I would like to know how to make sure the AWS EC2 instances created via the Docker cloudformation template () are regularly kept up-to-date concerning latest security updates.
Are the AMIs referenced in the cloudformation template regularly updated with security updates?
I see that currently this AMI is used for our instances: “Moby Linux aws-v17.03.0-ce-aws1 (ami-2acd1845)”. Taking a look inside reveals that is is based on Alpine Linux 3.5.0 (output of “cat /etc/alpine-release”). But there is already a 3.5.2 release (see ) containing some security fixes.
How about an approach to automatically apply security updates as part of the boot-up of the AMI (like it is done with the Amazon Linux AMI)?
I’ve followed the steps in  to apply the updates (doing “sudo apk update” and “sudo apk upgrade”), but initiating this on boot-up would mean a change to the cloudformation template, I guess.
Are there plans on future improvements in this area?