AMI deregistration protection management feature released this May.
ALB and others have delete protection, so that security groups and the like cannot be deleted if they are used, but EC2 allows you to unregister an AMI that is the base AMI. If it was specified as a boot template, "unintentional deregistrations could lead to production outages until you recovered those AMIs from Recycle Bin", as described in the above article. This can be disastrous as described in the article above.
I also noticed today that the AMI was missing💦.
I guess I named it improperly and unregistered it as unused without much thought.
Regarding the AMI unregistration protection management feature, there are three options from the unregistration protection perspective, but the option to “Activate with a 24 hour cooldown period” is not intuitive.
official documentation, it seems that “Enable with 24 hour cooldown period” is a feature that prevents deregistration protection from being deleted immediately after it is disabled.
This would be a useful feature to prevent foolproofing from becoming inoperative due to operator assumptions.
Top comments (0)