Today I’ve received a few questions about a maintenance update we’re performing late
this week through early next week, so I thought it would be useful to provide an update.
Yesterday we started notifying some of our customers of a timely security and operational
update we need to perform on a small percentage (less than 10%) of our EC2 fleet globally.
AWS customers know that security and operational excellence are our top two priorities.
These updates must be completed by October 1st before the issue is made public as part
of an upcoming Xen Security Announcement (XSA). Following security best practices, the details
of this update are embargoed until then. The issue in that notice affects many Xen
environments, and is not specific to AWS.
As we explained in emails to the small percentage of our customers who are affected
and on our forums, the instances that need the update require a system restart of the
underlying hardware and will be unavailable for a few minutes while the patches are being
applied and the host is being rebooted.
While most software updates are applied without a reboot, certain limited types of updates
require a restart. Instances requiring a reboot will be staggered so that no two regions or
availability zones are impacted at the same time and they will restart with all saved data and all
automated configuration intact. Most customers should experience no significant issues with the
reboots. We understand that for a small subset of customers the reboot will be more inconvenient;
we wouldn’t inconvenience our customers if it wasn’t important and time-critical to apply this update.
Customers who aren’t sure if they are impacted should go to the “Events“ page on the
EC2 console, which will list any pending instance reboots for their AWS account.
As always, we are here to help walk customers through this or to answer questions after the maintenance update completes. Just open a support case.
P.S. Note that this update is not in any way associated with what is being called the “Bash Bug” in the news today. For information on that issue, see this security
bulletin on the AWS security center.