Bastion AMI upgrade information
We’ve been using several bastion clusters in the ECI AWS accounts for a long time. However, most clusters created via Terraform use the default AMI provided by the Terraform module. The default uses an AMI based on Ubuntu-14 which is not supported anymore according to Site infra Golden AMI document.
The recommended version going forward is to use a Bastion AMI based on Ubuntu-20. Here’s a reference PR. If you run into Terraform CD issues while merging this, just re-trigger CD using a new dummy PR.
Points to note
- This upgrade will destroy and re-create the bastion cluster, so any existing connections will be broken during the upgrade. Any data stored in existing bastion EC2 instances will be lost and has to be re-created.
- Observe the terraform plan changes carefully in case your bastion instances are closely coupled with your service infrastructure to identify any potential issues. This should not happen if your bastion cluster is only used for sqitch deployments.
- You can check versions of different software like Sqitch/Psql/Git etc on different bastion AMI versions here. Pick the version that works best for you based on your usage of RDS Postgres and any other resources that may be affected by this change.