[Important Update: March 2, 2015]

Since we posted the information below, our team has been working around-the-clock to find ways to minimize the impact for those requiring a reboot. We're happy to share that we'll now be able to live-update ‎the vast majority of our older hardware for this Xen Security Advisory. This means that over 99.9% of our total EC2 instances will receive the live-update and avoid a reboot. We can also now assure you that all newly launched instances will land on updated capacity, which means for the less than 0.1% of total EC2 instances that require a reboot, you can proactively re-launch these instances in order to avoid the assigned reboot timing (if you prefer).

The Events page on the EC2 console has been updated to mark all events corresponding to the previously scheduled reboots as completed (viewable by selecting Completed in the status filter). For those few customers that still have instances that require a reboot, those instances will still appear on the Events page.

If you have any questions, you can contact the AWS Support Team on the community forums and via AWS Premium Support at: https://console.aws.amazon.com/support/ or, in the China (Beijing) region only, https://console.amazonaws.cn/support/home#/.


[Original post]

We’ve received a Xen Security Advisory that requires us to update a portion of our Amazon EC2 fleet. Fewer than 10% of EC2 customer instances will need to be rebooted. We’ve started notifying affected customers when their reboots will take place. These updates must be completed by March 10, 2015 before the underlying issues we are addressing are made public. Following security best practices, the details behind these issues will be withheld until they are made public on March 10.

Security and operational excellence are our top priorities, and therefore we occasionally need to do host maintenance on short notice. We have built the capability to live-update the vast majority of our fleet; however, we have not yet enabled this capability on some of our older hardware. This older hardware is what’s being rebooted.

To see if you have any instances scheduled to be rebooted, as well as the associated maintenance windows for those reboots, visit the Events page on the EC2 console: https://console.aws.amazon.com/ec2#Events or, in the China (Beijing) region only, https://console.amazonaws.cn/ec2#Events. Each instance will experience a clean reboot and will be unavailable while the updates are applied to the underlying host. This generally takes no more than a few minutes to complete.

Each instance will return to normal operation after the reboot, and all instance configuration and data will be retained. If you have startup procedures that aren’t automated during your instance boot process, please remember that you will need to log in and run them. We will need to do this maintenance update in the window specified. You will not be able to stop/start or re-launch instances in order to avoid this maintenance update.

Why are you doing this maintenance?

We have received a Xen Security Advisory that requires us to update portions of the Amazon EC2 instance fleet.

How can I figure out which of my instances are affected?

You can log into the EC2 console and check the Events page to see if you have any instances that are scheduled for a reboot.

What other methods do I have to view the schedule of my instance reboots?

You can also use the EC2 APIs or AWS CLI to get the same schedule data that is available via the management console.

Can I reboot my instance before my scheduled reboot time?

You can always reboot your instance at any time. However, doing so will not remove the need to reboot your instance at its scheduled time. These security updates require a reboot to the underlying hardware in order to be applied.

Can I re-launch my instances to avoid these reboots? [Updated]

Yes, you can proactively re-launch these instances in order to avoid the assigned reboot timing (if you prefer).

Which instances will be updated? [Updated]

While all instance types need to be updated, we have developed the capability to live-update instances running on newer hardware. The vast majority of the EC2 fleet will be live-updated, but a very small portion of instances (fewer than 0.1% of customer EC2 instances) running on older hardware will require a reboot to complete the update process.

I use multiple regions. Will my instances in different regions be rebooted at the same time?

No. You will not have instances in different regions rebooted at the same time.

Will I lose my data on the local instance storage after the reboot?

No, all data on the local instance storage will still be available after the reboot.

What should I do if my instance does not reboot properly?

Go to http://aws.amazon.com/instance-help/ for best practices on dealing with unresponsive instances. Customers with premium support can also contact AWS support at: https://console.aws.amazon.com/support/.

Are my Amazon WorkSpaces impacted? [Updated]

No.

Are my Amazon RDS instances impacted?

You will receive a separate notification alerting you to any RDS instances that need to be rebooted.

If I’m using a multiple Availability Zone RDS deployment, will Amazon stagger the instance reboots to maintain availability?

Yes.

Are my Amazon ElastiCache nodes impacted?

You will receive a separate notification alerting you to any ElastiCache nodes that need to be rebooted.

Are my Amazon Redshift clusters impacted? [Updated]

No.