Worked it out - AWS Elastic Beanstalk in all their wisdom append a "-$guid" to the YUM repo list on an instance, which must be stuck in their CDN as was returning an out of date package list. I have resolved via:

sed 's/-$guid//g' /etc/yum.repos.d/amzn2-core.repo -i
Answer from Phil Peters on Stack Overflow
🌐
Amazon Web Services
aws.amazon.com › compute › amazon linux 2 › faqs
Amazon Linux 2 FAQs
2 weeks ago - Kernel Live Patching in Amazon ... Linux Kernel are delivered to the existing package repositories for Amazon Linux 2, and can be applied using regular yum commands such as ‘yum update —security’ when the feature has been activated....
🌐
AWS
docs.aws.amazon.com › amazon linux › user guide › al2 on amazon ec2 › configure al2 instances › manage software on your al2 instance › update instance software on your al2 instance
Update instance software on your AL2 instance - Amazon Linux 2
For information about changes and updates to AL2023, see AL2023 release notes. If you launched an EC2 instance that uses an Amazon Linux 2 AMI into an IPv6-only subnet, you must connect to the instance and run sudo amazon-linux-https disable. This lets your AL2 instance connect to the yum ...
Discussions

amazon linux 2 yum missing update (AWS Security Center) - Stack Overflow
yum update httpd Loaded plugins: ... update-motd amzn2-core | 3.7 kB 00:00:00 Package httpd-2.4.46-2.amzn2.x86_64 already installed and latest version Nothing to do · This is a brand new unmodified AWS linux 2 instance. I have tried everything I could find online (making sure I can access yum repo and clearing cache) Can anyone else using amazon linux 2 see ... More on stackoverflow.com
🌐 stackoverflow.com
How do you keep your EC2's updated? (Amazon Linux 2)
Systems Manager was built to solve for this - look into Patch Manager and Compliance features. You'll need to make sure the ssm-agent is installed and running and that your instances have an IAM role allowing for SSM actions. An alternate approach is to re-roll your AMIs frequently, but that's a bit different and has its own complexities. More on reddit.com
🌐 r/aws
5
1
February 17, 2023
How do install security updates on an Amazon Linux AMI EC2 instance? - Stack Overflow
If you're creating/destroying instances with an auto-scaling group, etc, the command should be something like "sudo yum update --security -y" in user data. 2018-09-03T02:36:31.203Z+00:00 ... Amazon Linux 2 has switched to systemd, so the command is now systemctl enable yum-cron 2018-12-19T... More on stackoverflow.com
🌐 stackoverflow.com
EC2 YUM --security check-update
I have a amazon linux 2 server running ..every day on same time below process used to run and causes a high cpu spike . /usr/bin/python /usr/bin/yum --debuglevel 2 --security check-update just wa... More on repost.aws
🌐 repost.aws
2
0
January 8, 2024
🌐
AWS re:Post
repost.aws › knowledge-center › ec2-linux-update-security-patches
Update EC2 Linux with the latest updates | AWS re:Post
3 weeks ago - For non-production environments, you can also set releasever = latest in /etc/dnf/dnf.conf or periodically update the releasever to a tested version. ... Open the Amazon Linux Security Center, and then choose Explore CVEs.
🌐
GitHub
github.com › awsdocs › amazon-ec2-user-guide › blob › master › doc_source › install-updates.md
amazon-ec2-user-guide/doc_source/install-updates.md at master · awsdocs/amazon-ec2-user-guide
To update a single package on an Amazon Linux instance · Use this procedure to update a single package (and its dependencies) and not the entire system. Run the yum update command with the name of the package to update.
Author   awsdocs
🌐
AWS
docs.aws.amazon.com › amazon linux 2 › release notes › amazon linux 2 release notes › amazon linux 2 release notes for 2020 and earlier › amazon linux 2 release notes
Amazon Linux 2 release notes - Amazon Linux 2
To upgrade from Amazon Linux 2 LTS Candidate 2 to the LTS version of Amazon Linux 2, run the following commands. $ sudo yum update system-release $ sudo yum update cloud-init $ sudo yum clean all $ sudo yum update $ sudo reboot
🌐
Reddit
reddit.com › r/aws › how do you keep your ec2's updated? (amazon linux 2)
r/aws on Reddit: How do you keep your EC2's updated? (Amazon Linux 2)
February 17, 2023 -

Hi all, i wonder how you keep your production ec2's updated with minimal downtime.

This is what i get on my ec2:

[ec2-user@ec2~]$ yum updateinfo
Loaded plugins: extras_suggestions, langpacks, priorities, update-motd
Security: kernel-5.10.165-143.735.amzn2.x86_64 is an installed security update
Security: kernel-5.10.130-118.517.amzn2.x86_64 is the currently running version
updateinfo summary done

We used to get lots of information from our ubuntu ec2's - and i was wondering how we can get the same output with Amazon Linux 2

Welcome to Ubuntu 20.04.3 LTS (GNU/Linux 5.13.0-1031-aws x86_64) 
88 updates can be applied immediately.
15 of these updates are standard security updates.
To see these additional updates run: apt list --upgradable
The list of available updates is more than a week old.
To check for new updates run: sudo apt update

🌐
AWS
docs.aws.amazon.com › amazon linux › user guide › al2 on amazon ec2
AL2 on Amazon EC2 - Amazon Linux 2
For information about AL2023, see ... system updates in AL2023 in the Amazon Linux 2023 User Guide. AL2 and AL1 are designed to be used with online package repositories hosted in each Amazon EC2 AWS Region. The repositories are available in all Regions and are accessed using yum update ...
Find elsewhere
🌐
Medium
gmusumeci.medium.com › how-to-update-an-ec2-machine-with-amazon-linux-2-dd490c3f8ef8
How To Update an EC2 Machine with Amazon Linux 2 | by Guillermo Musumeci | Medium
March 28, 2022 - We will SSH the EC2 instance using ... 4.14.165–131.185 or later. To check our kernel version, we have two options: [ec2-user@kopicloud ~]$ yum ......
Top answer
1 of 3
70

As outlined in section Security Updates within Amazon Linux AMI Basics, Amazon Linux AMIs are configured to download and install security updates at launch time, i.e. If you do not need to preserve data or customizations on your running Amazon Linux AMI instances, you can simply relaunch new instances with the latest updated Amazon Linux AMI (see section Product Life Cycle for details).

This currently includes only Critical or Important security updates though, see the AWS team's response to Best practices for Amazon Linux image security updates:

The default on Amazon Linux AMI is to install any Critical or Important security updates on launch. This is a function of cloud-init and be modified in cloud.cfg on the box or by passing in user-data. This is why you see some security updates still available at launch.

Consequently, if you want to install all security updates or indeed need to preserve data or customizations on your running Amazon Linux AMI instances, you can maintain those instances through the Amazon Linux AMI yum repositories, i.e. you need to facilitate the regular Yum update mechanism as outlined for the yum-security plugin:

# yum update --security
2 of 3
29

Please note: This does not work if only security updates are selected, due to the fact that security updates are not properly flagged in centos and amazon linux. This may be a matter of Redhat making security a paid feature which, if I'm being frank, is bullshit. For this to work you must update the yum-cron config file to install all updates. This makes security updates less likely to run reliably which makes everyone less secure.

update_cmd = default

Amazon Linux runs updates when the host boots for the first time. If you plan to have hosts up long-term you may also want to enable automatic security updates. I recommend using yum-cron:

sudo yum install yum-cron

The config file is here: (you probably want to just run security updates)

/etc/yum/yum-cron.conf

You can then enable yum-cron like so:

sudo service yum-cron start

edit from a useful comment below: "If you're creating/destroying instances with an auto-scaling group, etc, the command should be something like "sudo yum update -y" in user data."

Top answer
1 of 2
1

You can use the amazon-linux-extras repository to upgrade the kernel

First, run this command to get all available kernel versions sudo amazon-linux-extras |grep kernel

you will see a response similar to this

  _  kernel-5.4               available    [ =stable ]
 55  kernel-5.10=latest       enabled      [ =stable ]
 62  kernel-5.15              available    [ =stable ]

the kernel version marked as enabled is the one installed on your machine

to upgrade to the newer version (for example kernel-5.15), just run this command sudo amazon-linux-extras install kernel-5.15 -y

Now, you need to reboot the server with sudo reboot

After rebooting, run the command uname -r to make sure that the newer version is successfully installed

for more information, please refer to this link

2 of 2
1

Kernel live patches are available for Amazon Linux 2 with kernel version 4.14.165-131.185 or later. To check your kernel version, run the following command.

[root@actsupport ~]#  yum list kernel

If you already have a supported kernel version, skip this step. If you do not have a supported kernel version, run the following commands to update the kernel to the latest version and to reboot the instance.

[root@actsupport ~]#  sudo yum install -y kernel
[root@actsupport ~]#  reboot

Install the yum plugin for Kernel Live Patching.

[root@actsupport ~]#  yum install -y yum-plugin-kernel-livepatch

Enable the yum plugin for Kernel Live Patching.

[root@actsupport ~]#  yum kernel-livepatch enable -y

This command also installs the latest version of the kernel live patch RPM from the configured repositories.

To confirm that the yum plugin for kernel live patching has installed successfully, run the following command.

[root@actsupport ~]#  rpm -qa | grep kernel-livepatch

When you enable Kernel Live Patching, an empty kernel live patch RPM is automatically applied. If Kernel Live Patching was successfully enabled, this command returns a list that includes the initial empty kernel live patch RPM.

Update and start the kpatch service. This service loads all of the kernel live patches upon initialization or at boot.

[root@actsupport ~]#  yum update kpatch-runtime
[root@actsupport ~]#  systemctl enable kpatch.service

Configure the Amazon Linux 2 Kernel Live Patching repository, which contains the kernel live patches.

[root@actsupport ~]#  amazon-linux-extras enable livepatch
🌐
AWS re:Post
repost.aws › knowledge-center › ec2-al1-al2-update-yum-without-internet
Update yum on my Amazon Linux EC2 instance without internet access | AWS re:Post
March 27, 2025 - To update and install packages on your instance without an internet connection, create an Amazon Virtual Private Cloud (Amazon VPC) gateway endpoint for Amazon S3. Include a policy in the VPC endpoint that allows access to the repository buckets. Then, associate the VPC endpoint with your instance subnet's routing table. Note: To activate third-party repositories, such as Extra Packages for Enterprise Linux (EPEL), your instance must have internet access through one of the following devices: ... AWS VPN or AWS Direct Connect connection to your data center that routes the yum request through the public internet
🌐
AWS re:Post
repost.aws › knowledge-center › amazon-linux-2-kernel-upgrade
Upgrade Amazon Linux 2 kernel version | AWS re:Post
August 13, 2024 - [ec2-user@kernel-upgrade ~]$ uname -r 4.14.268-205.500.amzn2.x86_64 · Patch your Amazon Linux so that it's up to date, and then reboot: [ec2-user@kernel-upgrade ~]$ sudo yum -y upgrade [ec2-user@kernel-upgrade ~]$ sudo reboot
🌐
Amazon Web Services
aws.amazon.com › amazon linux ami › faqs
Amazon Linux AMI FAQs
2 weeks ago - All of the compat- packages BZR ... Puppet 2.7.x (puppet) Puppet 3.7.x (puppet3) Subversion 1.9 Transmission OpenJDK 1.7.0 (java-1.7.0-openjdk) Yes, and if that policy ever changes we will communicate it in advance. No. The Amazon Linux AMI is only available for use inside of Amazon EC2. Yes. The yumdownloader --source command ...
🌐
nixCraft
cyberciti.biz › nixcraft › howto › amazon cloud computing › amazon linux ami update installed packages for security
Amazon Linux AMI update installed packages for security - nixCraft
September 7, 2022 - Open up a terminal application or log in using ssh. Run the yum command to upgrade all installed packages on Amazon Linux cloud server: $ sudo yum update One can only apply security related updates to the machines, run: $ sudo yum --security update
🌐
AWS re:Post
repost.aws › knowledge-center › ec2-troubleshoot-yum-errors-al1-al2
Troubleshoot yum or dnf errors on EC2 Linux instance | AWS re:Post
1 month ago - Create an Amazon Machine Image (AMI) backup of the instance. Note: The following resolution step ignores dependencies. If you have the wrong package version installed, then you might encounter issues. You can use the AMI to roll back your configuration if you encounter issues. Run the following command to download the updated Python package: sudo yumdownloader --destdir=/tmp/ python sudo rpm -ivh --nodeps /tmp/python-2*.rpm
🌐
AWS
docs.aws.amazon.com › amazon linux › user guide › updating al2023
Updating AL2023 - Amazon Linux 2023
May 22, 2026 - Checking for, getting notified of, and managing package and OS updates in AL2023.
🌐
Reddit
reddit.com › r/aws › amazon linux 2 - yum update -y hangs?
r/aws on Reddit: Amazon Linux 2 - Yum Update -Y hangs?
July 9, 2018 -

Hello Reddit.

I'm trying to launch an EC2 instance in Northern Virginia using the following bash script

#!/bin/bash

yum update -y

however it does not update, and it locks the yum process so I cannot do anything after that. This used to work fine in Linux 1. Any ideas? I'm quite new to this so apologies for the noob question!

🌐
AWS
docs.aws.amazon.com › amazon linux › user guide › al2 on amazon ec2 › configure al2 instances › manage software on your al2 instance › find and install software packages on an al2 instance
Find and install software packages on an AL2 instance - Amazon Linux 2
In AL2, the yum package management tool searches all of your enabled repositories for different software packages and handles any dependencies in the software installation process. For information about installing software packages in AL2023, see Managing packages and operating system updates in the Amazon Linux ...