Skip to content →

Configuration of Automatic Updates on Amazon Linux Version 1 & 2

The Amazon Linux AMI is a supported and maintained Linux image provided by Amazon Web Services for use on Amazon Elastic Compute Cloud (Amazon EC2). It is designed to provide a stable, secure, and high performance execution environment for applications running on Amazon EC2.

However, for whatever reason it is not enabled with automatic security updates on by default.

So lets fix that.

Step 0:

First lets install a version locking system for yum package manager. The reason we want something like this is to lock any and all packages that are too sensitive for automatic updates. A good example of this is any package where the version number can affect functionality in a major way such as gcc or Java.

sudo yum install yum-plugin-versionlock

You can then lock any package/set of packages with a statement like the following

sudo yum versionlock java*

To view a list of the current package locks, you can

sudo yum versionlock list

To remove all current package locks

sudo yum versionlock clear

Step 1:

Next lets configure automatic updates by first installing yum-cron

sudo yum install yum-cron

Lets modify the configuration to only enable security updates

sudo nano /etc/yum/yum-cron.conf

In the commands section set update_cmd to security and save-exit (Ctrl+o + Ctrl+x)

This will do something akin to

sudo yum update --security

Now lets enable it to start

sudo service yum-cron start

On AMI Version 1 also run:

sudo chkconfig yum-cron on

On AMI Version 2 also run:

sudo systemctl enable yum-cron

And you’re done!

Published in Uncategorized


Leave a Reply

Your email address will not be published. Required fields are marked *