cloudposse · Nuru · Jun 17, 2024 · Jun 10, 2024 · Jun 10, 2024 · Jun 10, 2024
@@ -1,80 +1,73 @@
 
-locals {
-  # "amazon-eks-gpu-node-",
-  arch_label_map = {
-    AL2_x86_64                 = "",
-    AL2_x86_64_GPU             = "-gpu",
-    AL2_ARM_64                 = "-arm64",
-    BOTTLEROCKET_x86_64        = "x86_64",
-    BOTTLEROCKET_ARM_64        = "aarch64"
-    BOTTLEROCKET_ARM_64_NVIDIA = "-gpu"
-    BOTTLEROCKET_x86_64_NVIDIA = "-gpu"
-    WINDOWS_CORE_2019_x86_64   = ""
-    WINDOWS_FULL_2019_x86_64   = ""
-    WINDOWS_CORE_2022_x86_64   = ""
-    WINDOWS_FULL_2022_x86_64   = ""
-  }
+# Previously, we found AMIs by using the aws_ami data source with a name_regex filter
+# and `most_recent = true`. Unfortunately, `most_recent` means most recently created,
+# and may not be the most recent Kubernetes version if, for example, a previous version
+# had a new `eksbuild`. So instead, we now use the AMI IDs published in SSM.
+# See https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
+#     https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id-bottlerocket.html
 
-  ami_kind = split("_", var.ami_type)[0] != "WINDOWS" ? split("_", var.ami_type)[0] : format("WINDOWS_%s_%s", split("_", var.ami_type)[1], split("_", var.ami_type)[2])
+# Amazon Linux: https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
+# aws ssm get-parameter --name /aws/service/eks/optimized-ami/1.30/amazon-linux-2/recommended/image_id \
+#                --query "Parameter.Value" --output text
+# Bottlerocket https://github.com/bottlerocket-os/bottlerocket/blob/develop/QUICKSTART-EKS.md#finding-an-ami
+# aws ssm get-parameter --name /aws/service/bottlerocket/aws-k8s-1.30/x86_64/latest/image_id \
+#                --query "Parameter.Value" --output text
+# Windows: https://docs.aws.amazon.com/eks/latest/userguide/retrieve-windows-ami-id.html
+# aws ssm get-parameter --name /aws/service/ami-windows-latest/Windows_Server-2019-English-Core-EKS_Optimized-1.30/image_id \
+#                --region region-code --query "Parameter.Value" --output text
 
-  ami_format = {
-    # amazon-eks{arch_label}-node-{ami_kubernetes_version}-v{ami_version}
-    # e.g. amazon-eks-arm64-node-1.21-v20211013
-    AL2 = "amazon-eks%s-node-%s"
-    # bottlerocket-aws-k8s-{ami_kubernetes_version}-{arch_label}-v{ami_version}
-    # e.g. bottlerocket-aws-k8s-1.21-x86_64-v1[2].0-ccf1b754
-    BOTTLEROCKET = "bottlerocket-aws-k8s-%s-%s-%s"
-    # Windows_Server-2019-English-Core-EKS_Optimized-{ami_kubernetes_version}-{ami_version}
-    # e.g. Windows_Server-2019-English-Core-EKS_Optimized-1.23-2022.11.08
-    WINDOWS_CORE_2019 = "Windows_Server-2019-English-Core-EKS_Optimized-%s-%s"
-    WINDOWS_FULL_2019 = "Windows_Server-2019-English-Full-EKS_Optimized-%s-%s"
-    WINDOWS_CORE_2022 = "Windows_Server-2022-English-Core-EKS_Optimized-%s-%s"
-    WINDOWS_FULL_2022 = "Windows_Server-2022-English-Full-EKS_Optimized-%s-%s"
-  }
 
-  # Kubernetes version priority (first one to be set wins)
-  # 1. prefix of var.ami_release_version
-  # 2. var.kubernetes_version
-  # 3. data.eks_cluster.this.kubernetes_version
-  need_cluster_kubernetes_version = local.enabled ? local.need_ami_id && length(var.kubernetes_version) == 0 : false
+locals {
+  # Public SSM parameters all start with /aws/service/
 
-  use_cluster_kubernetes_version = local.need_cluster_kubernetes_version && (local.ami_kind == "BOTTLEROCKET" || length(var.ami_release_version) == 0)
+  # format string that makes
+  #    format(fmt, specifier, k8s_version) the SSM parameter name to retrieve
 
-  ami_kubernetes_version = local.need_ami_id ? (local.use_cluster_kubernetes_version ? data.aws_eks_cluster.this[0].version :
-    regex("^(\\d+\\.\\d+)", coalesce(local.ami_kind == "AL2" ? try(var.ami_release_version[0], null) : null, try(var.kubernetes_version[0], null)))[0]
-  ) : ""
+  ami_ssm_format = {
+    AL2_x86_64                 = "/aws/service/eks/optimized-ami/%[2]v/amazon-linux-2/%[1]v/image_id"
+    AL2_x86_64_GPU             = "/aws/service/eks/optimized-ami/%[2]v/amazon-linux-2-gpu/%[1]v/image_id"
+    AL2_ARM_64                 = "/aws/service/eks/optimized-ami/%[2]v/amazon-linux-2-arm64/%[1]v/image_id"
+    AL2023_x86_64_STANDARD     = "/aws/service/eks/optimized-ami/%[2]v/amazon-linux-2023/x86_64/standard/%[1]v/image_id"
+    AL2023_ARM_64_STANDARD     = "/aws/service/eks/optimized-ami/%[2]v/amazon-linux-2023/arm64/standard/%[1]v/image_id"
+    BOTTLEROCKET_x86_64        = "/aws/service/bottlerocket/aws-k8s-%[2]v/x86_64/%[1]v/image_id"
+    BOTTLEROCKET_ARM_64        = "/aws/service/bottlerocket/aws-k8s-%[2]v/arm64/%[1]v/image_id"
+    BOTTLEROCKET_x86_64_NVIDIA = "/aws/service/bottlerocket/aws-k8s-%[2]v-nvidia/x86_64/%[1]v/image_id"
+    BOTTLEROCKET_ARM_64_NVIDIA = "/aws/service/bottlerocket/aws-k8s-%[2]v-nvidia/arm64/%[1]v/image_id"
+    WINDOWS_CORE_2019_x86_64   = "/aws/service/ami-windows-latest/Windows_Server-2019-English-Core-EKS_Optimized-%[2]v/image_id"
+    WINDOWS_FULL_2019_x86_64   = "/aws/service/ami-windows-latest/Windows_Server-2019-English-Full-EKS_Optimized-%[2]v/image_id"
+    WINDOWS_CORE_2022_x86_64   = "/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-EKS_Optimized-%[2]v/image_id"
+    WINDOWS_FULL_2022_x86_64   = "/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-EKS_Optimized-%[2]v/image_id"
+  }
+
+  # AMI specifiers
+  # AL2
+  #   AMI name:      amazon-eks-node-1.29-v20240117
+  #   AMI SSM param: /aws/service/eks/optimized-ami/1.29/amazon-linux-2/amazon-eks-node-1.29-v20240117/image_id
+  # AL2023
+  #   AMI name:      amazon-eks-node-al2023-arm64-standard-1.29-v20240605
+  #   AMI SSM param: /aws/service/eks/optimized-ami/1.29/amazon-linux-2023/x86_64/standard/amazon-eks-node-al2023-x86_64-standard-1.29-v20240605/image_id
+  # Bottlerocket:
+  #   AMI name:      bottlerocket-aws-k8s-1.24-nvidia-x86_64-v1.20.1-7c3e9198
+  #   AMI SSM param: bottlerocket/aws-k8s-1.24-nvidia/x86_64/1.20.1-7c3e9198/image_id # No "v"
+  ami_specifier = var.ami_specifier == "recommended" && startswith(var.ami_type, "BOTTLEROCKET") ? "latest" : var.ami_specifier
 
-  # if ami_release_version is provided
-  ami_version_regex = local.need_ami_id ? {
-    # if ami_release_version = "1.21-20211013"
-    #   insert the letter v prior to the ami_version so it becomes 1.21-v20211013
-    # if not, use the kubernetes version
-    AL2 = (length(var.ami_release_version) == 1 ? replace(var.ami_release_version[0], "/^(\\d+\\.\\d+)\\.\\d+-(\\d+)$/", "$1-v$2") : "${local.ami_kubernetes_version}-*"),
-    # if ami_release_version = "1.2.0-ccf1b754"
-    #   prefix the ami release version with the letter v
-    # if not, use an asterisk
-    BOTTLEROCKET      = (length(var.ami_release_version) == 1 ? format("v%s", var.ami_release_version[0]) : "*"),
-    WINDOWS_CORE_2019 = (length(var.ami_release_version) == 1 ? format("%s", var.ami_release_version[0]) : "*"),
-    WINDOWS_FULL_2019 = (length(var.ami_release_version) == 1 ? format("%s", var.ami_release_version[0]) : "*"),
-    WINDOWS_CORE_2022 = (length(var.ami_release_version) == 1 ? format("%s", var.ami_release_version[0]) : "*"),
-    WINDOWS_FULL_2022 = (length(var.ami_release_version) == 1 ? format("%s", var.ami_release_version[0]) : "*"),
-  } : {}
+  # Kubernetes version priority (first one to be set wins)
+  # 1. var.kubernetes_version
+  # 2. data.eks_cluster.this.kubernetes_version
+  use_cluster_kubernetes_version  = local.enabled ? local.need_ami_id && length(var.kubernetes_version) == 0 : false
+  need_cluster_kubernetes_version = local.use_cluster_kubernetes_version
 
-  ami_regex = local.need_ami_id ? {
-    AL2               = format(local.ami_format["AL2"], local.arch_label_map[var.ami_type], local.ami_version_regex[local.ami_kind]),
-    BOTTLEROCKET      = format(local.ami_format["BOTTLEROCKET"], local.ami_kubernetes_version, local.arch_label_map[var.ami_type], local.ami_version_regex[local.ami_kind]),
-    WINDOWS_CORE_2019 = format(local.ami_format["WINDOWS_CORE_2019"], local.ami_kubernetes_version, local.ami_version_regex[local.ami_kind]),
-    WINDOWS_FULL_2019 = format(local.ami_format["WINDOWS_FULL_2019"], local.ami_kubernetes_version, local.ami_version_regex[local.ami_kind]),
-    WINDOWS_CORE_2022 = format(local.ami_format["WINDOWS_CORE_2022"], local.ami_kubernetes_version, local.ami_version_regex[local.ami_kind]),
-    WINDOWS_FULL_2022 = format(local.ami_format["WINDOWS_FULL_2022"], local.ami_kubernetes_version, local.ami_version_regex[local.ami_kind]),
-  } : {}
+  ami_kubernetes_version = local.use_cluster_kubernetes_version ? data.aws_eks_cluster.this[0].version : var.kubernetes_version[0]
 }
 
-data "aws_ami" "selected" {
-  count = local.enabled && local.need_ami_id ? 1 : 0
+data "aws_ssm_parameter" "ami_id" {
+  count = 1 # local.enabled && local.need_ami_id ? 1 : 0
 
-  most_recent = true
-  name_regex  = local.ami_regex[local.ami_kind]
+  name = format(local.ami_ssm_format[var.ami_type], local.ami_specifier, local.ami_kubernetes_version)
+}
 
-  owners = ["amazon"]
+output "ami_ids" {
+  value = {
+    for key, value in data.aws_ssm_parameter.ami_id : key => value.insecure_value
+  }
 }