Debian Wheezy (7.x) on AWS EC2


7.8.aws.1 (28 January 2015)

This release addresses CVE 2015-0235 also known as the "ghost" issue with libc6; it contains the updated libc6 in the base image.

Region

hvm x86_64 ebs

paravirtual i386 ebs

paravirtual x86_64 ebs

paravirtual x86_64 instance-store

ap-northeast-1

ami-b25d44b3

ami-c05e47c1

ami-e05c45e1

ami-745c4575

ap-southeast-1

ami-aeb49ffc

ami-c08ba092

ami-008ba052

ami-6a8ba038

ap-southeast-2

ami-6b770351

ami-f17703cb

ami-b777038d

ami-4f770375

eu-central-1

ami-98043785

ami-c80437d5

ami-b60437ab

ami-8a043797

eu-west-1

ami-61e56916

ami-1be06c6c

ami-e7e66a90

ami-c9e569be

sa-east-1

ami-3d8b3720

ami-6b8b3776

ami-558b3748

ami-2f8b3732

us-east-1

ami-e0efab88

ami-e6eeaa8e

ami-baeda9d2

ami-74efab1c

us-west-1

ami-b4869ff1

ami-a8b9a0ed

ami-c0b9a085

ami-70b9a035

us-west-2

ami-431a4273

ami-051b4335

ami-f91a42c9

ami-a31a4293

us-gov-west-1

ami-d13455f2

ami-d53455f6

ami-d73455f4

-

cn-north-1

ami-48029071

-

ami-5c029065

-

A GPG signed email of this list is in the Debian-Cloud mailing list archive for your security.


You may wish to use a CloudFormation template and add a UserData script. For some releases are duplicated into Amazon Marketplace but the same images are shared directly as "Community Shared AMIs" (account number 379101102735, but with different AMI IDs to the Marketplace). All AMIs shared from the Debian AWS Account and their corresponding EBS snapshots are marked as public so can be inspected by any AWS user.

SSH username

Remote root SSH is disabled in all images, as is password authentication). You will need to connect to instances from these AMIs as the user admin using your SSH key, and then sudo -i to gain root access.

Please note that an Amazon Marketplace image volume cannot be attached to another running instance (For example, to repair a broken /etc/fstab, or /etc/network/interfaces). This is a limitation of all Marketplace images, as described here: Official AWS documentation

Upgrading from previous 6.x.y releases

As is standard with Debian, a simple apt-get update && apt-get dist-upgrade should bring all packages up to date. There is no need to reinstall, but any CloudFormation templates and AutoScale Launch Configurations should be tested with and then updated to use the current AMI. It is recommended not to use older point releases.

CloudFormation Template

CloudFormation is a templating system for defining AWS resources - see http://aws.amazon.com/cloudformation/

{
    "AWSTemplateFormatVersion": "2010-09-09",
    "Description": "Debian AMI list, generated 2015-02-05 13:35:31.317011 by James Bromberger, jeb@debian.org",
    "Mappings": {
        "AMImap": {
            "ap-northeast-1": {
                "Wheezy78basei386paravirtualebs": "ami-58b7a659",
                "Wheezy78basex8664hvmebs": "ami-48b9a849",
                "Wheezy78basex8664paravirtualebs": "ami-00b6a701",
                "Wheezy78basex8664paravirtualinstancestore": "ami-52a3b253"
            },
            "ap-southeast-1": {
                "Wheezy78basei386paravirtualebs": "ami-c56d4597",
                "Wheezy78basex8664hvmebs": "ami-bd6d45ef",
                "Wheezy78basex8664paravirtualebs": "ami-8d6d45df",
                "Wheezy78basex8664paravirtualinstancestore": "ami-956149c7"
            },
            "ap-southeast-2": {
                "Wheezy78basei386paravirtualebs": "ami-6de68c57",
                "Wheezy78basex8664hvmebs": "ami-d3e68ce9",
                "Wheezy78basex8664paravirtualebs": "ami-efe68cd5",
                "Wheezy78basex8664paravirtualinstancestore": "ami-15e58f2f"
            },
            "eu-west-1": {
                "Wheezy78basei386paravirtualebs": "ami-5d46c02a",
                "Wheezy78basex8664hvmebs": "ami-a345c3d4",
                "Wheezy78basex8664paravirtualebs": "ami-cb47c1bc",
                "Wheezy78basex8664paravirtualinstancestore": "ami-8153d5f6"
            },
            "sa-east-1": {
                "Wheezy78basei386paravirtualebs": "ami-dd0cbec0",
                "Wheezy78basex8664hvmebs": "ami-b90dbfa4",
                "Wheezy78basex8664paravirtualebs": "ami-750dbf68",
                "Wheezy78basex8664paravirtualinstancestore": "ami-4ffb4652"
            },
            "us-east-1": {
                "Wheezy78basei386paravirtualebs": "ami-e895e580",
                "Wheezy78basex8664hvmebs": "ami-f295e59a",
                "Wheezy78basex8664paravirtualebs": "ami-3695e55e",
                "Wheezy78basex8664paravirtualinstancestore": "ami-363a495e"
            },
            "us-west-1": {
                "Wheezy78basei386paravirtualebs": "ami-f9fbe4bc",
                "Wheezy78basex8664hvmebs": "ami-c7fae582",
                "Wheezy78basex8664paravirtualebs": "ami-7ffae53a",
                "Wheezy78basex8664paravirtualinstancestore": "ami-d7f5ea92"
            },
            "us-west-2": {
                "Wheezy78basei386paravirtualebs": "ami-9f623eaf",
                "Wheezy78basex8664hvmebs": "ami-3d9cc00d",
                "Wheezy78basex8664paravirtualebs": "ami-01633f31",
                "Wheezy78basex8664paravirtualinstancestore": "ami-2995c919"
            }
        }
    },
    "Parameters": {
        "InstanceType": {
            "AllowedPattern": "[a-z]+[0-9].[a-z0-9]+",
            "Default": "m3.medium",
            "Description": "Type of EC2 Instance",
            "Type": "String"
        },
        "KeyName": {
            "Description": "SSH Key Name",
            "Type": "String"
        },
        "Release": {
            "AllowedValues": [
                "Wheezy78basex8664hvmebs",
                "Wheezy78basex8664paravirtualinstancestore",
                "Wheezy78basex8664paravirtualebs",
                "Wheezy78basei386paravirtualebs"
            ],
            "Default": "Wheezy75basex8664paravirtualebs",
            "Description": "Release, arch and root filesystem type",
            "Type": "String"
        }
    },
    "Resources": {
        "MyInstance": {
            "Properties": {
                "ImageId": {
                    "Fn::FindInMap": [
                        "AMImap",
                        {
                            "Ref": "AWS::Region"
                        },
                        {
                            "Ref": "Release"
                        }
                    ]
                },
                "InstanceType": {
                    "Ref": "InstanceType"
                },
                "KeyName": {
                    "Ref": "KeyName"
                },
                "SecurityGroups": [
                    {
                        "Ref": "MySecurityGroup"
                    }
                ]
            },
            "Type": "AWS::EC2::Instance"
        },
        "MySecurityGroup": {
            "Properties": {
                "GroupDescription": "Permit inbound SSH",
                "SecurityGroupIngress": [
                    {
                        "CidrIp": "0.0.0.0/0",
                        "FromPort": "22",
                        "IpProtocol": "tcp",
                        "ToPort": "22"
                    }
                ]
            },
            "Type": "AWS::EC2::SecurityGroup"
        }
    }
}

Suggested UserData scripts

Debian !AMIs use cloud-init. This gives you a choice when crafting your UserData to configure your instance. Simple shell scripts continue to be supported by starting with #!/bin/sh, such as:

   1 #!/bin/sh
   2 apt-get update && apt-get upgrade -y && apt-get install -y unattended-upgrades python-pip

However other formats for UserData are also supported, such as:

cloud-config:
packages:
 - pwgen
package_upgrade: true
ssh_keys:
  rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7XdewmZ3h8eIXJD7TRHtVExampleOne
  rsa_public: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAGEAoPRhIfLvedSDKw7XdewmZ3h8eIXJD7TRHtVExampleTwo

The unattended-upgrades package is described on UnattendedUpgrades.


See also Cloud and Teams/Cloud.