How To Apply Only Security Updates in Amazon Linux AMI

AWS Linux AMI

Pre note:

The Amazon Linux AMI is a Linux image provided by Amazon Web Services (AWS) for use on Amazon EC2. It is designed to provide a stable, secure, and high performance execution environment for applications running on Amazon EC2.

Though Amazon Linux AMI is supported & maintained by AWS themselves, the security & performance patches to Linux Kernel & server packages are not applied automatically on the running instances. A degree of expert intervention is needed to put the Linux security patches in place and they can be availed from the official repository itself.

Below are some of the commands to help in this connection.

1. To list the available security updates

[ec2-user@ip-123-45-67-890 ]$  yum list-security --security

The above command will only list the available updates for each package by criticality.

2. Applying the security patches

After reviewing the list of available packages we can either apply patches selectively or on the whole.

To apply all the security patches at the same time,

[ec2-user@ip-123-45-67-890 ]$ sudo yum update --security

Or to apply the security patches selectively.

[ec2-user@ip-123-45-67-890 ]$  yum list-security [PACKAGES-NAME-SEPARTED-BY-COMMA] 

Once the above command is issued, the package manager will resolve the dependencies to suggest the installation, update & replacement of packages as needed.

Upon acknowledging the Y/N prompt the necessary action will be performed by the package manager. These commands do apply only to the security patches & don't go for software upgrades that might break the running application. Anyway, it is recommended to take the necessary backup before attempting to apply the Linux security patches.