From 3b5759b927a4c72dd312a0a93992014395c3eda1 Mon Sep 17 00:00:00 2001
From: Peter Nied <peternied@hotmail.com>
Date: Tue, 7 Oct 2025 15:39:54 +0000
Subject: [PATCH 1/2] Update solutions AMIs

We've recieved reports that the solutions project AMI need to be updatd
due to some security issues that have been discovered.  I've updated all
images to the latest release, including gov regions.

I've also changed the source for the images, previous we would use the
first image returned by searching the AMI catalog, instead we are
calling the Amazon managed parameter that holds these details for all
regions.

I've also updated the script to detect if there are missing regions that
need to be opted into since we saw a new region arrive "ap-east-2", this
should prevent folks that run this script in the future from missing any
existing or new regions.

Finally I've also sorted the generated list, which should make it
clearer to see any updates in the future.

Signed-off-by: Peter Nied <peternied@hotmail.com>
---
 .../create-ami-map.sh                         | 37 +++++---
 .../lib/solutions-stack.ts                    | 90 +++++++++++--------
 2 files changed, 78 insertions(+), 49 deletions(-)

diff --git a/deployment/migration-assistant-solution/create-ami-map.sh b/deployment/migration-assistant-solution/create-ami-map.sh
index 560053deb3..290349bdd1 100644
--- a/deployment/migration-assistant-solution/create-ami-map.sh
+++ b/deployment/migration-assistant-solution/create-ami-map.sh
@@ -1,24 +1,37 @@
 #!/bin/bash
 
-# AMI name to look up
-AMI_NAME="al2023-ami-2023.6.20250218.2-kernel-6.1-x86_64"
-OWNER="amazon"
+# Get regions that are "not-opted-in"
+NOT_OPTED_IN=$(aws ec2 describe-regions \
+  --query "Regions[?OptInStatus=='not-opted-in'].RegionName" \
+  --output text)
+
+if [ -n "$NOT_OPTED_IN" ]; then
+    echo "ERROR: The following regions have not been opted into, please use another aws account or opt into these regions:"
+    # put each region on its own line
+    echo "$NOT_OPTED_IN" | tr '\t' '\n' | sort
+    exit 1
+else
+    echo "All available regions have been opted into, continuing..."
+fi
 
 # Get the list of all available AWS regions
 REGIONS=$(aws ec2 describe-regions --query "Regions[].RegionName" --output text)
 
 declare -A amiMap
 
-echo "Looking up AMI IDs for '$AMI_NAME' owned by '$OWNER' in all regions..."
+# Image name to look up
+IMAGE_NAME="/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64"
+
+echo "Looking up AMI based on image name for '$IMAGE_NAME' in all regions..."
 
-for region in $REGIONS; do
+ for region in $REGIONS; do
     echo "Searching in region: $region"
-    ami_id=$(aws ec2 describe-images \
+    ami_id=$(aws ssm get-parameter \
         --region $region \
-        --owners $OWNER \
-        --filters "Name=name,Values=$AMI_NAME" \
-        --query "Images[0].ImageId" \
-        --output text)
+        --name $IMAGE_NAME \
+        --query 'Parameter.Value' \
+        --output text
+        )
     
     if [ "$ami_id" != "None" ]; then
         amiMap[$region]=$ami_id
@@ -31,8 +44,8 @@ done
 # Generate the AMI map as typescript
 echo ""
 echo "AMI Map:"
-echo "const amiMap = {"
-for region in "${!amiMap[@]}"; do
+echo "const amiMap: Record<string, string> = {"
+for region in $(printf "%s\n" "${!amiMap[@]}" | sort); do
     echo "  '$region': '${amiMap[$region]}',"
 done
 echo "};"
diff --git a/deployment/migration-assistant-solution/lib/solutions-stack.ts b/deployment/migration-assistant-solution/lib/solutions-stack.ts
index ea5d619de9..7c32a56e10 100644
--- a/deployment/migration-assistant-solution/lib/solutions-stack.ts
+++ b/deployment/migration-assistant-solution/lib/solutions-stack.ts
@@ -203,45 +203,61 @@ export class SolutionsInfrastructureStack extends Stack {
             }),
         ]
 
-        // Generated with ../create-ami-map.sh
+        // Generated by running `source ./create-ami-map.sh`
         const amiMap: Record<string, string> = {
-            'us-east-2': 'ami-0fc82f4dabc05670b',
-            'us-east-1': 'ami-05b10e08d247fb927',
-            'il-central-1': 'ami-0632d5335bb97c65e',
-            'us-west-1': 'ami-094b981da55429bfc',
-            'af-south-1': 'ami-071ec74a9abd8fec2',
-            'us-west-2': 'ami-027951e78de46a00e',
-            'me-central-1': 'ami-0c4117cd3d8aa9f9a',
-            'mx-central-1': 'ami-0692398a0c98b312e',
-            'ca-central-1': 'ami-05073582a4b03d785',
-            'ap-south-1': 'ami-0d682f26195e9ec0f',
-            'ap-south-2': 'ami-09e23b3de35f110f6',
-            'ap-east-1': 'ami-0123e5d7542358c86',
-            'me-south-1': 'ami-0a95ef992b0368b4c',
-            'sa-east-1': 'ami-02cfee28b56653f5c',
-            'eu-north-1': 'ami-016038ae9cc8d9f51',
-            'ca-west-1': 'ami-05586d5f95c77b005',
-            'ap-northeast-1': 'ami-072298436ce5cb0c4',
-            'ap-northeast-2': 'ami-075e056c0f3d02523',
-            'ap-northeast-3': 'ami-0439cd8bc5628c9e8',
-            'eu-south-1': 'ami-02c8b07ea6001f11a',
-            'eu-south-2': 'ami-047456c943d393211',
-            'eu-central-1': 'ami-06ee6255945a96aba',
-            'eu-central-2': 'ami-0a0c3a3296ccc2a29',
-            'eu-west-2': 'ami-00710ab5544b60cf7',
-            'eu-west-3': 'ami-0446057e5961dfab6',
-            'eu-west-1': 'ami-0a89fa9a6d8c7ad98',
-            'ap-southeast-7': 'ami-043f00bcf35b3eab2',
-            'ap-southeast-4': 'ami-0a9b2961cf0036d29',
-            'ap-southeast-5': 'ami-0e5b1229fc8235ff7',
-            'ap-southeast-2': 'ami-064b71eca68aadfb8',
-            'ap-southeast-3': 'ami-02a732f5ab0d7b2a4',
-            'ap-southeast-1': 'ami-0b03299ddb99998e9',
-          };
+            'af-south-1': 'ami-056f571bb0e6f424b',
+            'ap-east-1': 'ami-005362651c93532ef',
+            'ap-east-2': 'ami-07bd067b2afd36c9d',
+            'ap-northeast-1': 'ami-0d4aa492f133a3068',
+            'ap-northeast-2': 'ami-099099dff4384719c',
+            'ap-northeast-3': 'ami-0c3d48d3539dae8d5',
+            'ap-south-1': 'ami-0f9708d1cd2cfee41',
+            'ap-south-2': 'ami-058a677191f2d3b4b',
+            'ap-southeast-1': 'ami-088d74defe9802f14',
+            'ap-southeast-2': 'ami-0c462b53550d4fca8',
+            'ap-southeast-3': 'ami-06ab30fd4fdb3ed9d',
+            'ap-southeast-4': 'ami-0d42e9612aefb98da',
+            'ap-southeast-5': 'ami-01e13e3c781810a30',
+            'ap-southeast-6': 'ami-011236e3336b1fe14',
+            'ap-southeast-7': 'ami-0e4f6ae724df740e7',
+            'ca-central-1': 'ami-029c5475368ac7adc',
+            'ca-west-1': 'ami-080ada25b460a6622',
+            'eu-central-1': 'ami-08697da0e8d9f59ec',
+            'eu-central-2': 'ami-06bfd82c089bb1f7a',
+            'eu-north-1': 'ami-04c08fd8aa14af291',
+            'eu-south-1': 'ami-0f75ff17d5b995930',
+            'eu-south-2': 'ami-093f87ac3f1e31f91',
+            'eu-west-1': 'ami-04f25a69b566c844b',
+            'eu-west-2': 'ami-0336cdd409ab5eec4',
+            'eu-west-3': 'ami-0d8c6c2b092ebb980',
+            'il-central-1': 'ami-044c25ddea94bf84c',
+            'me-central-1': 'ami-0f661f38a53d919c7',
+            'me-south-1': 'ami-0115748e9cebc5543',
+            'mx-central-1': 'ami-0e439f4aa57d84983',
+            'sa-east-1': 'ami-07c0cae188e21a093',
+            'us-east-1': 'ami-052064a798f08f0d3',
+            'us-east-2': 'ami-077b630ef539aa0b5',
+            'us-west-1': 'ami-0b967c22fe917319b',
+            'us-west-2': 'ami-0caa91d6b7bee0ed0',
+        };
 
-        // Manually looked up with https://us-gov-east-1.console.amazonaws-us-gov.com/ec2/home?region=us-gov-east-1#AMICatalog:
-        amiMap['us-gov-west-1'] = 'ami-06cf22f69c918a2c1';
-        amiMap['us-gov-east-1'] = 'ami-066774057f581130f';
+        // Requires a gov cloud account to execute these commands
+        /*
+            aws ssm get-parameter \
+                --region us-gov-west-1 \
+                --name /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64 \
+                --query 'Parameter.Value' \
+                --output text
+        */
+        amiMap['us-gov-west-1'] = 'ami-08f42c51760f3e3af';
+        /*
+            aws ssm get-parameter \
+                --region us-gov-east-1 \
+                --name /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64 \
+                --query 'Parameter.Value' \
+                --output text
+        */
+        amiMap['us-gov-east-1'] = 'ami-0c16bde0528963329';
 
         const securityGroup = new SecurityGroup(this, 'BootstrapSecurityGroup', {
             vpc: vpc,

From 9c25e6004aedc8b7e958398e8d4641333cc6994e Mon Sep 17 00:00:00 2001
From: Peter Nied <peternied@hotmail.com>
Date: Tue, 7 Oct 2025 16:52:31 +0000
Subject: [PATCH 2/2] Fix whitespace

Signed-off-by: Peter Nied <peternied@hotmail.com>
---
 deployment/migration-assistant-solution/create-ami-map.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/deployment/migration-assistant-solution/create-ami-map.sh b/deployment/migration-assistant-solution/create-ami-map.sh
index 290349bdd1..8d2ea4b034 100644
--- a/deployment/migration-assistant-solution/create-ami-map.sh
+++ b/deployment/migration-assistant-solution/create-ami-map.sh
@@ -24,7 +24,7 @@ IMAGE_NAME="/aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-x86_64"
 
 echo "Looking up AMI based on image name for '$IMAGE_NAME' in all regions..."
 
- for region in $REGIONS; do
+for region in $REGIONS; do
     echo "Searching in region: $region"
     ami_id=$(aws ssm get-parameter \
         --region $region \