Problem: Vulnerability Scan Shows Vulnerabilities in Databricks EC2 Instances

Problem

The Corporate Information Security (CIS) Vulnerability Management team identifies vulnerabilities in AWS instances that are traced to EC2 instances created by Databricks (worker AMI).

Cause

The Databricks security team addresses all critical vulnerabilities and updates the core and worker AMIs on a regular basis.

However, if there are long-running clusters that have not been restarted, the newest AMIs don’t get picked up by the cluster EC2 instances. Therefore, a scan might find vulnerabilities.

Solution

Restart long-running clusters or start a brand new cluster when you do vulnerability scans against specific Databricks worker EC2 instances. Here is the list of AMIs by region:

"ap-northeast-1": "ami-049ab85d0b7c1b63e",
"ap-northeast-2": "ami-05b4f3cbfe5c62b4f",
"ap-south-1": "ami-01b7e53b63156d59c",
"ap-southeast-1": "ami-0e63a581426a9269a",
"ap-southeast-2": "ami-083e86056b141d287",
"ca-central-1": "ami-0590e3c69822ad966",
"eu-central-1": "ami-04fdfb1ab7c6a85bf",
"eu-west-1": "ami-00dbe82c23df7a1ba",
"eu-west-2": "ami-00bba3f50d1594b0f",
"eu-west-3": "ami-07f236b01e74df9b5",
"sa-east-1": "ami-080a44c88bba862aa",
"us-east-1": "ami-07a7a32497bdfba58",
"us-east-2": "ami-0f94a5ec29e340f57",
"us-west-1": "ami-0bd87fb93321ea1a4",
"us-west-2": "ami-009e22ee20569ad19"