DEV Community

Cover image for Amazon Linux 2 reaches EOL on June 30 — here's what breaks, and how to stay compliant
SunsetSignal
SunsetSignal

Posted on

Amazon Linux 2 reaches EOL on June 30 — here's what breaks, and how to stay compliant

Amazon Linux 2 (AL2) reaches end-of-life on June 30, 2026. If you're still on it, here's what actually breaks — and the part that turns it from tech debt into an audit problem.

Where it bites

EKS. AL2-based EKS AMIs stop receiving kernel updates. Move your node groups to AL2023 or Bottlerocket before the cutoff.

Lambda. Runtimes and base images still on AL2 — Java 8 on AL2, provided.al2, older Python — lose patching. Move to the AL2023-based runtimes AWS is shipping.

Why it's a compliance problem, not just tech debt

Running an unsupported OS is a direct finding in SOC 2 and ISO 27001 audits — supported software is an explicit requirement. PCI DSS 4.0 goes further and requires an end-of-life management program. So an unpatched AL2 box isn't just risky; it can cost you a certification, and with it customer contracts.

A 3-step check before it bites

  1. Inventory by runtime across ALL accounts and regions. A single-region CLI query misses things — this is where teams get caught.
  2. Test on the AL2023 target in staging. Most breakages are in native dependencies, not your code.
  3. Capture the evidence. Note the migration in your compliance documentation so it doesn't surprise you at audit time.

The bigger pattern

AL2 is one of dozens of these. The notices are scattered across changelogs and lifecycle pages, one per provider — so most teams find out during an audit or after an outage, not before.

That's exactly why I started SunsetSignal: a free, 5-minute weekly brief on the deprecations, EOLs and breaking changes hitting serverless & AWS teams — curated, prioritized, with what to do and why it matters for compliance. If that's useful: https://sunsetsignal.com

What's the last deprecation that caught your team off guard?

Top comments (0)