Amazon Linux 2023
Earlier this month AWS has released Amazon Linux 2023, in short AL2023. Amazon Linux is a Linux distribution maintained by AWS. It is no suprise that the main purpose of this distribution is an optimized experience for running on AWS as it comes with features and intergration with AWS-specific tools. Besides an Amazon Linux Image the distribution is also offered as an container image.
AL2023 is the last generation of Amazon Linux, the successor of the initial version Amazon Linux and Amazon Linux 2. With the release of AL2023 AWS will release a new major version every two years. According to the cadence we can expect AL2025, AL2027 and so on. With every upcoming release the current release will go from Standard to Maintanance support (security patches only) to be retired after 3 years. This means that a major version has a supported lifespan of 5 years, which is fairly long in cloud. The new versioning and cadence is new for those that are familiar with the versions Amazon Linux and Amazon Linux 2. The previous versions were a rolling release, while from AL2023 (or in hindsight AL2) onwards a new major version will be released every 2 years.
In this blog the most significant updates will be highlighted.
What’s new in Amazon Linux 2023?
New base and kernels
AL2023 is based on Fedora Linux / CentOS Stream. Previous versions were based on Red Hat Enterprise Linux. Amazon customized the available packages and based the sources directly on stable kernels from kernel.org.
Release cycle and support
Starting with this version Amazon will release a new major version every two years. Next version will be launched in 2025 and will be named Amazon Linux 2025. Minor releases will be released every quarter and will include security enhancements, bug fixes etc. The lifecycle for each version (e.g. 2023.0, 2023.1, etc.) will span five years: two years of standard support followed by three years of maintenance support. Also repositories can be locked which will give customers control over updates and to lock major and minor versions if needed.
Security
Compared to previous versions security made a big step. AL2023 sets the bar higher with features such as new developments on pre-configured SELinux and updated policies, live kernel patching, updated crypto policies, secure-boot, kernel module signing etc. For cloud-users the live kernel patching is very useful. During the initial boot of an EC2 instance all pending security patches are installed automatically. Without live kernel patching a reboot was required before the patches were effective, which isn’t desired nor very useful in cloud setup with features such as autoscaling. With live kernel patches the security fixes will be applied without a reboot. Also IMDSv2 is now enabled by default.
SSM parameters
Amazon Linux 2023 images can be referenced via SSM parameters. The name of the parameter is /aws/service/ami-amazon-linux-latest/al2023-ami-kernel-6.1-arm64. The alias part can be replaced with one of the available aliasses:
- al2023-ami-kernel-6.1-arm64for arm64 architecture
- al2023-ami-minimal-kernel-6.1-arm64for arm64 architecture (minimal AMI)
- al2023-ami-kernel-6.1-x86_64for x86_64 architecture
- al2023-ami-minimal-kernel-6.1-x86_64for x86_64 architecture (minimal AMI)
Container image
Amazon Linux 2023 images are available on ECR (most efficient when you are running on AWS) and on Docker Hub. The latest version is tagged with 2023. Subsequent versions will have the minor version as suffix.
The image can be pulled from Docker Hub:
$ docker pull amazonlinux:2023
Or pull from ECR:
$ docker pull public.ecr.aws/amazonlinux/amazonlinux:2023
Compared with Amazon Linux 2
AWS published a comprensive comparision between Amazon Linux 2 and Amazon Linux 2023. You can find it here.
