🦄 Making great presentations more accessible.
This project aims to enhances multilingual accessibility and discoverability while maintaining the integrity of original content. Detailed transcriptions and keyframes preserve the nuances and technical insights that make each session compelling.
Overview
📖 AWS re:Invent 2025 - Amazon Linux: latest features and AWS optimizations (CMP303)
In this video, AWS presents Amazon Linux's 15-year evolution and latest innovations. Sree Sunku and Frédérick Lefebvre cover AL2023's key updates including 1,500 security fixes, kernel lifecycle changes (moving to 4-year maintenance with new SSM parameters), FIPS validation completion, DISA STIG automation, OpenSSL 3.2 performance improvements (up to 15x faster), graphical desktop support, NVIDIA repository integration, and SPAL (Supplementary Packages for Amazon Linux) launch with thousands of EPEL-rebuilt packages. Critical announcement: AL2 end of support is June 30, 2026. The next Amazon Linux version is coming in 2027 with automated kernel updates, easier upgrades, and enhanced AI/ML workload support.
; This article is entirely auto-generated while preserving the original presentation content as much as possible. Please note that there may be typos or inaccuracies.
Main Part
15 Years of Amazon Linux: Introduction and Evolution
Hi everyone, and welcome to the session for Amazon Linux. Before we get started, I wanted to take this moment and recognize that it's been 15 years since we launched the first version of Amazon Linux. AL1, or Amazon Linux 1, was launched in 2010. Fifteen years has been a long time. We've learned a lot from our customers during this period, and we've adapted to the changes that have been happening upstream. I assume that many of you in the audience may have used all three versions of Amazon Linux, or at least two. So today we are excited to present to you the latest features and AWS optimizations for Amazon Linux. I'm Sree Sunku, Sr. Product Manager for Amazon Linux, and with me I have Frédérick Lefebvre, who is the Principal Engineer for Amazon Linux. So let's dive right in.
In our agenda today, we'll start with the Amazon Linux journey. We'll talk about the evolution of the various versions of Amazon Linux. Then we will talk about the key features and the innovations that have happened on AL2023 this year. We will then touch upon the most important timelines and upcoming timelines for end of support for Amazon Linux 2. After that, we will talk about what's next for Amazon Linux and what's coming up. Finally, we'll wrap it up. So that's the agenda for today's session.
Let's start with what is Amazon Linux. Amazon Linux is a Linux distribution that was created by AWS and is maintained by AWS. It is a general-purpose operating system, and it is optimized for AWS infrastructure. It also features container-ready architecture by integrating with AWS services like EKS and ECS. All of Amazon uses Amazon Linux, and the majority of our customers have a huge footprint on Amazon Linux. Amazon Linux is also the most popular operating system on AWS.
Now let us understand why our customers and Amazon use Amazon Linux. First, it is optimized for AWS. Amazon Linux comes with specific configurations, for example, CloudInit configurations, and comes with a pre-installed set of AWS tools. So when you run your workloads on AWS, it is efficient. Second, we are highly secure. Security is a top priority for everybody. In fact, security is a fundamental element of an operating system. If you have used Amazon Linux in the past, you probably know that Amazon Linux provides security patches and bug fixes on a regular basis. We'll talk a lot more about security in the upcoming slides as well.
Third, we simplify operations. By having deep integrations with various AWS services, we can do so. Let's take an example of launching an instance. When you launch an instance, you would have to consider various parameters, for example, network configuration, attaching IAM roles, EBS volumes, or even monitoring and logging. Amazon Linux has native integrations with all these AWS services so that when you launch an instance using Amazon Linux, it just works out of the box.
Fourth, we are compliance ready. A lot of our customers in regulated industries like healthcare, finance, or even government agencies need compliance as a must-have, not just a nice-to-have. Amazon Linux is compliance ready. You will hear a little bit more about FIPS and DISA STIGs in the upcoming slides. Last but not least, Amazon Linux helps you lower your total cost of ownership. While you still have to pay for the compute resources, Amazon Linux has no licensing fee, and not just that, it comes with prebuilt AWS support. This is one of the reasons that our customers really appreciate Amazon Linux and all the reasons why they use Amazon Linux.
Next, let us talk a little bit about the evolution. As I was talking about 2025 being the 15th year for Amazon Linux, let me walk you through the timeline.
Amazon Linux 1 was launched in 2010 and was purpose-built for the cloud with integrations with AWS services. We then launched Amazon Linux 2 in 2017, which provided enhanced stability and security with long-term support. Amazon Linux 2 became the most used operating system because of these reasons. In 2023, we launched Amazon Linux 2023, our latest version, which provides modern features and improved security defaults. Now we'll hear more about the innovations we have made in Amazon Linux 2023 from Frédérick Lefebvre. I'll hand it over to you.
Security First: CVE Management and the Growing Threat Landscape
Fifteen years of making Amazon Linux—I hadn't realized it had been so long. I just became aware of it as we were preparing those slides a few weeks ago, and it just sounds incredible to me. It got me thinking about what else we have not said about Amazon Linux in previous sessions. This is the third year in a row that we present here about Amazon Linux 2023. Just like my teenager will tell you, fifteen years old is pretty mature, and there isn't much else that you can learn once you have reached that age. But just like my teenager, Amazon Linux is picking up new tricks every year.
Today in this session, I'm going to tell you about some of the new tricks that Amazon Linux has picked up in the past year. We are going to cover three key pillars of Amazon Linux development philosophy. First, we are going to cover security and the new developments we have made regarding security because this is one of the things that our customers care the most about. We are going to see some new features that we have introduced while taking great care to maintain backward compatibility because stability is the second element that we care a lot about when developing Amazon Linux.
Then we are going to cover some new features that we have introduced in the last year in direct response to specific feedback from some of you, because making Amazon Linux useful to you and the rest of our customers is the third thing that the team is focusing a lot on as we think about Amazon Linux development over the years. Let's start with security, and let's start more specifically with CVEs. If you are not familiar with what CVEs are, I'm going to assume that most of you are already at least partly familiar with them. If you are not, just know that CVE stands for Common Vulnerabilities and Exposures. If you really don't know, every time that you hear me say CVE in the next minute or so, just replace it in your head with security issue, and everything will still make sense.
Some of the most common questions that we get from customers about Amazon Linux have to do with how specific CVEs affect or don't affect Amazon Linux versions. Those questions are easy to understand when you know that in every given year, the public CVE databases grow by tens of thousands of new entries. Most of those don't even relate to Linux at all. It's easy to understand why it has become unrealistic to expect that every organization and every system operator is able to keep up with this large flow of data that comes in throughout the year. This is where we come in.
Our team at Amazon Linux evaluates a wide range of new CVEs that affect open-source software that commonly makes up Linux distributions on a daily basis. We do this with two main goals in mind. First, we want to make sure that we can produce fixes in a timely fashion for customers to deploy, and we want to remain aware of the threat environment out there for the Linux ecosystem. The second aspect of our evaluation has to do with making sure that we keep control over false positives. We understand that CVE updates, while they are required and we all appreciate them, sometimes come with some level of operational risks. We want to make sure that we don't produce fixes or bring new code into Amazon Linux that is not required for security purposes.
A big thing that we try to do is make sure that we properly assess whether the security issues that we discover actually affect the version that we build in the operating system, and that the severity determined by the reporters makes sense and is accurate in the context of how Amazon Linux is used by our customers. The outcome of these processes so far this year has been about 1,500 security fixes that we have put out for Amazon Linux 2023 alone, without counting fixes that we have done for previous versions of Amazon Linux that are still supported or were still supported earlier this year.
Looking at the distribution of severities and packages across this data, we see over 80 critical CVEs, over 500 important CVEs, and over 800 medium CVEs. This year we have a few critical CVEs, which is not every year. I think last year we had zero or close to zero. We also make an effort to fix as many CVEs as we can while prioritizing them based on severity, so we still get to fix medium and low severity CVEs as well.
What makes this data particularly interesting to me this year is that when we looked at which packages were most affected by security issues in the past few years, especially this year in particular, more than half of the important severity CVEs and more than half of the medium severity CVEs, in fact closer to 60 percent, are specifically about the Linux kernel and not user space packages. If we look at the Linux ecosystem, which will be true for most Linux distributions, we see that most of the threats and most of the security patches that customers have to apply are being brought in by the kernel itself, which is kind of hard to avoid for all of us.
Adapting to Upstream Changes: New Linux Kernel Maintenance Strategy
This gets us into changes that we are making to how we maintain the Linux kernel for Amazon Linux. I need to first go into what has been happening in the upstream community regarding maintenance of the Linux kernel over the past 12 to 18 months. The long-term support branches of the upstream kernel from Linux.org have changed their maintenance structure. Previously they were maintained for up to 6 years, but the upstream community has now switched to maintaining them for strictly 2 years.
This has a big impact on downstream customers and vendors, but it also has an impact on you as users of the Linux kernel. Because of the large volume of CVEs that gets reported every year for the Linux kernel, as our kernel ages, there is an increasing volume of security patches that need to be backported to the aging kernels. All of those patches come with some level of risk, and we have seen increased regressions as kernels get older and patches get backported by the upstream community. In fact, this is one of the reasons why these changes are happening in the Linux project.
So what are we doing about this for Amazon Linux? If you are running AL2 or AL2023 with the 6.1 kernel as we released two years ago, it does not change anything. We are going to keep maintaining the 6.1 kernel until the end of support date for Amazon Linux 2023. As long as we support AL2023, we are going to keep maintaining the 6.1 kernel, and you will be able to keep launching those AMIs with the 6.1 kernel for that period of time as well.
If you are choosing to adopt or move on to newer kernels that we released, that is where you need to pay attention. Earlier this year, we released a 6.1 kernel, which is our new upstream LTS branch for our meta Linux. Starting with the 6.1 kernel, we are going to be maintaining future kernels for meta Linux for a period of four years, as opposed to maintaining them for the full support period of the operating system. Four years is still two years more than what we get from the upstream community, and we are doing this to make sure that those of you who require a specific kernel can keep running them with some level of stability.
We also want to give time for compliance tools and scanners to catch up. We need to think about delays for certifications and similar considerations. Four years felt like a good balance, and from the feedback we've gotten from customers, this seemed to be hitting the right point.
If you're running the math in your head as I'm talking, you'll probably already realize that as we move forward and release future versions of Amazon Linux, a four-year kernel lifetime isn't going to give you a stable kernel for the full lifetime of future versions of Amazon Linux. You should expect that as you adopt future versions of Amazon Linux past AL2023, you will have to plan for at least one kernel upgrade along this path.
We are hoping that by doing this, we will make migrations and updates simpler. We will tell you some specific plans that we have moving forward in order to help this transition from one OS to the next and maintain stability with the Linux kernel. In parallel to this, we have introduced new SSM parameters to target the Linux kernel for Amazon Linux 2023. If you're not familiar with SSM parameters, we recommend that customers pick which Amazon Linux AMIs they are going to launch. You should always launch the latest version of the AMI that has been released. You want to launch an AMI that has already been patched and has no pending security issues. By using the SSM parameters in your auto scaling groups configuration, you can make sure that you always have the latest AMI that we have published.
When we launched AL2023, we tagged the Linux version and encoded the kernel version in those SSM parameters. So as you launch Amazon Linux 2023 AMIs, you are actually launching Amazon Linux 2023 with the 6.1 kernel. When we released the 6.1.2 kernel earlier this year, we did the same thing. We created new SSM parameters with Amazon Linux 2023 encoded with the 6.1.2 kernel, so that you can select which kernel you want your own instances to launch with.
What is new this year is that we have also introduced new SSM parameters with a default kernel tag. By talking to customers, we realized that most customers don't care or don't need to care about which kernel they are actually running. All they want is a working kernel on the Amazon Linux instance. For those customers that don't have very specific requirements and don't pay close attention to the performance profile on their instances, we recommend that they move to the kernel default SSM parameter.
In those cases, if you were to launch this AMI this week, you will get the 6.1 kernel. A few weeks or a few months from now, you will transparently get migrated to the 6.1.2 kernel, and in the future as we release new LTS kernels from Amazon Linux, you are going to get those new kernel versions as well. We are hoping that this is going to make it easier to keep up with new kernels. By migrating to new kernels, we believe that you are reducing your exposure to potential regressions that come from backporting patches to kernels as they become older.
Meeting Compliance Requirements: FIPS Validation and DISA STIGs
Of course, if you are taking this route, we expect that you will keep using Amazon Linux predictable updates to make sure that you are able to properly test between kernel versions and between different weeks of our releases. You are able to roll back or lock on the previous version while we stabilize bugs or issues that you will have reported. Another key topic that comes up in conversations with customers is compliance. Many of our customers run environments where they have strict compliance requirements that have to be met. Some of those requirements, such as FIPS as well as other related requirements of the US federal government, are particularly important. A common topic with customers is how you can make it easier for us to operate in those environments with very strict compliance criteria.
If you need FIPS today in your environment, you probably already know what it is. For those who don't, I don't want this to derail into a discussion about FIPS, which is a fairly complex space, but basically the short version is that FIPS is a set of policies and standards that regulates workloads for the US government as well as the Canadian government and some highly regulated industries. Regarding Linux, the most relevant of these is FIPS 140. FIPS 140 specifies which cryptographic algorithms can be used and how they can be used in environments covered by FIPS validation and certification.
Customers that required FIPS with Amazon Linux were previously limited to either running Amazon Linux 2, or were limited to using Amazon Linux 2023 under special approval while the AL2023 cryptographic modules were still under test by the FIPS standards. Earlier this year, Amazon Linux 2023 got the final FIPS validation for all of our cryptographic modules. We got final validation for OpenSSL, the kernel, NSS, GnuTLS, and Libgcrypt. What this changes for you is that if you need to run Amazon Linux in an environment where FIPS is required, you can now do so confidently by launching any of the default Amazon Linux 2023 AMIs.
You have the choice to either enforce FIPS as you launch instances by changing your kernel command line and enforcing FIPS mode, or you can do so by turning it on in the user space configuration of your various applications. Of course, this comes with some caveats. I specifically avoided mentioning versions of OpenSSL and kernel in my previous sentences, but the versions that were first validated are the versions we released Amazon Linux with a few years ago. Newer versions of the kernel, like the 6.12 kernel, are not yet validated and are still undergoing testing.
This process is ongoing, and similarly OpenSSL 3.2 that we released earlier this week is also undergoing revalidation. Moving forward, as we have committed previously, we are going to keep rerunning revalidation of Amazon Linux 2023 as we make updates and feature updates, but also security updates. This ensures that if you have strict requirements to run the specific versions that were first validated, you can do so and catch up to the current state of Amazon Linux over months and years.
The other compliance topic that has often come up with customers is DISA STIGs. These are a set of required configurations that need to be applied to your instances and workloads, mostly in the Department of Defense industry, but are also adopted by other groups and industries that have strict compliance requirements. AWS partnered with DISA to develop the Amazon Linux 2023 DISA STIG. This was released back in September, only a few weeks ago. Now, if you require or operate in an environment that has requirements for DISA STIG configuration, you can follow this document and apply all of those configurations to Amazon Linux 2023 instances to ensure they conform to the specifications.
Of course, nobody likes to manually configure instances or apply all of those updates to your configuration management software, so that is a bit of a hassle. To avoid this, we partnered with two key AWS services to automate the DISA STIG configuration on your behalf. If you are using EC2 Image Builder, you can now toggle the DISA STIG configuration documents for AL2023.1.3 as part of your image build. If you do so, it will ensure that every image you build with EC2 Image Builder comes right out of the box preconfigured for Amazon Linux 2023 DISA STIG, and that will ensure that the resulting instances are also going to be properly configured.
Similarly, if you use AWS Systems Manager to configure your running instances, AWS Systems Manager has released a managed document for Amazon Linux 2023 DISA STIG that you can also apply on your running instances or on your new instances as they launch. This ensures you get conformance to the DISA STIG format for Amazon Linux 2023 out of the box without manual work on your part. Hopefully this is useful to some of you.
Closing the Performance Gap: OpenSSL 3.2 Improvements
Another interesting development that we did in the last year is work on OpenSSL performance improvements. When we released Amazon Linux 2023 back in March of 2023, we released it with OpenSSL 3.0. Some of the feedback we got fairly early on from customers is that you noticed performance differences between Amazon Linux 2 and Amazon Linux 2023. Some of you pointed to very specific performance degradation as you transitioned from using Amazon Linux 2 with OpenSSL 1.0.2 to using Amazon Linux 2023 with OpenSSL 3.0.
It turns out that those performance differences were pretty standard across the industry. They were seen on all of the Linux distributions that were early adopters of OpenSSL 3.0. There were good reasons to adopt OpenSSL 3.0 at the time. OpenSSL 3.0 comes with a ton of new functionalities that make it easier to operate services. It does much better at backward compatibility and provides much cleaner APIs and much better separation between the APIs and data structures, which makes life much easier for application developers. However, it was a major rewrite of OpenSSL, and it came with a lot of growing pains that we only realized after it started to be more widely adopted.
The upstream community has worked through those issues. There has been a lot of work in recent versions of OpenSSL to try to close the gap. Earlier this year with Amazon Linux 2023.7, one of our quarterly release versions, we released OpenSSL 3.2. The data that we have gotten from our internal benchmarks as well as from customers shows that OpenSSL 3.2 and Amazon Linux 2023.7 covers most of the performance gaps, if not all of the performance gaps that were present with OpenSSL 3.0. We are back to the performance level that you would have seen on AL2 with OpenSSL 1.0.2.
In fact, synthetic benchmarks that we run showed improvements up to 15 times faster with OpenSSL 3.2 than we have seen with OpenSSL 3.0. Of course, synthetic benchmarks only mean so much. Data from customers as well as from our internal teams running TLS workloads have shown up to 2 to 3 times performance improvement in the establishment of TLS sessions. That is fairly significant. For some of you, it can result in not only performance improvement but cost savings, as we have been told by customers that they had to upgrade instance types that they were using in order to keep up with the volume of requests that they had to process on each of their instances or to scale up their fleet.
Another separate thing that we did at the same time as we upgraded OpenSSL versions is that we separated the FIPS provider, the FIPS modules of OpenSSL, out into its own package. This means that if you have strict requirements to run the FIPS provider that were validated to the FIPS certification validation of AL2023, you can do so by installing this specific package independently from the OpenSSL version that we ship on the base AMI. Even though our AMI ships the latest OpenSSL version, you can keep installing the FIPS modules that were originally validated by installing the separate FIPS provider. We are going to keep doing so as we keep evolving OpenSSL. As we revalidate Amazon Linux 2023 for FIPS, we are going to upgrade the version of the FIPS provider as well to catch up to the OpenSSL version that we ship in the base AMIs.
Expanding Capabilities: Graphical Desktop, NVIDIA Support, and SPAL Repositories
Graphical desktop is another thing that we did this year. It turns out that some customers came to us and customers do not all run their workloads on EC2, or customers do not all run their workloads in server type environments. We learned from you that there are some requirements out there for graphical desktop requirements, maybe you are testing graphical applications at scale, or maybe you have specific applications that your system operators have to run in a graphical environment. This is an interesting development because I remember sitting in meetings as we were designing what would become Amazon Linux 2023 several years ago, and we took the decision that we are not going to do a graphical desktop. We did not think this was required. We run and build a distro for the cloud, we build a distro for EC2. We thought we are going to keep the operating system simpler, and we are going to constrain the dependencies.
We didn't initially include a graphical desktop, but we learned from customers that you know your requirements better than we do. So we went back to the drawing board and adapted Amazon Linux to include a new graphical desktop. There's nothing special about it, which is good news. It's based on GNOME and does everything you would expect from a graphical desktop. You can use a mouse, move the pointer around, and browse the internet in all its colorful glory.
The specific work we did was to keep the dependency tree of this graphical desktop as small as possible. We worked to keep repeat offender applications that drag in critical and important CVEs on a regular basis out of the dependency tree so that we don't bring those onto your instances. We also partnered with the Amazon DCV team to ensure you have a secure mechanism for remote access to your systems running the graphical desktop.
Looking at the download data from our graphical desktop package, it turns out that some of the packages we had to bring in for the graphical desktop seem to be more popular than the graphical desktop itself. If you have been using the video codecs we released as part of the graphical desktop update, I would very much like to learn from you what you are doing with them and better understand your usage and requirements so that we can better support those in the future. More people seem to be downloading our video codecs than they are downloading the actual desktop itself, which makes me very curious about what you are all doing.
Customers have also told us over the past several years that running Amazon Linux on EC2 accelerated instance types is sometimes harder than it should be. It's been difficult to understand which NVIDIA software stack you should be running on your EC2 accelerated instance. There's been a disconnect between our documentation and the documentation of the vendor and hardware, and we wanted to make it easier for you to ensure that you run the right software on your systems to get the best performance.
In the last year, we released Amazon Linux 2023 NVIDIA repositories. This is not a package that we built ourselves. We are taking the RPMs that NVIDIA makes available on their website. You might ask why you would use those instead of getting them directly from NVIDIA. The difference with our repositories is that we have partnered with the EC2 platform teams that build the accelerated platforms you might be using. We work with them to qualify every update that NVIDIA puts out.
Every new RPM of the drivers and the CUDA software stack that NVIDIA releases goes through our automated pipeline. We validate them for regression and ensure that they meet the right level of performance we expect out of those instances. Only then are those packages moved to the Amazon Linux 2023 NVIDIA repositories. We did this to ensure that you have a mechanism to verify that you are running a version of the software that has been properly tested on the EC2 platforms and that produces the best performance we can get out of those instances.
We've also added security metadata to those repositories because as your AI workloads transition from fast experimentation to production systems and as compliance and auditors catch up to what we have all been doing, we want to ensure that you have mechanisms in place to report and verify that you are running the latest versions and that you have applied all of the security patches on your systems. Every time NVIDIA releases new versions that cover CVEs and fix pending CVE issues they have discovered in the software, we also produce SBOM advisories for all NVIDIA repositories so that your automation and your scanners can pick them up and ensure to report the correct states for your systems. Of course, those repositories are replicated across all the regions and all AZs so that you don't have to reach out to the public internet or do cross-region access.
You can easily enable those repositories on your instances with a simple DNF command to install the NVIDIA release package, which will apply the configuration for the repositories. From that point on, you can follow NVIDIA documentation to install all the packages that your workloads may need. This ensures you get low latency access to our repositories wherever your instances are running.
A few weeks ago, we released the supplementary packages for Amazon Linux. That's quite a mouthful, so we came up with the SPAL acronym to refer to them. We did this in response to customers telling us that as you migrated from AL2 to AL2023, many of you were previously relying on packages coming out of the EPEL repositories, the Fedora EPEL repositories. As we released AL2023, the fact that you could not find those packages in Amazon's core repositories was making it harder for you to migrate workloads from AL2 to AL2023.
We released the SPAL repositories in collaboration with SUSE. We partnered with SUSE to rebuild packages from the EPEL 9 repositories and rebuild them for Amazon Linux 2023. They came out with a few thousand packages, and we are going to keep increasing this. This is a living project, and we are going to keep building in new packages in those repositories over the next couple of weeks and months. We hope that this is going to make it easier for customers who are still on AL2 and have been blocked on some package availability to transition to AL2023.
This repository comes with a couple of caveats that I need to warn you about. We do not support those packages to the same level that we support packages in the core repositories. Our commitment to the SPAL repositories is that any update to those packages made in the upstream Fedora project will be brought back into the Amazon SPAL repositories. However, we are not planning at this time to make original updates independently from the Fedora project in those repositories. We are currently not publishing security advisories for the SPAL project either. This is a bit of a use-at-your-own-risk model, but we are committed to making this work with Amazon Linux 2023 moving forward.
I could start enumerating a long list of packages, but I encourage you to check our documentation to see all of the packages that have currently been published. As new packages are added, this documentation is going to be updated. We had a lot of things happening this year. The key things that I really want you to remember are changes to the current lifecycle. This is super important, and this is true for AL2023, but this is going to be true moving forward. We are really trying to adapt with what is happening in the upstream community and making sure that we deliver you sustainable kernel updates.
Changes to compliance are important as well. If you care about this, you already know to pay attention. OpenSSL improvements have been a huge update this year. We are going to keep updating versions as time goes on to get you the best performance out of Amazon Linux 2023 on EC2. Of course, we released a ton of new packages through SPAL. I think that happened about two weeks ago. This is all very exciting and still a living project.
Amazon Linux 2 End of Support: What You Need to Know
On that, I am going to hand the mic back to Sree, who is going to talk to you about what is happening with AL2. Before we move on and talk about what is happening with Amazon Linux, this next version, let us talk about AL2. Are your workloads still on Amazon Linux 2? A quick reminder that AL2, or Amazon Linux 2, is upcoming its end of support on June 30, 2026. So approximately six months from now, AL2 will reach its end of support. We encourage all our customers to get off of AL2 before the end of support and upgrade to the latest version of Amazon Linux, which is AL2023.
Let us talk a little bit about what happens after June 30th, 2026. So on July 1st, what will happen?
July 1st marks an important transition point. While you'll still have access to the AL2 repositories and can continue using AL2 instances, AWS will not provide security patches, bug fixes, or AWS support in a regular fashion. That's why we encourage all our customers to plan your migrations, test them, and move off of AL2 before the end of support date.
Looking Ahead: The Next Version of Amazon Linux Coming in 2027
Let's switch gears and talk about the future of Amazon Linux. In this session, you've heard about the AL2 end of support timelines, and Frédérick talked about the AL2023 new features. What I'm excited to share with you is that we have started working on the next version of Amazon Linux, and as you can see on the screen, it will be coming in 2027.
Before I give more details about what the next version of Amazon Linux looks like, let me provide some context. As our customers were migrating from AL2 to AL2023, we heard a lot of feedback from our customers, and we've categorized them into four different buckets. First is continuity and predictability. You and our customers mentioned that you appreciate AWS integrations with various other AWS services and that we provide a secure and stable OS, which are obviously fundamental components to any operating system. You would also like us to provide predictability by giving you a timeline for when end of support will occur or when a new version of the OS will arrive. This will help you plan your migrations and upgrades.
Second, as customers were migrating from one major version to another, many of you mentioned that you want us to make these OS upgrades easier. Third, customers in regulatory industries like healthcare, finance, and government agencies wanted us to provide FIPS availability as soon as possible so they can migrate to the new version of the OS quickly. Last but not least, we heard from our customers that you want to work with us, provide feedback, and see a preview of what's coming with the next version.
This feedback translated into forming the pillars for the next version of Amazon Linux. First, the next version of Amazon Linux will evolve from AL2023. It will be built on the success of AL2023, and we will continue to maintain all the seamless integrations we have with AWS services today. Second is security. You heard a lot about security in terms of CVE fixes and kernel changes from Frédérick earlier. We will continue to provide secure updates, but in addition to that, we are thinking of providing automated kernel version updates by default. You heard about rolling kernel versions, and that is what we will provide in the next version of Amazon Linux.
Third is easy upgrades. By providing early access or preview access, you will be able to understand what is coming in the next version of Amazon Linux, and it will help you plan your upgrades better. Second, we will enhance our documentation and best practices to help make migrations much easier. Lastly, we're also thinking about overlapping kernel versions. For example, if AL2023 has a kernel version at 6.18, we'll make sure that the same kernel version is also available in the next version of Amazon Linux so that when you migrate, it becomes much easier.
Last but not least, we know our customers are investing heavily in AI workloads. The role of an OS in this is to be able to support these AI and ML workloads, and we can do so by providing the right drivers. For example, the next version of Amazon Linux will support and provide foundations for these AI and ML workloads.
We understand from you and our customers about the predictability and all the other feedback that you've provided. When we are ready to announce the next version of Amazon Linux, we will provide a 12 month advance notice, so watch out for our announcement on the Amazon Linux product pages.
In addition to that, we're looking for feedback from you. We want to hear from you and understand what really matters. The QR code on the bottom right here actually takes you to GitHub. When you go there, create an issue or feature request and provide your feedback there. We will definitely take that into consideration.
With that, I would like to wrap up the session with three key takeaways. First, AL2 or Amazon Linux 2 end of support is upcoming on June 30, 2026. We request our customers, if you have not already planned your migrations, please plan it and move off of AL2 before the end of support date. We are continuing to innovate on Amazon Linux. You heard a lot of new features on AL 2023.
As you're migrating from AL2 to AL 2023, and if you have dependencies on Alpine packages, make sure to check out SPA. It's a new feature that we just launched, and it can help you migrate easily. You don't have to build these packages from source. Familiarize yourself with the kernel changes that are happening. If you are a regulatory customer and you need FIPS or DISA STIG, please make sure to check that out too.
Lastly, Amazon Linux next is upcoming, so please watch out for the product pages for any future announcements, as well as provide feedback on GitHub and we'd love to hear from you. With that I thank you all for attending this session and please remember to fill out the session survey in the mobile app and thank you again. If you have any questions just come talk to us. Thank you so much.
; This article is entirely auto-generated using Amazon Bedrock.
Top comments (0)