The Amazon Linux AMI is a supported and maintained Linux image provided by Amazon Web Services for use on Amazon Elastic Compute Cloud (Amazon EC2). It is designed to provide a stable, secure, and high performance execution environment for applications running on Amazon EC2.
However, for whatever reason it is not enabled with automatic security updates on by default.
So lets fix that.
First lets install a version locking system for yum package manager. The reason we want something like this is to lock any and all packages that are too sensitive for automatic updates. A good example of this is any package where the version number can affect functionality in a major way such as gcc or Java.
sudo yum install yum-plugin-versionlock
You can then lock any package/set of packages with a statement like the following
sudo yum versionlock java*
To view a list of the current package locks, you can
sudo yum versionlock list
To remove all current package locks
sudo yum versionlock clear
Next lets configure automatic updates by first installing yum-cron
sudo yum install yum-cron
Lets modify the configuration to only enable security updates
sudo nano /etc/yum/yum-cron.conf
In the commands section set update_cmd to security and save-exit (Ctrl+o + Ctrl+x)
This will do something akin to
sudo yum update --security
Now lets enable it to start
sudo service yum-cron start
On AMI Version 1 also run:
sudo chkconfig yum-cron on
On AMI Version 2 also run:
sudo systemctl enable yum-cron
And you’re done!