If you launch an instance manually you should be able to attach a key and connect to it.
That said, the agents do an apt update and dist-upgrade at boot (and daily after that) so they should always have the latest patches. The main issue is if it is a kernel update and needs a reboot for the patches to apply then it won’t have those (Spectre/Meltdown patches likely fit in that category).
I can roll updated Linux AMI’s later this week but AFAIK there shouldn’t be any urgency about it. Spectre/Meltdown shouldn’t be an issue for the guests as there isn’t anything else running inside of the container that is a concern (and the browsers are secured independently). The VM hosts the containers run in would already have been updated by Amazon so other containers won’t be an issue it would just be other software running on the same guest that could potentially access memory it isn’t supposed to on the same guest.