Amazon reboots Elastic Cloud Compute instances to protect against Xen bug
Thu 25 Sep 2014
Amazon Web Services’ Elastic Compute Cloud (EC2) instances are in a four-day reboot cycle because an unknown bug has been found in the company’s Xen virtualisation platform, reports Australian website IT News.
Amazon initially sent a routine round of emails to EC2 customers, referring to ‘required host maintenance’ as the reason for a series of rolling restarts, but the Australian tech site received a tip-off from an unnamed AWS client claiming that the reboots were not routine but instead necessary because of the discovery of a bug in the Xen virtualisation platform that Amazon deploys. The bug is not set to be publicly addressed until 1st October.
AWS Workload guru Thorsten von Eicken discussed the directive at the Cloud Management Blog, noting that it differs substantially from a similar incident in 2011, in that a far greater number of EC2 instances are to be rebooted, and relaunching an instance prior to the maintenance update will not in this case guarantee the client connects to a safely-patched host.
He also notes that certain types of EC2 instance remain unaffected, namely T1, T2, M2, R3, and HS1. The timescale for the reboots is between 02.00 UTC/GMT on 26th September and 23.59 on 30th September.
Tactically Amazon’s feint makes sense, given the potential for exploitation, but its disingenuous approach is likely to be called into question in certain quarters. At the time of writing no comment has been made at Amazon’s AWS web security blog.