bug: Amazon Linux 2023 EC2 Image not tagged to all the correct AMI IDs

[Garethp]

Is there an existing issue for this?

• I have searched the existing issues

Current Behavior

When spinning up a EC2 pointing at MachineImage.latestAmazonLinux2023(), LocalStack will clone the Amazon Linux 2023 image and tag it with the ami-024f768332f0 AMI, while the stack resolves the desired AMI ID to ami-0e58172bedd62916b causing the error of

The stack named ec2-stack failed to deploy: CREATE_FAILED (An error occurred (InvalidAMIID.NotFound) when calling the RunInstances operation: The image id 'ami-0e58172bedd62916b' does not exist): An error occurred (InvalidAMIID.NotFound) when calling the RunInstances operation: The image id 'ami-0e58172bedd62916b' does not exist

Expected Behavior

The AMI ID that the Amazon Linux 2023 image is tagged with should also be what's stored in the SSM Parameter for /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64, or an image matching that should also be downloaded and tagged correctly. Either way, the Stack should be able to resolve the correct AMI ID and deploy

How are you starting LocalStack?

With a docker-compose file

Steps To Reproduce

How are you starting localstack (e.g., bin/localstack command, arguments, or docker-compose.yml)

docker run localstack/localstack

Client commands (e.g., AWS SDK code snippet, or sequence of "awslocal" commands)

export class EC2Stack extends Stack {
  constructor(scope: Construct, id: string, props: StackProps) {
    super(scope, id, props);

    const vpc = new Vpc(this, "VPC");
    const securityGroup = new SecurityGroup(this, "security-group", { vpc });

    new Instance(this, "EC2", {
      vpc,
      securityGroup,
      machineImage: MachineImage.latestAmazonLinux2023(),
      instanceType: InstanceType.of(InstanceClass.T3, InstanceSize.NANO),
      blockDevices: [
        {
          deviceName: "/ebs-dev/sda1",
          volume: BlockDeviceVolume.ebs(10),
        },
      ],
    });
  }
}

Environment

- OS: Ubuntu 20.04
- LocalStack: 3.4

Anything else?

I've reproduced the issue here: https://github.com/Garethp/localstack-bugs/tree/ec2-latestAmazonLinux2023
If you clone down the branch ec2-latestAmazonLinux2023, run yarn install, and then ./start.sh you should see the issue in action.

Additionally, if you run awslocal ssm get-parameters-by-path --path /aws/service/ami-amazon-linux-latest you can see that there might be other paths for AmazonLinux2023 to resolve to, but just calling MachineImage.amazonLinux2023() will resolve the /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64 SSM Parameters for it's AMI

Notes from @simonrw:

This method translates to an SSM parameter lookup, so we would have to pre-seed the users SSM parameter space with the relevant references, one for each latest_.* function (at least).
For the following CDK stack:

 const param = new StringParameter(this, "Param", {
   stringValue: ec2.MachineImage.latestAmazonLinux2023().getImage(this).imageId,
 });

it generates the following CFn parameter:

SsmParameterValueawsserviceamiamazonlinuxlatestal2023amikernel61x8664C96584B6F00A464EAD1953AFF4B05118Parameter:
    Type: AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>
    Default: /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64

which is used to populate the Param SSM parameter’s value
Looking up this parameter in SSM (for me as of this message) returns ami-098c93bd9d119c051
So it’s not a CFn thing, it’s an environment pre-population thing