Amazon Linux 2 FAQs

Amazon Linux 2 is an Amazon Linux operating system that provides modern application environment with the latest enhancements from the Linux community and offers long-term support. In addition to Amazon Machine Images (AMI) and container image formats, Amazon Linux 2 is available as a virtual machine image for on-premises development and testing, enabling you to easily develop, test, and certify your applications right from your local development environment.

Amazon Linux 2 end of support date (End of Life, or EOL) will be on 2026-06-30.

Customers need to migrate to Amazon Linux 2023 (AL2023) prior to the AL2’s end of support (EOS) on June 30, 2026 [Refer Q2]. AWS will not launch new Amazon Linux versions in 2025 or 2026. AWS will provide one-year advance notice before launching new OS versions to help you plan your migrations. AL2023 is the latest version of Amazon Linux which offers enhanced security features including FIPS certification, modern package versions, improved performance, and support until June 2029. For best practices on AL2023 Migration, refer here.

Please refer to the documentation to learn more about the major differences between these distributions.

Amazon Linux 2 supports the latest Amazon Elastic Compute Cloud (Amazon EC2) instance features and includes packages that enable easy integration with AWS. It is optimized for use in Amazon EC2 with a latest and tuned Linux kernel version. As a result, many customer workloads perform better on Amazon Linux 2. Amazon Linux 2 is available as on-prem virtual machine images allowing local development and test.

Amazon Linux 2 is suited for a wide variety of virtualized and containerized workloads such as databases, data analytics, line-of-business applications, web and desktop applications, and more in production contexts. It is also available for use on EC2 Bare Metal Instances as both a bare metal OS and a virtualization host.

The core components of Amazon Linux 2 are:

1. A Linux kernel tuned for performance on Amazon EC2.

2. A set of core packages including systemd, GCC 7.3, Glibc 2.26, Binutils 2.29.1 that receive Long Term Support (LTS) from AWS.

3. An extras channel for rapidly evolving technologies that are likely to be updated frequently and outside the Long Term Support (LTS) model.

1. Amazon Linux 2 is available as virtual machine images for on-premises development and testing.

2. Amazon Linux 2 provides the systemd service and systems manager as opposed to System V init system in Amazon Linux AMI.

3. Amazon Linux 2 comes with an updated Linux kernel, C library, compiler, and tools.

4. Amazon Linux 2 provides the ability to install additional software packages through the extras mechanism.

AWS provides an Amazon Machine Image (AMI) for Amazon Linux 2 that you can use to launch an instance from the Amazon EC2 console, AWS SDK, and CLI. Refer to Amazon Linux documentation for more details.

No, there is no additional charge for running Amazon Linux 2. Standard Amazon EC2 and AWS charges apply for running Amazon EC2 instances and other services.

Amazon Linux 2 supports all Amazon EC2 instance types that support HVM AMIs. Amazon Linux 2 does not support older instances that require paravirtualization (PV) functionality.

Yes, Amazon Linux 2 supports 32-bit applications and libraries. If you are running on a version of Amazon Linux 2 that was launched before 10/04/2018, you can run “yum upgrade” to get the full 32-bit support.  

Yes. The yumdownloader --source tool in Amazon Linux 2 provides source code access for many components.

We will continue to provide critical security patches for Python 2 as per our LTS commitment for Amazon Linux 2 core packages even though the upstream Python community declared Python 2.7 End Of Life in January 2020.

We strongly recommend our customers install Python 3 on their Amazon Linux 2 systems and migrate their code and applications to Python 3.

There are no plans to change the default Python interpreter. It is our intention to retain Python 2.7 as the default for the lifetime of Amazon Linux 2. We will backport security fixes to our Python 2.7 packages as needed.

During a LTS release of the Operating System, the risk of making fundamental changes to, replacing, or adding another package manager is extremely high. Thus, in planning our Python 3 migration for Amazon Linux, we made the decision to do this across a major release boundary rather than within Amazon Linux 2. This is an approach shared by other RPM based Linux distributions, even ones without LTS commitments.

Kernel 5.10 brings a number of features and performance improvements - including optimizations for Intel Ice Lake processors and Graviton 2 powering the latest generation EC2 instances.

From a security standpoint, customers benefit from WireGuard VPN that helps setup an effective virtual private network with low attack surface and allows encryption with less overhead. Kernel 5.10 also brings a kernel lockdown feature to prevent unauthorized modification of the kernel image and a number of BPF improvements, including the CO-RE (Compile Once - Run Everywhere).

Customers with intensive input-output operations will benefit from better write performance, safer sharing of io_uring rings between processes for faster input-output operations, and support of the new exFAT system for better compatibility with storage devices. With the addition of MultiPath TCP (MPTCP), customers with several network interfaces can combine all available network paths to increase throughput and reduce network failures.

elfutils-libelf, glibc, glibc-utils, hesiod, krb5-libs, libgcc, libgomp, libstdc++, libtbb.so, libtbbmalloc.so, libtbbmalloc_proxy.so, libusb, libxml2, libxslt, pam, audit-libs, audit-libs-python, bzip2-libs, c-ares, clutter, cups-libs, cyrus-sasl-gssapi, cyrus-sasl-lib, cyrus-sasl-md5, dbus-glib, dbus-libs, elfutils-libs, expat, fuse-libs, glib2, gmp, gnutls, httpd, libICE, libSM, libX11, libXau, libXaw, libXext, libXft, libXi, libXinerama, libXpm, libXrandr, libXrender, libXt, libXtst, libacl, libaio, libatomic, libattr, libblkid, libcap-ng, libdb, libdb-cxx, libgudev1, libhugetlbfs, libnotify, libpfm, libsmbclient, libtalloc, libtdb, libtevent, libusb, libuuid, ncurses-libs, nss, nss-sysinit, numactl, openssl, p11-kit, papi, pcre, perl, perl-Digest-SHA, perl-Time-Piece, perl-libs, popt, python, python-libs, readline, realmd, ruby, scl-utils, sqlite, systemd-libs, systemtap, tcl, tcp_wrappers-libs, xz-libs, and zlib

AWS Support does not currently cover the on-premises use of Amazon Linux 2. The Amazon Linux 2 forum and Amazon Linux 2 documentation are the primary sources of support for the on-premises use of Amazon Linux 2. You can post questions, report bugs, and feature requests on the Amazon Linux 2 forums.

Yes. To facilitate migration to Amazon Linux 2, AWS will provide security updates for the last version of Amazon Linux and container image until December 31, 2020. You can also use all your existing support channels such as AWS Premium Support and Amazon Linux Discussion Forum to continue to submit support requests.

Learn more >>

Amazon Linux offers human and machine consumable security advisories, in which customer can subscribe to our RSS feeds or configure scanning tools to parse HTML. Feeds for our products can be found here:

Amazon Linux 1 / Amazon Linux 1 RSS
Amazon Linux 2 / Amazon Linux 2 RSS
Amazon Linux 2023 / Amazon Linux 2023 RSS

Extras is a mechanism in Amazon Linux 2 to enable the consumption of new versions of application software on a stable operating system. Extras help alleviate the compromise between the stability of the OS and freshness of available software. For example, now you can install newer versions of MariaDB on a stable operating system supported for five years. Examples of extras include tomcat9, memcached 1.5, Corretto 1.0.0_242, Postgresql 13, MariaDB 10.5, Go 1.9, Redis 6.0, R 4, Rust 1.38.0.

Extras provide topics to select software bundles. Each topic contains all the dependencies required for the software to install and function on Amazon Linux 2. For example, Rust is an extras topic in the curated list provided by Amazon. It provides the toolchain and runtimes for Rust, the systems programming language. This topic includes the cmake build system for Rust, cargo - the rust package manager, and the LLVM based compiler toolchain for Rust. The packages associated with each topic are consumed with the well-known yum installation process.

Available packages can be listed with the amazon-linux-extras command in the Amazon Linux 2 shell. Packages from extras can be installed with the “sudo amazon-linux-extras install ” command.

Example: $ sudo amazon-linux-extras install rust1

See Amazon Linux documentation for more details on getting started with Amazon Linux Extras.

Over time, rapidly evolving technologies in extras will continue to mature and stabilize and may be added to the Amazon Linux 2 "core" to which the Long Term Support policies apply.

Amazon Linux 2 has a rapidly growing community of Independent Software Vendors (ISVs) including Chef, Puppet, Vertica, Trend Micro, Hashicorp, Datadog, Weaveworks, Aqua Security, Tigera, SignalFX, and more.

A complete list of supported ISV applications is available on the Amazon Linux 2 page

To get your application certified with Amazon Linux 2, contact us.

Kernel Live Patching in Amazon Linux 2 is a feature that enables applying security and bug fixes to a running Linux Kernel without the need to reboot. Live patches for the Amazon Linux Kernel are delivered to the existing package repositories for Amazon Linux 2, and can be applied using regular yum commands such as ‘yum update —security’ when the feature has been activated.

The use cases targeted by Kernel Live Patching in Amazon Linux 2 include:

• Emergency patching to address high-severity security vulnerabilities and data corruption bugs without service downtime.

• Applying OS updates without waiting for long-running tasks to complete, users to log-out, or for scheduled reboot time-slots to apply security updates.

• Expediting roll out of security patches by eliminating rolling reboots required in highly available systems

AWS typically will provide kernel live patches to fix CVEs, which are rated as critical and important by AWS, for the default Amazon Linux 2 Kernel. The Amazon Linux Security Advisory ratings of critical and important generally map to the Common Vulnerability Scoring System (CVSS) score of 7 and higher. Additionally, AWS will also provide kernel live patches for select bug fixes to address system stability issues, and potential data corruption issues. There may be a small number of issues that do not receive kernel live patches despite their severity because of technical limitations. For example, fixes that change assembly code or modify function signatures may not receive kernel live patches. Kernels in Amazon Linux 2 Extras and any third-party software that are not built and served by AWS will not receive kernel live patches.

We provide kernel live patches for Amazon Linux 2 at no cost.

Kernel live patches are provided by Amazon and can be consumed with the yum package manager and utilities in Amazon Linux 2 and AWS Systems Manager Patch Manager. Each kernel live patch is provided as an RPM package. Kernel Live Patching is currently disabled by default in Amazon Linux 2. You can use the available yum plugin to enable and disable Kernel Live Patching. You can then use the existing workflows in the yum utility to apply security patches including kernel live patches. In addition, the kpatch command line utility can be used to enumerate, apply and enable/disable kernel live patches.

• ‘sudo yum install -y yum-plugin-kernel-livepatch’ installs the yum plugin for the kernel live patching capability on Amazon Linux.

• ‘sudo yum kernel-livepatch enable -y’ enables the plugin.

• ‘sudo systemctl enable kpatch.service’ enables kpatch service, the kernel live patching infrastructure used in Amazon Linux.

• ‘sudo amazon-linux-extras enable livepatch’ adds the kernel live patch repository endpoints.

• ‘yum check-update kernel’ displays the list of available kernels to update.

• ‘yum updateinfo list’ lists available security updates.

• ‘sudo yum update --security’ installs available patches which includes kernel live patches available as security fixes.

• ‘kpatch list’ to list all loaded kernel live patches.

Yes. You can use AWS SSM Patch Manager to automate applying kernel live patches without the need of an immediate reboot when the patch is available as a live patch. Visit the SSM Patch Manager documentation to get started.

AWS publishes details on kernel live patches to fix security vulnerabilities on the Amazon Linux Security Center.

While applying a kernel live patch in Amazon Linux 2, you cannot simultaneously perform hibernation, or use advanced debugging tools such as SystemTap, kprobes, eBPF based tools and access ftrace output files used by the kernel live patching infrastructure.

If you encounter issues with a kernel live patch, disable the patch and inform AWS Support, or Amazon Linux Engineering through an AWS Forums post.

Kernel Live Patching in Amazon Linux 2 does not remove the need for OS reboots entirely but provides significant relief from reboots to fix important and critical security issues outside planned maintenance windows. Each Linux Kernel in Amazon Linux 2 will receive live patches roughly for up to 3 months after the release of an Amazon Linux Kernel. After each 3-month duration, the OS needs to be rebooted into the latest Amazon Linux Kernel to continue to receive kernel live patches.

Kernel Live Patching in Amazon Linux 2 is supported on all x86_64 (AMD/Intel 64 bit) platforms that Amazon Linux 2 is supported on. This includes all HVM EC2 instances, VMware Cloud on AWS, VMware ESXi, VirtualBox, KVM, Hyper-V, and KVM. ARM-based platforms are currently unsupported.

Yes, AWS will continue to provide regular patches for all OS updates. As a general rule, both regular and kernel live patches will be provided at the same time.

By default, when a reboot is performed, kernel live patches are replaced with regular “non-live” patch equivalents. You can also perform reboots without replacing kernel live patches with regular patches. See Amazon Linux 2 Kernel Live Patching documentation for details.

Kernel Live Patching in Amazon Linux 2 does not change the kernel ABI compatibility of Amazon Linux 2.

Business and Enterprise plans for AWS Support includes premium support for all capabilities of Amazon Linux including Kernel Live Patching. AWS only supports kernel live patches provided by AWS and recommends contacting your vendor for issues with third-party kernel live patching solutions. AWS also recommends that you use only one kernel live patching solution on Amazon Linux 2.

A dedicated row in Amazon Linux Security Center listings will appear for each kernel live patch. The entry will have an identification such as “ALASLIVEPATCH-<datestamp>", and the package name will appear as "kernel-livepatch-<kernel-version>".

A kernel version will get live patches for roughly 3 months. Amazon Linux will provide kernel live patches for the last 6 kernels released. Please note that Kernel Live Patching will be supported only on the default kernel released in Amazon Linux 2. The next generation Kernel in the Extras will not receive kernel live patches.

To find out whether the current Linux Kernel continue to receive live patches or not, and when that support window ends, use the following yum command:

‘yum kernel-livepatch supported’

The kernel live patching yum plugin supports all workflows that are normally supported in the yum package management utility. E.g. ‘yum update’, ‘yum update kernel’, ‘yum update —security’, ‘yum update all’.

The kernel live patch RPMs are signed via GPG keys. However, the kernel modules are currently not signed.