Best Practice for applying updates and kernel patches

I have Packer config that is building an AWS Linux 2 AMI and during the Provisioning i’m doing a yum update -y

is this the best way to ensure the AMI has had both Kernel and OS updates?

@kneemaa That sound about right. I would also add a reboot in between (expect_disconnect, etc.) in case the kernel version updates. This ensures it boots into the new kernel, and then I can remove all older kernels.

I haven’t used expect_disconnect yet.

would i just need to add the following to my provisioner for after the step i do the update -y?

{
  "inline": "sudo reboot",
  "type": "shell",
  "expect_disconnect": true
},

Yes. Also, there should be a delay in the block (say 40-60 seconds) to let the machine boot amd be stable for the next ssh