AWS recently introduced the ability to nondisruptively replace the root volume of an EC2 instance with an updated AMI. Replace Root Volume helps patch the guest operating system and applications, but it still triggers an instance reboot.
The Replace Root Volume option allows developers to quickly patch their software without backing up or replicating instance store data. Changing the AMI of a running instance updates your applications and operating system, but preserves your instance store data, networking, and IAM configuration. An improvement over using snapshots to replace the root volume, the new option helps developers use stateful workloads, simplifies operating system patching, and improves deployment security.
Frank Fioretti, Principal Infrastructure Architect at Huron Consulting Group, said: Tweet:
This really sounds more like an orchestration/automation than something new (…) if you’re using instance store and want to replace your root volume and keep your instance store data. You can see its benefits.
One option with the new API is to restore the root volume to its boot state. The replacement volume is automatically restored from the snapshot used to create the initial volume at boot time. The replacement volume gets the same type, size, and deletion attributes as the original root volume. Jason Axley, Principal Security Engineer at Amazon, said: Tweet:
This makes using the DIE (Distributed Immutable Ephemeral) paradigm for cloud security easier than with traditional EC2: replace the root volume by returning it to the boot state.
According to the documentation, the EC2 remains on the same physical host and retains its public and private IP addresses and DNS names. All network interfaces remain associated with the instance and all pending network traffic is flushed once the instance becomes available.
Cory QuinnThe Duckbill Group cloud economist commented in the newsletter:
Ok, this is great for many use cases. Sadly you have to reboot the instance quickly, but other than that it’s more streamlined. As is probably for you, my development instance is a pet.
A successful replacement task transitions to three states: On holdwhen creating the replacement volume, in progressif the original volume is detached and the alternate volume is attached, and Successful When the process has completed and the instance is available again.
Replacing the root volume using an AMI does not change the encryption status of the root volume. If an AMI has multiple block device mappings, only the AMI’s root volume is used and other volumes are ignored. If the instance supports the Nitro Trusted Platform Module (NitroTPM), her NitroTPM data on the instance will be reset and a new key will be generated.
The Replace Root Volume API is available in all AWS Regions via console, CLI, or SDK. When done using the AWS console, new features are only available in the new console.