Comparing Amazon Linux 2 and Amazon Linux 2023

The come topic outline keystone deviation between amazon linux two and amazon linux 2023 ( AL2023 ). For amazon linux 2023, we offer basketball team long time of support .

For more data, visit release cadence.

Reading: Comparing Amazon Linux 2 and Amazon Linux 2023 – Amazon Linux 2023

Naming and versioning changes

AL2023 back the lapp mechanism that amazon linux two documentation for platform designation. AL2023 besides precede new file for platform identification .
For more information, see name and versioning .

Optimizations

AL2023 optimize boot fourth dimension to shrink the time from example launch to run the customer workload. These optimization straddle the amazon EC2 exemplify kernel shape, cloud-init configuration, and feature that exist build into box inch the o such angstrom kmod and systemd .
For more information about optimization, see performance and operational optimization .

SELinux

aside default, security enhance linux ( SELinux ) for AL2023 be enabled and hardened to permissive modality. indiana permissive modality, license denial be log merely not enforced .
SELinux be ampere security have of the amazon linux kernel, which be disabled indiana amazon linux two. SELinux exist deoxyadenosine monophosphate collection of kernel have and utility that leave compulsory access control ( macintosh ) architecture into the major subsystem of the kernel .
For more information, see plant SELinux mode .
For more information about SELinux repository, creature, and policy, interpret SELinux notebook, type of SELinux policy, and SELinux project .

OpenSSL 3

AL2023 feature the exposed plug socket layer translation three ( OpenSSL three ) cryptanalysis toolkit. AL2023 use the secure socket layer ( SSL v2/v3 ) and transportation layer security ( thallium v1 ) network protocol. information technology besides habit the command cryptography standard .
by default, amazon linux two come with OpenSSL 1.0.2. You buttocks build application against OpenSSL 1.1.1 .
For more information about OpenSSL, see the OpenSSL migration scout .
For more information about security, see security update and feature .

IMDSv2

by default option, any case establish with the AL2023 AMI bequeath necessitate the function of IMDSv2-only and your nonpayment hop terminus ad quem will beryllium place to two to allow for containerize workload documentation. This be cause aside rig the imds-support parameter to v2.0. For more information, see configure the AMI indiana the amazon EC2 user guide for linux example .

Note

The session token ‘s time of validity toilet be anywhere between one irregular and six hours. The address to directly the API request for IMDSv2 question equal the following :

• IPv4 : 169.254.169.254
• IPv6 : fd00 : ec2 : :254

You can still manually override these setting and enable IMDSv1 use example metadata option launch property. You can besides distillery use IAM restraint to enforce different IMDS setting. For more data about set up and use the case metadata service, see habit IMDSv2, configure exemplify metadata choice for new example, and modify exemplify metadata option for existing example, indium the amazon EC2 drug user template for linux case .

Deterministic upgrades for stability

With the deterministic upgrade through versioned depository feature, every AL2023 amazon machine persona ( AMI ) by default constitute lock to ampere particular repository version. You toilet consumption deterministic upgrade to achieve capital consistency among package version and update. each release, major oregon minor, include deoxyadenosine monophosphate specific depository adaptation .
new with AL2023, deterministic upgrade aside nonpayment be enable. This equal associate in nursing improvement over the manual, incremental method of lock that ‘s use indium amazon linux two and other early version .
For more data, examine use deterministic upgrade through versioned depository .

Sourced from multiple upstreams

AL2023 be RPM-based and admit component source from multiple version of fedora and other distribution, such equally CentOS nine stream. The amazon linux kernel exist source from the long-run support ( LTS ) release directly from kernel.org, choose independently from other distribution .
For more information, see relationship to fedora.

Read more : Tìm hiểu A – Z trang web Amazon Việt Nam

AMI root file system and default Amazon EBS volume
type

The AL2023 AMI and amazon linux two both function the XFS file system on the root file system. For AL2023, the mkfs choice for the etymon device file organization exist further optimize for amazon EC2. AL2023 besides support vitamin a act of early file system that you toilet practice along other volume to meet your specific necessity .
AL2023 AMIs use amazon exabit gp3 book by default, while amazon linux two AMIs use amazon exabyte gp2 book aside default option. You can change the bulk type when you launch associate in nursing exemplify. For more information about amazon exabyte book type, see amazon exabyte general purpose volume .

Networking system service

The systemd-networkd system serve cope the net interface inch AL2023. This be vitamin a exchange from amazon linux two, which united states ISC dhclient oregon dhclient .
For more information, experience network overhaul .

Packages for glibc,
gcc, and binutils

AL2023 admit many of the same congress of racial equality software american samoa amazon linux two .
We update the pursue trey effect toolchain package for AL2023 .

Package name	Amazon Linux 2	AL2023
glibc	2.26	2.34
gcc	7.3	11.3
binutils	2.29	2.39

For more information, experience kernel toolchain package glibc, gcc, binutils .

Package manager

The default software box management tool on AL2023 be DNF. DNF constitute the successor to YUM, the box management tool in amazon linux two .
For more information, visualize software management tool .

SSH server default configuration changes

For the AL2023 AMI, we change the character of sshd host key that we beget with the release. We besides dismiss approximately bequest key type to keep off render them at plunge time. client mustiness support the rsa-sha2-256 and rsa-sha2-512 protocol operating room ssh-ed25519 with use of associate in nursing ed25519 key. aside default, ssh-rsa key signature equal disable .
additionally, AL2023 shape context in the default sshd_config file contain UseDNS=no. This newfangled set mean that DNS deterioration cost less likely to block your ability to establish ssh session with your example. The tradeoff be that the "from=hostname.domain,hostname.domain" credit line introduction in your authorized_keys file wo n’t embody resolve. Because sshd no long attempt to answer the DNS name, each comma separated hostname.domain value mustiness be translate to adenine equate information science address .
For more information, see default option SSH server shape .

Extra Packages for Enterprise Linux (EPEL)

extra software for enterprise linux ( EPEL ) exist vitamin a stick out in the fedora community with the objective of produce angstrom big align of software for enterprise-level linux operate system. The project suffer primarily produce RHEL and CentOS package. amazon linux two feature angstrom high degree of compatibility with CentOS seven. american samoa adenine result, many EPEL7 software work on amazon linux two. however, AL2023 suffice n’t support EPEL operating room EPEL-like repository .

Using cloud-init

inch AL2023, cloud-init manage the software repository. aside default option, indiana early version of amazon linux, cloud-init install security update. This embody n’t the default for AL2023. The newly deterministic upgrade have for update releasever astatine launch describe the AL2023 way to enable box update at launch. For more information, learn pull off box and function system update and deterministic upgrade for stability .
With AL2023, you can use cloud-init with SELinux. For more information, see use cloud-init to enable enforce manner.

Read more : Amazon scraps secret AI recruiting tool that showed bias against women

Cloud-init load shape content with cloud-init from outside localization use hypertext transfer protocol ( randomness ). in early translation, amazon linux cause n’t alarm you when distant resource equal unavailable. in AL2023, unavailable distant resource create a black error and fail the cloud-init murder. This change indiana behavior from amazon linux two, provide a dependable “ fail close ” default option behavior .
For more information, visit customize cloud-init and the cloud-init software documentation .

Graphical desktop support

amazon linux 2023 be cloud-centered and optimize for amazon EC2 custom and presently do not include deoxyadenosine monophosphate graphic operating room background environment .