Bottlerocket is a Linux-based open-source operating system that is purpose-built by Amazon Web Services for running containers on virtual machines or bare metal hosts. Most customers today run containerized applications on general-purpose operating systems that are updated package-by-package, which makes OS updates difficult to automate. Updates to Bottlerocket are applied in a single step rather than package-by-package. This single-step update process helps reduce management overhead by making OS updates easy to automate using container orchestration services such as Amazon EKS and Amazon ECS. The single-step updates also improve uptime for container applications by minimizing update failures and enabling easy update rollbacks. Additionally, Bottlerocket includes only the essential software to run containers, which improves resource usage and reduces the attack surface.
Bottlerocket is now generally available at no cost as an Amazon Machine Image (AMI) for Amazon Elastic Compute Cloud (EC2).
Increased uptime for container applications
Updates to Bottlerocket are applied in a single step and can be rolled back if necessary, resulting in lower error rates and improved uptime for container applications. By contrast, general-purpose operating systems are typically updated package-by-package.
Open-source development model enables custom builds
Bottlerocket’s open development model enables customers and partners to produce custom builds, for example, builds that support their preferred orchestrators. Changes in these custom builds can be contributed back for inclusion to the Bottlerocket open source project.
Lower management overhead and operational costs
Updates to Bottlerocket can be automated using container orchestration services such as Amazon EKS, which lowers management overhead and reduces operational costs.
Improved security and resource utilization
Bottlerocket includes only the essential software to run containers, which improves resource utilization and reduces the attack surface compared to general-purpose operating systems
Optimized performance through AWS integrations
AWS provided builds of Bottlerocket are optimized to run on Amazon EC2 and include support for the latest Amazon EC2 instance capabilities. They also have built-in integrations with AWS services for container orchestration, registries, and observability.
3 years of support
AWS-provided builds of Bottlerocket come with three years of support after General Availability is announced. These AWS-provided builds are covered by AWS support plans at no incremental cost. Additionally, community support is available on the Bottlerocket GitHub.
How it works
Veeva Systems is the leader in cloud-based software for the global life sciences industry. We run a variety of containerized microservices on a development cluster built entirely on Bottlerocket nodes. We adopted Bottlerocket because we wanted a streamlined container OS with better resource efficiency, enhanced security, and reduced management overhead. The transition to Bottlerocket was a seamless experience and it has largely been a drop-in replacement for our other EKS nodes.
These APN Technology Partners have run quality assurance and security tests on their software and provide support for their products on Bottlerocket. To learn more about how to run these partner applications on Bottlerocket, check out our APN Partner Bottlerocket Blog.
"Here at Alcide, a Kubernetes security leader, we are excited to support BottleRocket out of the gate. We found BottleRocket to be an evolutionary leap forward from the general purpose operating systems - it is a minimal, tailor made OS for EKS and container based workloads, that extends and expands container concepts into the host OS - the perfect balance between security, automation and operations."
- Gadi Naor, CTO and co-founder, Alcide
Aqua is pleased to support the new Bottlerocket OS with our solutions for securing cloud infrastructure and application workloads at runtime. We see the combination of Bottlerocket and Aqua as an opportunity for customers to reduce the attack surface by using a minimal OS, prevent attacks that leverage configuration errors, and protect applications from malware by enforcing security policies in real time.
– Amir Jerbi, Co-founder and CTO, Aqua Security
Armory Spinnaker is a cloud native, open source, continuous delivery platform that enables developers to deploy with speed and resilience. Armory is a strategic technology partner for AWS, and visualizes that Bottlerocket will be the next wave in containerized computing, enabling better security and uptime for containerized workloads. We successfully validated our technology on Bottlerocket, and are excited to help drive and accelerate deployments of business workloads on Bottlerocket.
“As a leader in the cybersecurity industry with a cloud-delivered workload protection solution, CrowdStrike is excited to be a launch partner for Bottlerocket. We look forward to helping our customers with increased visibility, control and protection for their containerized workloads running on Bottlerocket, delivered via a single light weight agent and managed through a single console. This integration will result in reduced attack surface and low operational overhead for customers to run their containerized applications securely, and with better uptime.”
- Amol Kulkarni, Chief Product Officer at CrowdStrike
"Container-optimized operating systems will give dev teams the additional speed and efficiency to run higher throughput workloads with better security and uptime. We are excited to work with AWS on Bottlerocket, so that as customers take advantage of the increased scale they can continue to monitor these ephemeral environments with confidence."
- Michael Gerstenhaber, Director of Product Management, Datadog
“Epsagon provides a single interface for monitoring, tracing and logging microservices running across containers, virtual machines, and any other compute service. Epsagon is proud to partner with AWS to deliver comprehensive visibility for containerized workloads running on the Bottlerocket operating system. With Bottlerocket, AWS customers can streamline their container infrastructure, and with Epsagon, customers get end to end observability for their containerized microservices.”
– Ran Ribenzaft, Co-Founder & CTO, Epsagon
"As AWS continues to build solutions to make customers' lives easier, like Bottlerocket with its ability to improve security, lower management overhead and still be open and customizable; GitLab is excited to offer customers a quick and easy way to leverage Bottlerocket as a targeted OS in its deployment pipelines to AWS EKS or bring your kubernetes cluster."
- Pete Goldberg, Director of Partnerships, GitLab.
“Kasten’s K10 data management platform runs on AWS and is integrated with several AWS services including Amazon EBS, RDS, and IAM. Enterprises use K10 to perform critical functions like application-centric backup and granular recoveries of their Kubernetes applications running on AWS with EKS as well as other Kubernetes distributions,” said Gaurav Rishi, Head of Product, Kasten. “With the added integration of Kasten K10 on Amazon Bottlerocket, customers can now also take advantage of the added security and operational benefits like image-based updates.”
“LogicMonitor is a fully automated, cloud-based infrastructure monitoring platform for enterprise IT and managed service providers. We are proud to deepen our partnership with AWS by supporting LM Container on the Bottlerocket operating system. LogicMonitor’s monitoring and intelligence platform already delivers unparalleled observability for IT teams. Being fully compatible with Bottlerocket OS will further strengthen LogicMonitor’s ability to make ITOps and DevOps teams even more efficient by enabling the use of containers to standardize development and deployment and drive optimizations in performance, security, and cost."
– Sarah Terry, Director of Product, LogicMonitor
“NeuVector is excited to announce support for the AWS Bottlerocket operating system. Security and availability are critical requirements for business critical container workloads, and together Bottlerocket and NeuVector provide the defense in depth required to detect and prevent attacks, malware, crypto-mining, ransomware and other threats. The container optimized and hardened Bottlerocket operating system provides a foundation upon which security platforms like NeuVector can extend security to applications and container networks.”
- Fei Huang, Co-Founder & Chief Strategy Officer, NeuVector
"With the release of Bottlerocket, AWS continues to advance broad-scale adoption of cloud native technologies that enable software teams to innovate faster, and New Relic is proud to partner with AWS to provide unparalleled observability into container-based applications. New Relic is fully compatible with Bottlerocket, and customers utilizing New Relic to monitor their containerized environments can begin instrumenting containers that run Bottlerocket today. New Relic is also available on AWS Marketplace."
- Ramon Guiu Hernandez, Vice President and General Manager of Infrastructure, New Relic
“Puppet makes infrastructure actionable, scalable and intelligent. With our newest product, Puppet Relay, DevOps engineers can automate processes across the tools, cloud infrastructure, and APIs that they currently manage manually. These automated event-driven workflows provide security, cost optimization, incident response and continuous delivery in cloud-native environments,” said Alex Bilmes, VP of Growth at Puppet. “We’re excited to bring Relay’s functionality to Bottlerocket customers looking to leverage automation to save time, money, and resources.”
"Bottlerocket gives DevOps teams speed, efficiency and security in containerized environments. We are excited to partner with AWS, so our customers can innovate rapidly and scale efficiently by getting observability into every layer of containerized workloads deployed on Bottlerocket operating system as well as other AWS services from a single solution.”
Amit Sharma - Director of Product Marketing, Splunk
“Sysdig’s mission to help customers securely run container workloads in production is well aligned with the key benefits Bottlerocket provides, namely, improved security, better uptime, and the ability to automate OS updates. We are pleased to be one of the first to validate our platform with Bottlerocket and to bring Sysdig’s security, monitoring and compliance capabilities deeper into AWS Cloud.”
- Loris Degioanni, Chief Technology Officer and Founder of Sysdig.
“We’re excited to be working with AWS and to support Calico on Bottlerocket,” said Amit Gupta, Vice President of Product Management and Business Development at Tigera, the creator and maintainer of the open source Project Calico which powers several of the largest Kubernetes deployments across the globe, “Its optimizations for running containers will benefit our joint customers with improved availability, reduce costs through better resource usage, and provide better security by decreasing the attack surface.”
"Together with AWS, we are committed to building security solutions for every development innovation, including protecting customers running containerized workloads,” said Sanjay Mehta, head of business development and alliances for Trend Micro. “We are proud to be a launch partner of Bottlerocket and to have our solution already validated on the new OS. We look forward to early customer adoption where users will benefit from a reduction in the manual effort of security patching which preserves uptime and ensures automation.”
"Bottlerocket is an operating system optimized to run Kubernetes for EKS. It is fast, easy to manage, and just works. Bottlerocket plays nicely with Weaveworks GitOps models, and EKSctl out of the box.“
- Chanwit Kaewkasi, Developer Experience Engineer
Blog posts and articles
If you’re ready to jump right in, read our Quickstart
Get started building with Bottlerocket on GitHub.