ec2: public ssm parameters for container-optimized windows AMIs do not work

[jesterhazy]

Describe the bug

i have a CDK stack that looks up an AMI image from public SSM parameter like so:

ec2.MachineImage.fromSsmParameter(
    '/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-ContainersLatest'
),

that code stopped working a day or two ago, because the underlying image was withdrawn and then the SSM parameter was deleted.

I tried to update my stack to use the recommended replacement /aws/service/ami-windows-latest/Windows_Server-2022-English-Core-ECS_Optimized, but when i deploy this I get a parameter validation error:

Parameter validation failed: parameter value {"image_name":"Windows_Server-2022-English-Core-ECS_Optimized-2023.07.11","image_id":"ami-0cad3b428d9d54059","ecs_runtime_version":"Docker (CE) version 20.10.21","ecs_agent_version":"1.73.1"} for parameter name SsmParameterValueawsserviceamiwindowslatestWindowsServer2022EnglishCoreECSOptimizedC96584B6F00A464EAD1953AFF4B05118Parameter does not exist

it looks like the Value field of the SSM parameter contains structured JSON instead of a plain string AMI id:

% aws ssm get-parameters-by-path --path /aws/service/ami-windows-latest | jq '.Parameters[] | select(.Name | contains("Windows_Server-2022-English-Core-ECS_Optimized"))'
{
  "Name": "/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-ECS_Optimized",
  "Type": "String",
  "Value": "{\"image_name\":\"Windows_Server-2022-English-Core-ECS_Optimized-2023.07.11\",\"image_id\":\"ami-0cad3b428d9d54059\",\"ecs_runtime_version\":\"Docker (CE) version 20.10.21\",\"ecs_agent_version\":\"1.73.1\"}",
  "Version": 29,
  "LastModifiedDate": "2023-07-17T17:24:01.490000+00:00",
  "ARN": "arn:aws:ssm:us-west-2::parameter/aws/service/ami-windows-latest/Windows_Server-2022-English-Core-ECS_Optimized",
  "DataType": "text"
}

all of the Windows 2022 ECS/EKS SSM parameters have the same kind of structured value.

is there any way to use these SSM parameters with CDK's image lookup functions, or is this feature just broken now?

Expected Behavior

I expected to be able to deploy the stack that uses these parameters, and have the asg successfully launch instances using the referenced AMI.

Current Behavior

deployment fails with a validation error

Reproduction Steps

see the bug description

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.85.0 (build 4e0d726)

Framework Version

No response

Node.js Version

v18.16.1

OS

Linux

Language

Typescript

Language Version

5.x

Other information

No response

[peterwoodworth]

Thanks for the bug report, you're right that the value for the parameter is now a stringified JSON, instead of just the AMI ID. This is breaking our method because we are only expecting just the ami id to be returned as a string.

I'm not sure if this is expected for the parameters to contained stringified JSON now, if it is expected, then we'll need to update our context provider. If not, we should verify with the service team if this pattern is to be expected going forward

[rix0rrr]

It's not advertised, but you can add /image_id to the parameter name to get just the AMI ID:

/aws/service/ami-windows-latest/Windows_Server-2022-English-Full-ECS_Optimized/image_id

CDK does that automatically for you if you use EcsOptimizedImage.windows().

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.