Antipattern: ECS + yum update

This is part of our antipatterns series. Ouch!
With the recent bugs in ecs-agent 1.8.0, you may be trying to roll back to amzn-ami-2015.09.e or earlier to get a last-known-good ecs agent.
If you have yum update
in your userdata, however, it updates ecs-init
and that, in turn, will auto-upgrade you to 1.8.0—rolling back to an older image won't help!
But... you don't want to get rid of yum update
it from your userdata because of fun CVEs in glibc and openssh.
Solution: yum update --exclude=ecs-init
Best of both worlds: you get the latest security patches and you can roll back to whatever agent you want!
Confirmed to work with Julien of AWS Support. Thanks Julien!