This is looks helpful.
Some context around what Liran posted here (back in 2020)
We have a 10.7.1 site that was built using AWS Cloud Formation, but with templates customised pretty heavily, based on the Esri supplied templates.
Our templates built a HA CF stack split across multiple tiers. We took the original Esri supplied AMI and recreated individual AMIs for each of Portal, Server and Data Store (removing the software we didn't want - such as SQL Server, and Desktop). These AMIs are referenced in the custom CF templates and in the Autoscaling configuration.
The result is a set of streamlined VMs. We have setup a work practice with this customer that the AMIs get updated (using the process in this document) each time Patching occurs. This is a bit of overhead, but required to ensure that as VMs are deployed in future (including any Auto-scale event) the new VM is up to date in patching and available rapidly.
At 10.9.+ we have some great new templates that will build multi-tier - using an AMI provided by the user - and if Esri software is already installed on the AMI, the CHEF scripting will recognise that and not download and reinstall.
And there is a new CF template that will build a custom AMI, downloading & installing the requested software (https://enterprise.arcgis.com/en/server/latest/cloud/amazon/cf-arcgis-ami-windows.htm).
That is great - but, it won't automatically patch the deployed software.
So, we will still need to maintain our AMIs with regular updates - particularly to have auto-scaling work effectively and ensure all VMs in an ArcGIS Site are at the same patch level.
@DavidCordes - what do you think?