tf/asg: Look up Fedora AMI by attributes

Instead of hard-coding the AMI ID of the Fedora build we want, we can
use the `aws_ami` data source to search for it.  The Fedora release team
has a consistent naming scheme for AMIs, so finding the correct one is
straightforward.

terraform/asg.tf

@@ -27,11 +27,31 @@ resource "aws_security_group" "k8s-node" {
   }
 }
 
+data "aws_ami" "latest-fedora" {
+  most_recent = true
+  owners = ["125523088429"]
+
+  filter {
+    name = "name"
+    values = ["Fedora-Cloud-Base-38-1.*"]
+  }
+
+  filter {
+    name = "virtualization-type"
+    values = ["hvm"]
+  }
+
+  filter {
+    name = "architecture"
+    values = ["arm64"]
+  }
+}
+
 resource "aws_launch_template" "k8s-aarch64" {
   name = "k8s-aarch64"
 
   update_default_version = true
-  image_id               = "ami-0dcd72048e69236de"
+  image_id               = "${data.aws_ami.latest-fedora.id}"
   instance_type          = "t4g.medium"
   security_group_names   = [aws_security_group.k8s-node.name]
   key_name               = "dustin@rosalina"

terraform/iam-policy.json

@@ -11,6 +11,7 @@
                 "autoscaling:DescribeTags",
                 "sns:Unsubscribe",
                 "sns:GetSubscriptionAttributes",
+                "ec2:DescribeImages",
                 "ec2:DescribeSecurityGroups"
             ],
             "Resource": "*"