Amazon Linux 2 (AL2) reaches end-of-life on June 30, 2026. If you're still on it, here's what actually breaks — and the part that turns it from tech debt into an audit problem.
Where it bites
EKS. AL2-based EKS AMIs stop receiving kernel updates. Move your node groups to AL2023 or Bottlerocket before the cutoff.
Lambda. Runtimes and base images still on AL2 — Java 8 on AL2, provided.al2, older Python — lose patching. Move to the AL2023-based runtimes AWS is shipping.
Why it's a compliance problem, not just tech debt
Running an unsupported OS is a direct finding in SOC 2 and ISO 27001 audits — supported software is an explicit requirement. PCI DSS 4.0 goes further and requires an end-of-life management program. So an unpatched AL2 box isn't just risky; it can cost you a certification, and with it customer contracts.
A 3-step check before it bites
- Inventory by runtime across ALL accounts and regions. A single-region CLI query misses things — this is where teams get caught.
- Test on the AL2023 target in staging. Most breakages are in native dependencies, not your code.
- Capture the evidence. Note the migration in your compliance documentation so it doesn't surprise you at audit time.
The bigger pattern
AL2 is one of dozens of these. The notices are scattered across changelogs and lifecycle pages, one per provider — so most teams find out during an audit or after an outage, not before.
That's exactly why I started SunsetSignal: a free, 5-minute weekly brief on the deprecations, EOLs and breaking changes hitting serverless & AWS teams — curated, prioritized, with what to do and why it matters for compliance. If that's useful: https://sunsetsignal.com
What's the last deprecation that caught your team off guard?
Top comments (0)