They do at least for Ubuntu. One local to each AWS region even, not just one. Bandwidth is expensive, it’s all in their interest to have as much locally as possible than go out for mirrors. That definitely looks like something broke.

Those could very well be a bad batch of AMIs and now that they’ve all been spun up as instances there’s no taking it back short of emailing customers and politely asking them to fix the mirrors.

Or people are just following online guides and adding that particular repo copy pasting the mirror line which goes to the public mirrors.

It’s maddening how inefficient CI/CD setups are.

It’s maddening how inefficient CI/CD setups inexperienced DevOps engineers are. - Fixed that for you.

Proper pipelines are modular and should run longer validation or updates externally, with only necessary stages executing.

• code validate - will this code compile
• code secure - are there any known security flaws introduced
• code plan/compile - if it’s iac, plan, if it’s application code, compile
• if it’s prod or like, approve required (human delay). Dev, test, uat - proceed with deploy
• code deploy - push code live

Things like: patching, config management, vulnerability scanning, compliance checks, etc… are done outside the pipeline.

There’s a reason people like me charge a lot! Lazy and/or inexperienced staff will get you in trouble one day.

Pop the images you use into your local image repository.