Amazon Linux 2023: new name and foundation, but old principles

Hyperscaling environments such as AWS or Azure bind customers closely to the respective provider. So it’s not surprising that providers like Amazon would also like to have their fingers in the operating system that customers use in the environments. For this reason, Microsoft is now developing its own Linux distribution and AWS was already at the start in 2010 with Amazon Linux. Now the provider has released the new version called Amazon Linux 2023 of its in-house Linux distribution.

However, anyone who thinks of AL2023 as a generally usable Linux distribution in the sense of Debian or openSUSE is wrong. Amazon Linux 2023 is only available as an image file within AWS. There are ready-made Docker images for users who also want to run their containers within AWS on AL2023. However, unlike before, real VM images of Amazon Linux 2023 will no longer be available. This makes life particularly difficult for application developers who want to use Amazon Linux but run their CI/CD pipeline outside of AWS.

Only Fedora: New substructure

Technically, a lot is happening with Amazon Linux 2023: The distribution comes with a new substructure, which is now based exclusively on Fedora. Although Fedora Linux was previously a mainstay of Amazon Linux, the distribution also included packages from Red Hat’s enterprise distribution and other sources. This is now over – and this can become a problem for administrators: Up to now, packages from the EPEL directory could also be operated within Amazon Linux. This is no longer possible. Elsewhere, too, it’s time to get used to it, because who still yum instead of dnf used, does not directly reach into the void in Amazon Linux 2023. yum is here however an alias on dnf – so you always use that one, no matter which package manager you call up.

Precisely because Amazon Linux 2023 is only available in the context of the closed AWS system, the usual criteria for evaluating distribution releases do not apply. For example, a comparatively fresh Linux 6.1.15 is at work under the hood – but with AWS, at most its security functions are of interest because factors such as hardware compatibility play no role. However, Amazon documents one noteworthy difference to Fedora: SELinux is activated on the kernel side, but switched to “permissive” mode in AL2023, i.e. de facto inactive. Anyone who wants to actively use SELinux should, according to Amazon’s will, do so in the future via cloud-init activate explicitly.

Sophisticated release system

With AL2023, however, the release cycle that the provider has come up with seems to be almost more important than the specific technology. According to Amazon, users can rely on receiving at least two years of support for a version of Amazon Linux. Quarterly there should be point releases that deliver security updates, error corrections and new functions, whereby the security updates can also be obtained continuously during operation via a separate package directory. Incidentally, this also applies to kernel patches, which can even be imported into AL2023 during operation using live patching.

In addition, the status of an AL system can now be virtually frozen: If you only want to obtain security updates but no other updates, you can control this via the activated package directories. Also a dnf update therefore no longer causes all available updates to be imported automatically. In this way, Amazon would like to make it easier for the operators of large fleets of virtual instances to ensure uniformity within the environment: Unlike before, the administrator can in future, by selecting the activated package folders, ensure that he does not have an environment of numerous VMs with wildly different versions.

The developers remark almost smugly that the immutable infrastructure variant of system integration can also be implemented much better in this way: In the eyes of the provider, anyone who wants to jump from one AL version to a new one should do so after all do it via CI/CD and recreate the respective instances with a new image. Amazon is making it more difficult for third-party software developers to offer their own software for AWS. For the reasons mentioned, the information “Amazon Linux 2023” will no longer allow any reliable conclusions to be drawn as to which components in the respective VM are really running in which version as the distribution gets older. If Amazon has its way, that’s not a problem at all, because software today primarily runs in containers anyway.

Test Amazon Linux yourself

All information about the new release can be found at AWS. If you want to try Amazon Linux 2023, you need AWS access and the AMI image “al2023-ami-kernel-6.1-x86_64” for x86_64 systems and “al2023-ami-kernel-6.1-arm64” for systems based on an ARM64 -CPU.

(fo)