How to automate rolling upgrades for ec2 running linux behind elastic and/or application load balancer?

Would like to ask for recommendations on ready automated solutions or templates for rolling ec2 instance upgrade on AWS, requiring a reboot with ELB/ALB.
Specifically required to perform the maintenance upgrade for the kernel on hundreds of Linux machines.

For each ELB/ALB steps are:

• Disconnect ec2 instance from ELB/ALB wait for connection draining

• Upgrade kernel and reboot machine (not part of automation, e.g. running external ./upgrade.sh)

• Wait for instance to be online, connect to ELB/ALB, wait for health check status

• Continue to next instance in the load balancer

Note: not looking for migration to the solution similar to Netflix Spinnaker or immutable deployment strategy implementation, but for general and simple on-demand maintenance tool.

AWS have a specific service to deal with this type of use case, EC2 Systems Manager

This allows making base patch sets and then checking they are applied to target systems.


"Patch Manager is a fully-managed service (provided at no additional
cost) that helps you simplify your operating system patching process,
including defining the patches you want to approve for deployment, the
method of patch deployment, the timing for patch roll-outs, and
determining patch compliance status across your entire fleet of
instances. It’s extremely configurable with some sensible defaults and
helps you easily deal with patching heterogeneous clusters."

-- "Amazon EC2 Systems Manager Patch Manager now supports Linux"

You'll need to install an SSM agent on each system and add a role but other than that it should be unobtrusive

StackExchange DevOps Q#3747, answer score: 2