General
Q: What is Amazon Linux 2023?
A: Amazon Linux 2023 (AL2023) is a general-purpose rpm-based Linux distribution and a successor to Amazon Linux 2. AL2023 simplifies planning for operating system upgrades. Starting with AL2023, a new major version of Amazon Linux is released every two years, includes minor quarterly releases, and comes with five years of long-term support. Amazon Linux 2023 integrates with AWS services and is designed to be deployed at scale in the cloud. By default, AL2023 AMIs and container images lock to a specific version of the package repository, ensuring deterministic behavior and simplifying integrating OS updates into continuous integration and deployment environments.
Q: How can I report bug or issue?
You can use the Amazon Linux 2023 GitHub page or work with your account team to report a bug or issue.
Q: What is the release schedule for Amazon Linux?
A: A new major version releases every two years and comes with five years of long-term support with each release consisting of two phases: active development phase (2 years), and maintenance phase (3 years). In the active development phase, the release receives quarterly minor version updates. Each minor version is a cumulative list of updates that includes security and bug fixes in addition to the new features and packages. During the maintenance phase, a release receives only security updates and critical bug fixes that will be published as soon as they are available. You can view the status of any known security vulnerability on the AL2023 Security Center page. Every time we release new repositories, we will also release a new Linux Amazon Machine Image.
Q: What is included in major and minor releases?
A: Major versions of Amazon Linux will include new features and security and performance improvements across the stack, including the kernel, toolchain, glibc, openssl and all other system libraries and utilities. Major releases of Amazon Linux will be based in part on the current version of the upstream Fedora Linux distribution, though Amazon may choose to add or replace specific packages from other non-Fedora upstreams (e.g. Linux kernel is sourced from kernel.org’s Long Term Support choices and is maintained specifically for Amazon’s Linux products). You should expect major release updates for packages in the repository that are sometimes not backwards compatible. We will provide a full list of changes between major releases. Quarterly minor releases will include security updates, bug fixes, and new features and packages. Examples of changes in the minor releases include latest language runtimes, like PHP and other popular software packages such as Ansible and Docker. During the maintenance phase, a release receives only security updates and critical bug fixes that will be published as soon as they are available.
Q: How will updates for major and minor releases be provided?
A: Updates are provided via a combination of new AMI (Amazon Machine Image) releases and corresponding new repositories. By default, a new AMI and the repository to which it points are coupled, but you can point your running Amazon EC2 instances to newer repository versions over time in order to consume updates on running instances. You can also update by launching new instances of the latest AMIs.
Q: How frequently will a new Amazon Linux AMI available?
A: Every time we release a new version (major version, minor version or a security release), we will also release a new Linux Amazon Machine Image (AMI).
Q: How can I control the updates I receive from major and minor releases?
A: AL2023 locks to a specific version of your repository (this can be any major or minor version). The AL2023 AMI exposed through our SSM parameters will always be the latest and have the most up to date packages and updates, including critical and important security updates. If you launch an EC2 instance using the AL2023 AMI via the launch wizard, you will always have the latest updates. However, if you launch an instance from an older AMI, no updates will automatically be applied and any additional packages that are installed as part of your provisioning will map to the repository version from which the older AMI was built. This enables you to ensure there is consistency of package versions and updates across your environment, especially if you are launching multiple instances from the same AMI. You can apply updates based on the schedule that works for you. You can also apply a specific set of updates on launch, as these too can be locked to a specific repository version. Please refer to the documentation for more details.
Q: What is the process to control the package updates available from the AL2023 repositories?
A: When we publish a new version of the AL2023 repositories, all previous versions will still be available. By default, the plugin for managing repository versions will lock to the same version that was used to build the AMI. If you need to control package updates, you can discover available repository versions to update to by running “dnf check-release-update”, and select a version by running the listed command, “dnf —releasever=version update”. At that point, “dnf install” or “dnf upgrade“ will only choose packages from the selected repository version. If you do not need to control package updates, you can select the “latest” version, which will always point to the most recent version of the AL2023 repositories. If you currently use Amazon Linux 2, this restores the legacy behavior for package updates that you and existing patch workflows might expect.
Q: Will my AL2023 instance automatically receive critical and important security updates?
A: Not in a default configuration. By default, the plugin for managing repository versions will lock to the same version that was used to build the AMI, and no security updates will be applied. You can always change the default configuration to automatically receive package updates. You can also specify to receive only security updates. Please refer to the documentation for more details.
Q. How can I get started with using Amazon Linux 2023 on AWS?
A: AWS provides an Amazon Machine Image (AMI) for Amazon Linux 2023 that you can use to launch an instance from the Amazon EC2 console, AWS SDK, and CLI. Refer to Amazon Linux 2023 documentation for more details.
Q. Are there any costs associated with running Amazon Linux 2023 in Amazon EC2?
A: No, there is no additional charge for running Amazon Linux 2023. Standard Amazon EC2 and AWS charges apply for running Amazon EC2 instances and other services.
Q: Can I use AL2023 outside of AWS?
A: AL2023 images can be used outside of AWS, however, these images are not covered by AWS Support Plans when used outside of AWS.
Q: Which group of customers is AL2023 best suited for?
A: AL2023 is a great option if you are looking for a general-purpose Linux operating system to use on AWS. AL2023 is optimized for Amazon EC2, well integrated with latest AWS features, and offers an integrated experience with many of AWS-specific tools (AWS Systems Manager and AWS CLI). If you currently use Amazon Linux AMI (AL1) or Amazon Linux 2 (AL2), you should consider trying out AL2023 as it combines the benefits of both. Besides offering frequent updates and long-term support, Amazon Linux 2023 provides a predictable release cadence, flexibility and control over new software updates, and eliminates the operational overhead that comes with creating custom policies to meet standard compliance requirements.
Q: Does AL2023 have Amazon-Linux-Extras like AL2?
A: No, AL2023 does not have extras. For higher-level software packages like language runtimes, we will use the quarterly release where we will add major/minor updates to packages as separate namespaced packages in addition to the default package provided in the repository. For example, default Python version in Amazon Linux 2023 may be 3.8, but we will add Python 3.9 (python39) as a separate namespaced package whenever it is made available. These additional packages will closely follow their upstream release cadence and support model and their support policies can be accessed by the package manager for compliance and security use cases. Default packages will continue to be supported throughout the life of AL2023.
Q: How can I provide feedback on my experience with AL2023?
A: Feedback on Amazon Linux 2023 can be provided through your designated AWS representative, Amazon Linux Discussion Forums or Amazon Linux 2023 GitHub page.
Updates policy
Q: What will major and minor releases for AL2023 include?
A: Major releases (every two years) will include new features and security and performance improvements across the stack, including the kernel, toolchain, glibc, openssl and all other system libraries and utilities. Major releases of AL2023 will be based in part on the current version of the upstream Fedora Linux distribution, though Amazon may choose to add or replace specific packages from other non-Fedora upstreams (e.g. Linux kernel is sourced from kernel.org’s Long Term Support choices and is maintained specifically for Amazon’s Linux products). You should expect major release updates for packages in the repository that are sometimes not backwards compatible. We will provide a full list of changes between major releases and you will be able to perform in-place upgrade on a package level.
Quarterly minor releases (1.1, 1.2) will include security updates, bug fixes, and new features and packages. Examples of minor releases include latest language runtimes, like PHP and other popular software packages such as Ansible and Docker. Minor releases do not bring changes that break application compatibility. For example, the default versions of language runtimes will stay stable while the newer version of language runtimes are provided into the repository as new packages.
Q: How will updates for major and minor releases be provided?
A: Updates are provided via a combination of new AMI (Amazon Machine Image) releases and corresponding new repositories. By default, a new AMI and the repository to which it points are coupled, but you can point your running Amazon EC2 instances to newer repository versions over time in order to consume updates on running instances. You can also update by launching new instances of the latest AMIs.
Q: How can I control the updates I receive from major and minor releases?
A: AL2023 locks to a specific version of your repository. The AL2023 AMI shown in the EC2 launch wizard will always be the latest and have the most up to date packages and updates, including critical and important security updates. If you launch an EC2 instance using the AL2023 AMI via the launch wizard, you will always have the latest updates (same as the current experience with AL2). However, if you launch an instance from an older AMI, no updates will automatically be applied and any additional packages that are installed as part of your provisioning will map to the repository version from which the older AMI was built. This enables you to ensure there is consistency of package versions and updates across your environment, especially if you are launching multiple instances from the same AMI. You can apply updates based on the schedule that works for you.
Q: How can I control package updates available from the AL2023 repositories?
A: When we publish a new version of the AL2023 repositories, all previous versions will still be available. By default, the plugin for managing repository versions will lock to the same version that was used to build the AMI. If you need to control package updates, you can discover available repository versions to update to by running “dnf check-release-update”, and select a version by running the listed command, “dnf —releasever=version update”. At that point, “dnf install” or “dnf upgrade“ will only choose packages from the selected repository version. If you do not need to control package updates, you can select the “latest” version, which will always point to the most recent version of the AL2023 repositories. This restores the legacy behavior for package updates that you and existing patch workflows might expect.
Security
Q: Does AL2023 support SELinux?
A: Yes. SELinux is a security module providing access control policies. It is widely used in the industry to lock down Linux servers and to protect against malicious activity. Major applications within AL2023 come with pre-configured SELinux policies to help you meet your compliance needs.
Q: What is the default AL2023 SELinux configuration?
A: AL2023 will have SELinux in permissive mode by default. You can change SELinux settings to enforced mode via command line by executing ‘setenforce’ or by running this command on launch from cloud-init userdata. When the instance is rebooted, it will remember and use the SELinux setting that was specified the first time unless you change it. Please refer to the AL2023 documentation for more details.
Q: What packages are not included in Release Candidate but will be available by GA?
A: Please see the Amazon Linux 2023 Release Notes for full details. Examples of changes coming between Release Candidate and GA include the Hibernation Agent, and AMIs being registered to launch with IMDSv2 only (i.e. disabling IMDSv1) by default.
Q: Why does a security scanner report an unfixed CVE in an Amazon Linux package when an Amazon Linux Security Advisory claims the CVE to be fixed in that version?
A: Amazon Linux, like most Linux distributions, routinely backports security fixes to stable package versions vended in its repositories. When these packages are updated with a backport, the Amazon Linux security bulletin for the particular issue will list the specific package version(s) in which the issue is fixed for Amazon Linux. Security scanners that rely on versioning from a project’s authors sometimes won’t pick up that a given CVE fix has been applied in an older version. Customers can refer to Amazon Linux Security Center (ALAS) for updates regarding security issues and fixes.
Long Term Support
Q: What is the long-term support policy for AL2023?
A: AL2023 provides updates for its packages and will maintain compatibility within a major version for customer applications built on AL2023. Core packages, such as glibc, openssl, openssh, and the dnf package manager, receive support for the lifetime of the major AL2023 release. Packages that are not part of the core packages will receive support defined by their upstream sources. You can view the specific support status and dates of individual packages by running the ‘dnf supportinfo packagename’ command. The full list of core packages will be finalized during preview. If you would like to see more packages included as core packages, please tell us, and we will evaluate as we are collecting feedback. Feedback on Amazon Linux 2023 can be provided through your designated AWS representative, Amazon Linux Discussion Forum or Amazon Linux 2023 GitHub page.
Get started building with Amazon Linux 2023 in the AWS Management Console.