Implemented architecture choice 'arm' or amd 'x86_64' for EC2 cloud (#14289)

New `arch` config.cfg parameter is used along with the image name
parameter to find the most recent OS image to be used in hosted ec2
instance. This allows the user to choose arm based instance types
which was causing algo failure during cloud formation.

Author: glennschler

config.cfg

@@ -182,6 +182,7 @@ cloud_providers:
     size: t2.micro
     image:
       name: "ubuntu-focal-20.04"
+      arch: x86_64
       owner: "099720109477"
     # Change instance_market_type from "on-demand" to "spot" to take advantage of
     # simplified spot launch options

docs/cloud-amazon-ec2.md

@@ -12,6 +12,8 @@ The cheapest EC2 plan you can choose is the "Free Plan" a.k.a. the "AWS Free Tie
 
 As of the time of this writing (July 2018), the Free Tier limits include "750 hours of Amazon EC2 Linux t2.micro instance  usage" per month, 15 GB of bandwidth (outbound) per month, and 30 GB of cloud storage. Algo will not even use 1% of the storage limit, but you may have to monitor your bandwidth usage or keep an eye out for the email from Amazon when you are about to exceed the Free Tier limits.
 
+Addtional configurations are documented in the [EC2 section of the deploy from ansible guide](https://github.com/trailofbits/algo/blob/master/docs/deploy-from-ansible.md#amazon-ec2)
+
 ### Create an AWS permissions policy
 
 In the AWS console, find the policies menu: click Services > IAM > Policies. Click Create Policy.

docs/deploy-from-ansible.md

@@ -110,8 +110,16 @@ Possible options can be gathered via cli `aws ec2 describe-regions`
 
 Additional variables:
 
-- [encrypted](https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/) - Encrypted EBS boot volume. Boolean (Default: false)
+- [encrypted](https://aws.amazon.com/blogs/aws/new-encrypted-ebs-boot-volumes/) - Encrypted EBS boot volume. Boolean (Default: true)
 - [size](https://aws.amazon.com/ec2/instance-types/) - EC2 instance type. String (Default: t2.micro)
+- [image](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/ec2/describe-images.html) - AMI `describe-images` search parameters to find the OS for the hosted image. Each OS and architecture has a unique AMI-ID. The OS owner, for example [Ubuntu](https://cloud-images.ubuntu.com/locator/ec2/), updates these images often. If parameters below result in multiple results, the most recent AMI-ID is chosen
+   ```
+   # Example of equivalent cli comand
+   aws ec2 describe-images --owners "099720109477" --filters "Name=architecture,Values=arm64" "Name=name,Values=ubuntu/images/hvm-ssd/ubuntu-focal-20.04*"
+   ```
+  - [owners] - The operating system owner id. Default is [Canonical](https://help.ubuntu.com/community/EC2StartersGuide#Official_Ubuntu_Cloud_Guest_Amazon_Machine_Images_.28AMIs.29) (Default: 099720109477)
+  - [arch] - The architecture (Default: x86_64, Optional: arm64)
+  - [name] - The wildcard string to filter available ami names. Algo appends this name with the string "-\*64-server-\*", and prepends with "ubuntu/images/hvm-ssd/" (Default: ubuntu-focal-20.04)
 - [instance_market_type](https://aws.amazon.com/ec2/pricing/) - Two pricing models are supported: on-demand and spot. String (Default: on-demand)
   * If using spot instance types, one additional IAM permission along with the below minimum is required for deployment:
     ```

roles/cloud-ec2/tasks/main.yml

@@ -12,7 +12,8 @@
     owners: "{{ cloud_providers.ec2.image.owner }}"
     region: "{{ algo_region }}"
     filters:
-      name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-amd64-server-*"
+      architecture: "{{ cloud_providers.ec2.image.arch }}"
+      name: "ubuntu/images/hvm-ssd/{{ cloud_providers.ec2.image.name }}-*64-server-*"
   register: ami_search
 
 - name: Set the ami id as a fact