mantle/ore/aws: add ensure-public to manage AMI visibility#4562
Open
marmijo wants to merge 1 commit into
Open
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces the ensure-public command to the ore aws tool, designed to maintain the public accessibility of production RHCOS AMIs that AWS might automatically privatize due to deprecation. It also extends the AWS API client with methods for listing production images, checking public status, and restoring launch permissions. Feedback includes addressing potential nil pointer dereferences when accessing image metadata and refining the wording of deprecation date labels for clarity.
marmijo
force-pushed
the
add-ensure-public
branch
4 times, most recently
from
a9003a9 to
092316d
Compare
AWS enforces a 2-year deprecation date on all public AMIs and removes their public sharing permission after 6+ months of inactivity past the deprecation date. This silently breaks OpenShift customers on older versions who rely on those AMIs to scale cluster nodes. Add `ore aws ensure-public`, which scans all production AMIs (tagged production=true) in a region, checks their launch permission, and restores any that have gone private. A single AMI can also be targeted directly via --ami. Assisted-by: Claude <Sonnet 4.6>
marmijo
force-pushed
the
add-ensure-public
branch
from
092316d to
e1fe762
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
AWS enforces a 2-year deprecation date on all public AMIs and removes their public sharing permission after 6+ months of inactivity past the deprecation date. This silently breaks OpenShift customers on older versions who rely on those AMIs to scale cluster nodes.
Add
ore aws ensure-public, which scans all production AMIs (tagged production=true) in a region, checks their launch permission, and restores any that have gone private. A single AMI can also be targeted directly via--ami.See: https://redhat.atlassian.net/browse/COS-3842
Assisted-by: Claude <Sonnet 4.6>