Dynamically updating the Amazon Machine Image

You need the capability to update the Amazon Machine Image (AMI) to prevent potential problems running workloads on an old AMI. You can update the AMI of the Cloudformation stack while keeping the current Elastic Kubernetes Service (EKS) version.

You must meet the following prerequisites to get dynamic updates:

You are running release 1.7.1-TBD (released August, 2023), which supports this feature.

You must add the following IAM roles to your cross account role:

{
    "Sid": "AllowSsmParams",
    "Effect": "Allow",
    "Action": [
        "ssm:DescribeParameters",
        "ssm:GetParameter",
        "ssm:GetParameters",
        "ssm:GetParameterHistory",
        "ssm:GetParametersByPath"
    ],
    "Resource": [
        "arn:aws:ssm:*:*:parameter/aws/service/eks/optimized-ami/*"
    ]
}

This action creates and upgrades DWX stacks with read permissions on AWS Systems Manager (SSM). The SSM parameter in the Cloudformation dwx-stack template obtains the latest AMI to use for your EKS version.

If you use reduced permissions mode, you must update the following fields of the stack template while performing a Kubernetes version upgrade:
- EksBaseVersion - The value of this parameter must be the next upgrade version of kubernetes.
- EksImageSSMParam - The value of this parameter must be formatted as follows:/aws/service/eks/optimized-ami/<K8s-version>/amazon-linux-2/recommended/image_id
  Update only the K8s-version of EksImageSSMParam. For example:
  - Old value
    /aws/service/eks/optimized-ami/1.21/amazon-linux-2/recommended/image_id
  - New value
    /aws/service/eks/optimized-ami/1.22/amazon-linux-2/recommended/image_id

Log into the AWS Management Console.
From the list of stacks, select the running CloudFormation stack.
In the stack details pane, click Update.
A new AMI, if available, will be applied in the stack update.