AWS re:Invent 2023
Amazon Linux 2023 and beyond Cmp336

Title

AWS re:Invent 2023 - Amazon Linux 2023 and beyond (CMP336)

Summary

  • Presenters: Pallavi Ravishankar (Senior Product Manager, EC2) and Chris Slager (Director of Kernel and Operating System, EC2).
  • Amazon Linux 2023: RPM-based distribution optimized for AWS, supports a wide range of AWS services, and is available for EC2 instances, containers (ECS/EKS), and on-premises with a hypervisor.
  • Release and Support: Launched in March 2023 with a five-year support period, featuring a predictable release cadence with biweekly security updates and quarterly feature releases.
  • Key Features:
    • Deterministic updates and repository locking for predictable upgrades.
    • SELinux support with pre-configured security policies.
    • Kernel hardening, including Graviton3 support for pointer authentication.
    • Live kernel patching for security without downtime.
  • Optimization for AWS: Integrated with AWS tools and agents, supports various AWS services, and is the default choice for many AWS workloads.
  • Security: Emphasis on a secure-by-default approach, reduced package footprint, and proactive patching of all severity levels of CVEs.
  • Maintenance: Tools for easy administration, predictable update cadence, and features like versioned repositories for deterministic updates.
  • Cost: No additional cost for using Amazon Linux; users only pay for AWS resources.
  • Migration: Guidance provided for migrating from older versions to Amazon Linux 2023, emphasizing the separation of data from the OS and the use of EBS snapshots.
  • Engineering Philosophy: Collaboration with the open-source community, regular package updates, and a focus on security and integration with AWS services.
  • Partner Ecosystem: AWS Service Ready program for partners to qualify their software on Amazon Linux.

Insights

  • Deterministic Updates: Amazon Linux 2023 introduces deterministic updates, a feature that allows users to lock their system to a specific repository version, ensuring consistency across infrastructure and controlled update processes.
  • Security Focus: The security posture of Amazon Linux 2023 is enhanced through a reduced package footprint, SELinux support, kernel hardening, and comprehensive CVE patching, including less severe vulnerabilities.
  • Integration with AWS Services: Amazon Linux is deeply integrated with AWS services, providing a seamless experience for users running workloads on AWS, including pre-bundled agents for services like Amazon Inspector and AWS Systems Manager.
  • Migration Strategy: The presentation emphasizes the importance of planning for OS updates during the service design phase and provides a step-by-step migration guide, highlighting the benefits of separating data from the OS.
  • Cost Advantage: Amazon Linux being free of charge presents a cost advantage for AWS customers, potentially influencing the choice of operating system for cost-conscious users.
  • Community and Partner Engagement: Amazon Linux's development is community-driven, with an open invitation for feature requests via GitHub, and a partner ecosystem that ensures broad software compatibility and qualification on the latest Amazon Linux version.
Amazon Lex Reshapes Cx with Conversational Workflows and Generative Ai Aim222Amazon Mgm Studios Building a Next Generation Studio Amz203