Containers

Amazon ECS-optimized Amazon Linux AMI End-of-Life

Update April 16, 2021 – The Amazon ECS-optimized Amazon Linux AMI ended its standard support on April 15, 2021 and has entered a maintenance support phase.

Since its launch in 2015, the Amazon ECS-optimized Amazon Linux AMI has helped a number of customers build containerized Linux-based applications on Amazon Elastic Compute Cloud (EC2). The AMI has enabled customers to get their containerized applications up and running by bundling the Amazon ECS Container Agent, Docker daemon, and Docker runtime dependencies with the latest Amazon Linux OS version. To bring enhance security, stability, and productivity, we introduced the Amazon ECS-optimized Amazon Linux 2 AMI in October 2018. This enabled Amazon ECS customers to harness the stability and security benefits of the Amazon Linux 2 OS with no extra effort.

On December 31, 2020, the Amazon Linux AMI ended its standard support and entered a new maintenance support phase. During this maintenance support period:

  • The Amazon Linux AMI will only receive critical and important security updates for a reduced set of packages.
  • It will no longer be guaranteed to support new EC2 platform capabilities, or new AWS features.

As a result, on April 15, 2021, the Amazon ECS-optimized Amazon Linux AMI will be ending its standard support phase and will enter a maintenance support phase. In the maintenance support phase, Amazon ECS will continue providing critical and important security updates for a reduced list of packages. During this period, Amazon ECS will no longer add support for new EC2 instance types, new services and features, and new packages to the Amazon ECS-optimized Amazon Linux AMI. Instead, this AMI will receive updates only for critical and important security fixes that apply to a reduced set of packages. The maintenance support period will end on June 30, 2023.

Amazon ECS customers who are currently using the Amazon ECS-optimized Amazon Linux AMI should migrate to the Amazon ECS-optimized Amazon Linux 2 AMI. Since the same Amazon ECS container agent version and Docker daemon version are packaged with both these AMIs, the only differences between the two AMIs come from the underlying OS version. In most cases, you should be able to simply deploy an application that you are currently running on an instance using the Amazon ECS-optimized Amazon Linux AMI to an instance that is using the Amazon ECS-Optimized Amazon Linux 2 AMI.

You can refer to this blog post for guidance on how to refresh the container instances in your active Amazon ECS cluster with instances built from a newly released AMI using EC2 Auto Scaling Groups. For customers who do not use EC2 Auto Scaling Groups, the process remains the same but will need to be performed manually. To ensure that this happens in a safe manner we recommend adding AL2 instances to your ECS cluster, and then migrating traffic off AL1 instances slowly by setting the ECS instance state to DRAINING. This will gracefully terminate running Amazon ECS Tasks on the instance and Amazon ECS will automatically replace these Tasks to available capacity in the cluster. After all Tasks on the AL1 instance have been terminated, you can terminate the instance. Once you are comfortable that your application is behaving normally on the new instance, you can then repeat this process for other instances in your cluster.

While most customers do not face any issues during this migration, the following differences between the Amazon ECS-optimized Amazon Linux and Amazon ECS Optimized Amazon Linux 2 AMI are worth noting:

  • Amazon Linux 2 uses ‘systemd’ for its service management while Amazon Linux uses ‘init.d’. Systemd has a more robust model for service dependencies and service start ordering. Hence, in the Amazon ECS-optimized Amazon Linux 2 the Docker and Amazon ECS services both depend on the user data script running before they can be started or restarted. This means that you cannot do systemctl restart docker or systemctl restart ecs in user data.
    • One potential workaround is to use the --no-block flag. ie, systemctl start ecs --no-block
    • This also means that Amazon Linux 2 user data scripts should not attempt to wait for Amazon ECS or Docker services to start before exiting, as this condition will never satisfy.
    • Since the Amazon ECS service starts after user data, the user data script also cannot wait for the instance to join the Amazon ECS cluster before exiting. The instance will never join the cluster until after the user data script exits.
  • Docker on the Amazon ECS-optimized Amazon Linux 2 AMI utilizes the overlay2 storage driver, while the Amazon ECS-optimized Amazon Linux AMI uses the deprecated devicemapper driver. Migrating from the Amazon Linux to Amazon Linux 2 AMI will yield an I/O performance improvement for most workloads.

You can find more technical details on support for the Amazon Linux AMI here. We will continue to update this post as we hear more from customers.