Today I was creating new instances and I noticed something weird on it. I used to select an old instance, then "launch more like this" and finally detaching the volume and attaching a volume from a snapshot of the instance I'm clonning. Now, after the Instance is running I noticed my original php is 5.3.8 and the new Instance's one is 5.3.9. I started checking if there is any auto-update service and I don't have any running. Does someone know how to avoid the upgrade or why is this happening?
Amazon Linux uses cloud-init which performs various startup functions when an instance first boots. One of these functions is to perform a software package upgrade to the level specified by the config parameter repo_upgrade in /etc/cloud/cloud.cfg which appears to default to security in the AMI you reference.
It looks to me like there could be a bug in the upgrade sub in /usr/lib/python2.6/site-packages/cloudinit/DistAction/dist_repo_yum.py which handles the repo upgrade as it seems to simply upgrade everything in the case of UPGRADE_SECURITY.
You may want to report this behavior to Amazon, perhaps through the EC2 forum.