x86_64" \
  "Name=root-device-type,Values=ebs" \
  "Name=virtualization-type,Values=hvm"

We're careful because the command must always output a single AMI object in our particular use-case. Take care that you use valid filter names - they are available on this page.

Step 3: Using latest Rocky Linux AMI filters in infrastructure as code tools

Once you have constructed a working filter converting it into infrastructure code is pretty trivial. For example in Ansible the resulting code would look like this:

  tasks:
    - name: "Get matching AMI"
      amazon.aws.ec2_ami_info:
        owners:
          - 679593333241
        filters:
          name: "Rocky-9-EC2-Base-9.5-*x64_64*"
          architecture: x86_64
          root-device-type: ebs
          virtualization-type: hvm
      register: ami

    - name: Add extra facts
      ansible.builtin.set_fact:
        latest_ami: "{{ ami.images[-1].image_id }}"

In Packer you'd use a data source like this:

data "aws-ami" "rocky_9_amd64" {
  filters = {
    name                = "Rocky-9-EC2-Base-9.5-*x64_64*"
    architecture        = "x86_64"
    root-device-type    = "ebs"
    virtualization-type = "hvm"
  }
  most_recent = true
  owners      = ["679593333241"]
  region      = "us-east-1"
}

In Terraform you'd have something similar:

data "aws_ami" "example" {

  filter {
    name   = "name"
    values = ["Rocky-9-EC2-Base-9.5-*x64_64*"]
  }

  filter {
    name   = "architecture"
    values = ["x86_64"]
  }

  filter {
    name   = "root-device-type"
    values = ["ebs"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  most_recent      = true
  owners           = ["679593333241"]
}

Note that you may need to Subscribe to the Rocky Linux 9 Marketplace product before you can create images out of its AMIs.

Samuli Seppänen
Samuli Seppänen
Author archive
menucross-circle