How do install security updates on an Amazon Linux AMI EC2 instance?

Question

I see the following notices displayed on login:

   __|  __|_  )    _|  (     /   Amazon Linux AMI   ___|\___|___|    See /usr/share/doc/system-release/ for latest release notes.   There are 30 security update(s) out of 39 total update(s) available 

How do I install these updates on my machine?

Answer 1

As outlined in section Security Updates within Amazon Linux AMI Basics, Amazon Linux AMIs are configured to download and install security updates at launch time, i.e. If you do not need to preserve data or customizations on your running Amazon Linux AMI instances, you can simply relaunch new instances with the latest updated Amazon Linux AMI (see section Product Life Cycle for details).

This currently includes only Critical or Important security updates though, see the AWS team's response to Best practices for Amazon Linux image security updates:

The default on Amazon Linux AMI is to install any Critical or Important security updates on launch. This is a function of cloud-init and be modified in cloud.cfg on the box or by passing in user-data. This is why you see some security updates still available at launch.

Consequently, if you want to install all security updates or indeed need to preserve data or customizations on your running Amazon Linux AMI instances, you can maintain those instances through the Amazon Linux AMI yum repositories, i.e. you need to facilitate the regular Yum update mechanism as outlined for the yum-security plugin:

# yum update --security