Security patching and updating

This page describes how to safely update the bootstrap box (the Amazon Elastic Compute Cloud [Amazon EC2] instance you use to build and run Migration Assistant components), clean Docker caches, and rebuild the Migration Assistant container images.

Recommended cadence: Perform these steps only when Migration Assistant is not actively running.

Step 1: Patch the OS on the bootstrap box

sudo dnf upgrade --refresh -y

Note: If the kernel or core libraries are updated, a reboot is often required.

Reboot if required:

sudo reboot

After the box comes back up, reconnect and continue.

Step 2: Clear Docker build and download caches

Clearing the Docker build and downloaded caches removes all unused images, containers, networks, and volumes to free disk space and ensure clean rebuilds:

docker system prune -a --volumes

Step 3: Clean prior Gradle outputs

From the repository root, run the following command to clean prior Gradle outputs:

./gradlew clean

Step 4: Rebuild Migration Assistant images

Rebuild the Docker images used by Migration Assistant:

./gradlew :buildDockerImages -x test

Step 5: Redeploy Migration Assistant

Redeploy Migration Assistant to replace existing container images with the freshly built versions:

cd deployment/cdk/opensearch-service-migration
./deploy.sh <contextId>

Warning: Redeployment will interrupt any running migration tasks (for example, Capture Proxy, Traffic Replayer, or Reindex-from-Snapshot). Do not redeploy while actively migrating, as this can cause data loss or inconsistent state.

Troubleshooting

• toomanyrequests: Rate exceeded: Retry the last build command. Some downstream container images are rate limited and may change over time.

• Cannot pull base images: Ensure that the instance has internet egress (NAT/IGW) and access to Docker Hub/Amazon Elastic Container Registry (Amazon ECR) as required.

• Gradle cache corruption: If problems persist after ./gradlew clean, also remove ~/.gradle/caches and retry.