Edit Reading

Back to List

Basic Information

Title

Please enter a title.

URL

Please enter a valid URL.

Date

カテゴリID

画像ファイル名

統計情報

単語数: 1095語

読了回数: 0回

作成日: 2023/12/16 08:28

更新日: 2025/12/08 20:10

本文

Comparing Amazon Linux 2 and Amazon Linux 2023
PDF
The following topics outline key differences between Amazon Linux 2 (AL2) and Amazon Linux 2023 (AL2023).

Topics

Added, upgraded, and removed packages
Support for each release
Naming and versioning changes
Optimizations
Python 2.7 has been replaced with Python 3
Security updates
Deterministic upgrades for stability
Sourced from multiple upstreams
AMI root file system and default Amazon EBS volume type
Networking system service
Unified Control Group hierarchy (cgroup v2)
Task scheduling
Packages for glibc, gcc, and binutils
Package manager
Logging system
Package changes for curl and libcurl
GNU Privacy Guard (GNUPG)
Amazon Corretto as the default JVM
AWS CLI v2
UEFI Preferred
SSH server default configuration changes
Extra Packages for Enterprise Linux (EPEL)
Using cloud-init
Graphical desktop support
Compiler Triplet
32bit x86 (i686) Packages
lsb_release and the system-lsb-core package
Amazon Linux 2023 Kernel changes from Amazon Linux 2
Comparing packages installed on Amazon Linux 2 and Amazon Linux 2023 AMIs
Comparing packages installed on Amazon Linux 2 and Amazon Linux 2023 Minimal AMIs
Comparing packages installed on Amazon Linux 2 and Amazon Linux 2023 base container images
Added, upgraded, and removed packages

AL2023 contains thousands of software packages available for use. For a full list of all packages added, upgraded, or removed in AL2023 when compared to prior Amazon Linux versions, see Package changes in AL2023.

To request a package to be added or changed in AL2023, you can do so by filing an issue in the amazon-linux-2023 repo on GitHub.

Support for each release

For AL2023, we offer five years of support.

For more information, see Release cadence.

Naming and versioning changes

AL2023 supports the same mechanisms that AL2 supports for platform identification. AL2023 also introduces new files for platform identification.

For more information, see Naming and versioning.

Optimizations

AL2023 optimizes boot time to reduce the time from instance launch to running the customer workload. These optimizations span the Amazon EC2 instance kernel configuration, cloud-init configurations, and features that are built into packages in the OS such askmod and systemd.

For more information about optimizations, see Performance and operational optimizations.

Python 2.7 has been replaced with Python 3

AL2 provides support and security patches for Python 2.7 until June 2025, as part of our long-term support (LTS) commitment for AL2 core packages. This support extends beyond the upstream Python community declaration of Python 2.7 end-of-life of January 2020.

Amazon Linux 2 uses the yum package manager, which has a hard dependency on Python 2.7. In AL2023 the dnf package manager has migrated to Python 3, and no longer requires Python 2.7. AL2023 has completely moved to Python 3.

Note
AL2023 removed Python 2.7, so any OS components requiring Python are written to work with Python 3. To continue to use a version of Python provided by and supported by Amazon Linux, convert Python 2 code to Python 3.
For more information on Python on Amazon Linux, see Python in AL2023.

Security updates

SELinux

By default, Security Enhanced Linux (SELinux) for AL2023 is enabled and set to permissive mode. In permissive mode, permission denials are logged but not enforced.

SELinux is a security feature of the Amazon Linux kernel, which was disabled in AL2. SELinux is a collection of kernel features and utilities that provides mandatory access control (MAC) architecture into the major subsystems of the kernel.

For more information, see Setting SELinux modes.

For more information about SELinux repositories, tools, and policies, see SELinux Notebook, Types of SELinux policy, and SELinux Project .

OpenSSL 3

AL2023 features the Open Secure Sockets Layer version 3 (OpenSSL 3) cryptography toolkit. AL2023 supports TLS 1.3 and TLS 1.2 network protocols.

By default, AL2 comes with OpenSSL 1.0.2. You can build applications against OpenSSL 1.1.1.

For more information about OpenSSL, see the OpenSSL migration guide.

For more information about security, see Security updates and features.

IMDSv2

By default, any instances launched with the AL2023 AMI will require the use of IMDSv2-only and your default hop limit will be set to 2 to allow for containerized workload support. This is done by setting the imds-support parameter to v2.0. For more information, see Configure the AMI in the Amazon EC2 User Guide for Linux Instances.

Note
The session token's time of validity can be anywhere between 1 second and 6 hours. The addresses to direct the API requests for IMDSv2 queries are the following:

IPv4: 169.254.169.254
IPv6: fd00:ec2::254
You can still manually override these settings and enable IMDSv1 using Instance Metadata option launch properties. You can also still use IAM controls to enforce different IMDS settings. For more information about setting up and using the Instance Metadata Service, see Use IMDSv2, Configure instance metadata options for new instances, and Modify instance metadata options for existing instances, in the Amazon EC2 User Guide for Linux Instances.

Removal of log4j hotpatch (log4j-cve-2021-44228-hotpatch)

Note
AL2023 doesn't ship with the log4j-cve-2021-44228-hotpatch package.
In response to CVE-2021-44228, Amazon Linux released an RPM packaged version of the Hotpatch for Apache Log4j for Amazon Linux 1 (AL1) and AL2. In the announcement of the addition of the hotpatch to Amazon Linux we noted that "Installing the hotpatch is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or CVE-2021-45046.".

The hotpatch was a mitigation to allow time to patch log4j. The first General Availability (GA) release of AL2023 was 15 months after CVE-2021-44228, thus AL2023 doesn't ship with the hotpatch (enabled or not).

Customers running their own log4j versions on Amazon Linux are advised to ensure they have updated to versions not affected by CVE-2021-44228 or CVE-2021-45046.

AL2023 provides guidance on Updating Amazon Linux 2023 so that you can keep up to date with security patches. Security advisories are published on the Amazon Linux Security Center.

Deterministic upgrades for stability

With the deterministic upgrades through versioned repositories feature, every AL2023 Amazon Machine Image (AMI) by default is locked to a specific repository version. You can use deterministic upgrades to achieve greater consistency among package versions and updates. Each release, major or minor, includes a specific repository version.

New with AL2023, deterministic upgrading by default is enabled. This is an improvement over the manual, incremental method of locking that's used in AL2 and other earlier versions.

For more information, see Using Deterministic upgrades through versioned repository.

Sourced from multiple upstreams

AL2023 is RPM-based and includes components sourced from multiple versions of Fedora and other distributions, such as CentOS 9 Stream. The Amazon Linux kernel is sourced from the long-term support (LTS) releases directly from kernel.org, chosen independently from other distributions.

For more information, see Relationship to Fedora.

本文を入力してください。

メモ

メモ・感想

キャンセル

Edit Reading

Basic Information

統計情報

本文

メモ

Send Report