How to apply only security updates in Amazon Linux AMI
The Amazon Linux AMI is a Linux image provided by Amazon Web Services (AWS) for use on Amazon EC2. It is designed to provide a stable, secure, and high performance execution environment for applications running on Amazon EC2.
Though Amazon Linux AMI is supported & maintained by AWS themselves, the security & performance patches to Linux Kernel & server packages are not applied automatically on the running instances. A degree of expert intervention is needed to put the security patches in place and they can be availed from the official repository itself.
Below are the some of the commands to help in this connection.
1. To list the available security updates
[ec2-user@ip-123-45-67-890 ]$ yum list-security --security
The above command will only list the available updates for each package by criticality.
2. Applying the security patches
After reviewing the list of available packages we can either apply patches selectively or on the whole.
To apply all the security patches at the same time,
[ec2-user@ip-123-45-67-890 ]$ sudo yum update --security
Or to apply the security patches selectively.
[ec2-user@ip-123-45-67-890 ]$ yum list-security [PACKAGES-NAME-SEPARTED-BY-COMMA]
Once the above command is issued, the package manager will resolve the dependencies to suggest for the install, update & replace of packages as needed.
Upon acknowledging the Y/N prompt the necessary action will be performed by the package manager. These commands do apply only the security patches & don't go for software upgrade which might break the running application. Anyway, it is recommended to take the necessary backup before attempting to apply the security patches.