Image updates - Best Practices for Deploying Amazon AppStream 2.0

Image updates

Software patching is critical for the security and performance of compute resources. Frequent patching is listed as a best practice in the Security Pillar of the Well-Architected Framework.

When your image is built and deployed, there are four categories of software that require patching in your AppStream 2.0 image:

  • Applications and dependencies — You are responsible for patching the applications and dependencies in your images.

  • Microsoft Windows operating system — You are responsible for installing and maintaining updates for Windows.

  • Software components — These are drivers, agents, and other software that is required for AppStream 2.0 operation (for example, the Amazon CloudWatch agent). AppStream 2.0 periodically releases new base images that contain new agents and drivers. You can rebuild your image using the latest base to bring the software components on their images to the latest baseline. The process to rebuild an image on the latest base can be time-consuming and cumbersome when there are many applications, or with complex application installs.

  • AppStream 2.0 agent — You can choose Always use the latest agent version in Image Assistant. With this option, streaming instances that are launched from the image automatically use the latest version of the agent.

You can keep your AppStream 2.0 image up to date by doing either of the following: