DEV Community

Yasuhiro Matsuda for AWS Community Builders

Posted on

2

Prevent accidental unregistration of AMI

AMI deregistration protection management feature released this May.

ALB and others have delete protection, so that security groups and the like cannot be deleted if they are used, but EC2 allows you to unregister an AMI that is the base AMI. If it was specified as a boot template, "unintentional deregistrations could lead to production outages until you recovered those AMIs from Recycle Bin", as described in the above article. This can be disastrous as described in the article above.

I also noticed today that the AMI was missingšŸ’¦.
I guess I named it improperly and unregistered it as unused without much thought.

Regarding the AMI unregistration protection management feature, there are three options from the unregistration protection perspective, but the option to ā€œActivate with a 24 hour cooldown periodā€ is not intuitive.

Managing AMI deregistration protection

official documentation, it seems that ā€œEnable with 24 hour cooldown periodā€ is a feature that prevents deregistration protection from being deleted immediately after it is disabled.

This would be a useful feature to prevent foolproofing from becoming inoperative due to operator assumptions.

Image of Docusign

Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post