Bottlerocket

Linux-based operating system purpose-built to run containers

Bottlerocket is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers. Bottlerocket includes only the essential software required to run containers, and ensures that the underlying software is always secure. With Bottlerocket, customers can reduce maintenance overhead and automate their workflows by applying configuration settings consistently as nodes are upgraded or replaced. 

Bottlerocket is now generally available at no cost as an Amazon Machine Image (AMI) for Amazon Elastic Compute Cloud (EC2).

Bottlerocket - Introduction (1:25)

Benefits

Increased uptime for container applications

Updates to Bottlerocket are applied in a single step and can be rolled back if necessary, resulting in lower error rates and improved uptime for container applications. By contrast, general-purpose operating systems are typically updated package-by-package.

Open-source development model enables custom builds

Bottlerocket’s open development model enables customers and partners to produce custom builds, for example, builds that support their preferred orchestrators. Changes in these custom builds can be contributed back for inclusion to the Bottlerocket open source project.

Lower management overhead and operational costs

Updates to Bottlerocket can be automated using container orchestration services such as Amazon EKS, which lowers management overhead and reduces operational costs.

Improved security and resource utilization

Bottlerocket includes only the essential software to run containers, which improves resource utilization and reduces the attack surface compared to general-purpose operating systems

Optimized performance through AWS integrations

AWS provided builds of Bottlerocket are optimized to run on Amazon EC2 and include support for the latest Amazon EC2 instance capabilities. They also have built-in integrations with AWS services for container orchestration, registries, and observability.

CIS hardening out of the box

Amazon Web Services’s Bottlerocket has been certified by the Center for Internet Security® (CIS®) to ship secure as hardened to CIS Bottlerocket Benchmark v1.0.0. Organizations that leverage Bottlerocket can now be assured that it will successfully run on a CIS hardened environment.

How it works

Bottlerocket HIW

What's new

  • Date

No posts could be found at this time.

1

Customer testimonials

Veeva

OODA Health is transforming the administrative experience in healthcare by enabling collaborative, real-time interactions between providers, members and payers.

Read the case study » 
Watch the webinar »

Veeva

Veeva Systems is the leader in cloud-based software for the global life sciences industry. We run a variety of containerized microservices on a development cluster built entirely on Bottlerocket nodes. We adopted Bottlerocket because we wanted a streamlined container OS with better resource efficiency, enhanced security, and reduced management overhead. The transition to Bottlerocket was a seamless experience and it has largely been a drop-in replacement for our other EKS nodes.

SumoLogic_Symbol_Black_CMYK

Sumo Logic is an AWS-native SaaS analytics platform that helps companies ensure application reliability, secure and protect against modern threats, and gain insights into their cloud infrastructures. On a continuous mission to refine the efficiency, reliability, and security of its operations, Sumo Logic adopted Bottlerocket as the standard image for Amazon Elastic Kubernetes Service (EKS) nodes, resulting in a lower management overhead and improved compliance posture.

GetYourGuide

GetYourGuide is the booking platform for unforgettable travel experiences. Travelers use GetYourGuide to discover the best things to do at a destination — including walking tours by top local experts, local culinary tours, cooking and craft classes, skip-the-line tickets to the world’s most iconic attractions, bucket-list experiences and niche offerings you won’t usually find anywhere else. We chose Bottlerocket as the operating system for our Kubernetes clusters because it reduces node maintenance costs for us and improves our application security. Bottlerocket integrates seamlessly with EKS and the declarative approach to configure instances at startup ensures our node groups run with high reliability and consistency.

Swisscom

Swisscom is Switzerland's leading telecoms company and one of its leading IT companies. The vast majority of the workloads we run in the cloud are containerized and we have been promoting a Bottlerocket-first strategy for our Kubernetes clusters since the early stages of our AWS journey.

Today, all our EKS worker nodes are powered by Bottlerocket OS. We adopted Bottlerocket because it is engineered to do one thing right: run containers. Run containers securely, thanks to a variety of built-in controls that create a secure environment for our applications. Run containers more efficiently by including only the essential runtime software and thus improving the overall instance resource utilization. Run containers for a very long time, being an opensource, community-backed project, capable to cope with future requirements effectively.

PedidosYa

PedidosYa, a brand of the German multinational company Delivery Hero, is a leading online delivery company in Latin America that connects millions of people with thousands of restaurants, markets, pharmacies and other partners in 15 countries. PedidosYa engineering platform is based on a microservices architecture running on containers. We use Bottlerocket as the base OS for all the nodes of our Kubernetes clusters which run hundreds of microservices on top of them.

We decided to use Bottlerocket for several reasons:

Speed: due to the size and characteristics of our business, it is crucial for us to scale fast enough to provide our customers with an excellent experience. Our experience with Bottlerocket has been that startup time is about 20 seconds, which is great compared to the previous OS which was over 1.5 minutes.
Security:
Bottlerocket is built to run containers, so it only has the needed software for this, and its attack surface is reduced to its minimum.
Maintenance:
updates are delivered safely through the API, and rollbacks are easy and fast.
Easy to use:
configuration and migration was straightforward for us. Migration from Docker runtime to containerd was really easy.

Cordial

Cordial is a cross-channel marketing platform built to help marketers create unique and unified customer experiences across all channels. Cordial uses Bottlerocket OS for Kubernetes worker nodes across multiple EKS clusters, powering applications and ci-cd runners. We adopted Bottlerocket for the three main reasons:

  1. Bottlerocket has faster boot times and helps us scale our k8s clusters and applications faster
  2. Bottlerocket has a small attack surface
  3. The TOML config format used by Bottlerocket makes customization of kubelet settings very simple

AWS Partners

These AWS Partners have run quality assurance and security tests on their software and provide support for their products on Bottlerocket. To learn more about how to run these Partner applications on Bottlerocket, check out our AWS Partner Bottlerocket Blog.

Monitoring & Logging Partners

Sitewise

"Accuknox is thrilled to partner with AWS Bottlerocket towards securing container workloads running on AWS Bottlerocket. While AWS Bottlerocket ensures the essential underlying host software needed to run containers is secure, Accuknox ensures the same for the container workloads running on this underlying software."

- Nat Nataraj, CEO, AccuKnox

Product: AccuKnox
Contact | Learn more

AppDynamics

"AppDynamics is excited to partner with AWS to extend full-stack observability to containerized applications on Bottlerocket. This purpose-built container operating system makes it simple to adopt agile methodologies that accelerate app development and simplify mobility, scale and security. Combined with AppDynamics (available on the AWS Marketplace) our customers can correlate application performance, user experience and security insights to key business outcomes and empower DevOps teams with the information needed to align innovation and strategy."

- Vipul Shah, VP Product Management, AppDynamics

Product: AppDynamics
Contact | Learn more

Datadog

"Container-optimized operating systems will give dev teams the additional speed and efficiency to run higher throughput workloads with better security and uptime. We are excited to work with AWS on Bottlerocket, so that as customers take advantage of the increased scale they can continue to monitor these ephemeral environments with confidence."

- Michael Gerstenhaber, Director of Product Management, Datadog

Product: Datadog Container Services
Sitewise

“We are thrilled to extend the Dynatrace partnership with AWS to Bottlerocket-based Kubernetes clusters. Bottlerocket is now fully integrated with Dynatrace, unifying observability and security for our mutual customers with one platform. We enable DevOps and SRE teams to quickly understand, manage and optimize the health and performance of containerized workloads. Plus, DAVIS AI adds automatic management and forecasting for all Kubernetes operations.”

– Florian Ortner, Chief Product Officer, Dynatrace

Product: Dynatrace
Epsagon

“Epsagon provides a single interface for monitoring, tracing and logging microservices running across containers, virtual machines, and any other compute service. Epsagon is proud to partner with AWS to deliver comprehensive visibility for containerized workloads running on the Bottlerocket operating system. With Bottlerocket, AWS customers can streamline their container infrastructure, and with Epsagon, customers get end to end observability for their containerized microservices.”

– Ran Ribenzaft, Co-Founder & CTO, Epsagon

Product: Epsagon
Epsagon

"Running Kong, a sub-millisecond performance and lightweight Gateway, on a container-optimized operating system like Bottlerocket becomes an important technical combination to provide not just a faster, but a more secure platform for API Management. We are very excited to be working with AWS and Bottlerocket OS."

– Kristian Gyorkos, VP Alliances, Kong

Product: Kong
INF_Logo_Hor_FC_RGB

“LogicMonitor is a fully automated, cloud-based infrastructure monitoring platform for enterprise IT and managed service providers. We are proud to deepen our partnership with AWS by supporting LM Container on the Bottlerocket operating system. LogicMonitor’s monitoring and intelligence platform already delivers unparalleled observability for IT teams. Being fully compatible with Bottlerocket OS will further strengthen LogicMonitor’s ability to make ITOps and DevOps teams even more efficient by enabling the use of containers to standardize development and deployment and drive optimizations in performance, security, and cost."

– Sarah Terry, Director of Product, LogicMonitor

Product: LM Container
New Relic

"With the release of Bottlerocket, AWS continues to advance broad-scale adoption of cloud native technologies that enable software teams to innovate faster, and New Relic is proud to partner with AWS to provide unparalleled observability into container-based applications. New Relic is fully compatible with Bottlerocket, and customers utilizing New Relic to monitor their containerized environments can begin instrumenting containers that run Bottlerocket today. New Relic is also available on AWS Marketplace."

- Ramon Guiu Hernandez, Vice President and General Manager of Infrastructure, New Relic

Product: New Relic One
Splunk

"Bottlerocket gives DevOps teams speed, efficiency and security in containerized environments. We are excited to partner with AWS, so our customers can innovate rapidly and scale efficiently by getting observability into every layer of containerized workloads deployed on Bottlerocket operating system as well as other AWS services from a single solution.”

Amit Sharma - Director of Product Marketing, Splunk

Products: Splunk Cloud, Splunk Enterprise

Security Partners

Aqua

Aqua is pleased to support the new Bottlerocket OS with our solutions for securing cloud infrastructure and application workloads at runtime. We see the combination of Bottlerocket and Aqua as an opportunity for customers to reduce the attack surface by using a minimal OS, prevent attacks that leverage configuration errors, and protect applications from malware by enforcing security policies in real time.

– Amir Jerbi, Co-founder and CTO, Aqua Security

Product: Aqua Cloud Native Security Platform
Crowdstrike

"As security becomes an earlier part of the development cycle, development teams must be equipped with solutions that allow them to quickly and effectively build from the ground up the strength and protection needed for the evolving threat landscape. Through CrowdStrike integrations with AWS, we are providing security teams with scale, speed and efficiency needed to adopt, innovate and secure technology across any workloads, providing simpler and better holistic protection and uptime for end users."

– Amol Kulkarni, Chief Product Officer of CrowdStrike

Product: Crowdstrike Falcon
NeuVector

“NeuVector is excited to announce support for the AWS Bottlerocket operating system. Security and availability are critical requirements for business critical container workloads, and together Bottlerocket and NeuVector provide the defense in depth required to detect and prevent attacks, malware, crypto-mining, ransomware and other threats. The container optimized and hardened Bottlerocket operating system provides a foundation upon which security platforms like NeuVector can extend security to applications and container networks.”

- Fei Huang, Co-Founder & Chief Strategy Officer, NeuVector

Product: Full Lifecycle Container Security Platform
Palo Alto

“We are delighted to support customers in securing containerized applications with AWS-optimized Bottlerocket. Prisma Cloud by Palo Alto Networks is tested and certified by AWS to monitor and protect containers on Bottlerocket with auto-deployment of Prisma Cloud Defenders for every node, even as clusters scale. As an AWS Technology Partner, our joint solutions help customers reduce attack surface, management overhead, and operational costs.”

- Hari Srinivasan, Sr Director of Product Management, Prisma Cloud

Product: Prisma Cloud Compute
Sysdig

“Sysdig’s mission to help customers securely run container workloads in production is well aligned with the key benefits Bottlerocket provides, namely, improved security, better uptime, and the ability to automate OS updates. We are pleased to be one of the first to validate our platform with Bottlerocket and to bring Sysdig’s security, monitoring and compliance capabilities deeper into AWS Cloud.”

- Loris Degioanni, Chief Technology Officer and Founder of Sysdig.

Product: Sysdig Secure
Trend Micro

"Together with AWS, we are committed to building security solutions for every development innovation, including protecting customers running containerized workloads,” said Sanjay Mehta, head of business development and alliances for Trend Micro. “We are proud to be a launch partner of Bottlerocket and to have our solution already validated on the new OS. We look forward to early customer adoption where users will benefit from a reduction in the manual effort of security patching which preserves uptime and ensures automation.”

Product: Trend Micro Cloud One
Tigera

“We’re excited to be working with AWS and to support Calico on Bottlerocket,” said Amit Gupta, Vice President of Product Management and Business Development at Tigera, the creator and maintainer of the open source Project Calico which powers several of the largest Kubernetes deployments across the globe, “Its optimizations for running containers will benefit our joint customers with improved availability, reduce costs through better resource usage, and provide better security by decreasing the attack surface.”

Product: Tigera Calico

Management & DevOps Partners

Armory

Armory Spinnaker is a cloud native, open source, continuous delivery platform that enables developers to deploy with speed and resilience. Armory is a strategic technology partner for AWS, and visualizes that Bottlerocket will be the next wave in containerized computing, enabling better security and uptime for containerized workloads. We successfully validated our technology on Bottlerocket, and are excited to help drive and accelerate deployments of business workloads on Bottlerocket.

Product: Armory Spinnaker
Codefresh

“Codefresh is a CI/CD deployment platform specifically created for containers, Kubernetes, and GitOps. We successfully validated our Codefresh runner on Bottlerocket enabling our customers to run their own pipelines in AWS in a secure way, by keeping all confidential information behind the firewall. The use of Bottlerocket further enhances the security of the Codefresh runner, by strengthening the underlying operating system using atomic updates and a minimal attack surface. We believe that the container evolution requires a new way of thinking and seeing Amazon investing in a container optimized operating system is a great match for Codefresh - the container optimized deployment solution.”

Product: Codefresh Runner
GitLab

"As AWS continues to build solutions to make customers' lives easier, like Bottlerocket with its ability to improve security, lower management overhead and still be open and customizable; GitLab is excited to offer customers a quick and easy way to leverage Bottlerocket as a targeted OS in its deployment pipelines to AWS EKS or bring your kubernetes cluster."

- Pete Goldberg, Director of Partnerships, GitLab.

Product: GitLab
Granulate

“Granulate's real-time continuous optimization solution allows customers to handle compute workloads with fewer servers while improving performance and reducing costs by tailoring OS-level scheduling and prioritization decisions to improve the infrastructure's application specific performance. We highly value our strategic partnership with AWS and are thrilled to support Bottlerocket and help optimize containerized environments running on Bottlerocket OS for AWS customers.”

- Tom Amsterdam, Chief Product Officer, Granulate

Product: Granulate Agent
Contact | Learn more

JFrog

“New paradigms require next-generation tooling. Managing and streamlining companies’ growing container infrastructure requires robust solutions that automate from code to runtime. At JFrog, we are proud to partner with AWS and the Bottlerocket team to ensure our joint customers are provided with complete environments and binary lifecycle tools for applications utilizing Amazon EC2, Amazon EKS, and other services.”

- Jens Eckels, Sr. Director of Product Marketing, JFrog
 
Product Name: JFrog Platform
IO Kasten

“Kasten’s K10 data management platform runs on AWS and is integrated with several AWS services including Amazon EBS, RDS, and IAM. Enterprises use K10 to perform critical functions like application-centric backup and granular recoveries of their Kubernetes applications running on AWS with EKS as well as other Kubernetes distributions,” said Gaurav Rishi, Head of Product, Kasten. “With the added integration of Kasten K10 on Amazon Bottlerocket, customers can now also take advantage of the added security and operational benefits like image-based updates.”

Product: Kasten K10 Data Management Platform
Puppet

“Puppet makes infrastructure actionable, scalable and intelligent. With our newest product, Puppet Relay, DevOps engineers can automate processes across the tools, cloud infrastructure, and APIs that they currently manage manually. These automated event-driven workflows provide security, cost optimization, incident response and continuous delivery in cloud-native environments,” said Alex Bilmes, VP of Growth at Puppet. “We’re excited to bring Relay’s functionality to Bottlerocket customers looking to leverage automation to save time, money, and resources.”

Product: Relay by Puppet
Spot
“Spot by NetApp is excited to collaborate with AWS on the Bottlerocket OS. Spot Ocean is a secure by default, serverless container engine that continuously optimizes the container infrastructure. It automates all aspects of Kubernetes Day2 operations, alleviating users from the infrastructure operational burden and allowing them to focus entirely on business problems. Bottlerocket from AWS advances this design pattern with an immutable OS that removes the management overhead of container host OS lifecycle management. Spot Ocean users can now leverage Bottlerocket as a fully supported offering."
 
- Manik Taneja, Principal Product Manager
 
Product: Spot by NetApp
Weaveworks

"Bottlerocket is an operating system optimized to run Kubernetes for EKS. It is fast, easy to manage, and just works. Bottlerocket plays nicely with Weaveworks GitOps models, and EKSctl out of the box.“

- Chanwit Kaewkasi, Developer Experience Engineer

Product: Weave Kubernetes Platform

Pricing

Bottlerocket is provided at no additional charge. Standard Amazon EC2 and AWS charges apply for running Amazon EC2 instances and other services.

Blog posts and articles

How the Bottlerocket build system works
Matt Briggs
Jan 25, 2021
 
Turbocharging EKS networking with Bottlerocket, Calico, and eBPF
Mikhail Shapirov and Curtis Rissi
Jan 21, 2021
 
Getting started with Bottlerocket and Certified AWS Partners
Curtis Rissi
Aug 31, 2020

Announcing the General Availability of Bottlerocket, an open source Linux distribution built to run containers
Samartha Chandrashekar 
Aug 31, 2020 
 
Bottlerocket - Open Source OS for Container Hosting
Jeff Barr
Mar 10, 2020
 
Quick Start Guide

If you’re ready to jump right in, read our Quickstart

Learn more 
Download Bottlerocket Here

Get started building with Bottlerocket

Download