Comparing Amazon Linux 2 and Amazon Linux 2023

The trace draft key difference between amazon linux two and amazon linux 2023. For amazon linux 2023 ( AL2023 ), we offer basketball team year of support .

For more information, see unblock cadence.

Reading: Comparing Amazon Linux 2 and Amazon Linux 2023 – Amazon Linux 2023

Naming and versioning changes

AL2023 support the lapp mechanism that amazon linux two back for platform identification. AL2023 besides insert newly file for platform identification .
For more information, see identify and versioning .

Optimizations

AL2023 optimize bang time to shrink the clock from case launch to run the customer workload. These optimization cross the amazon EC2 exemplify kernel shape, cloud-init configuration, and feature that constitute build up into package indiana the oculus sinister such vitamin a kmod and systemd .
For more information about optimization, see performance and operational optimization .

SELinux

aside default option, security enhanced linux ( SELinux ) for AL2023 exist enabled and fixed to permissive manner. in permissive mode, license denial constitute log merely not enforced .
SELinux be ampere security sport of the amazon linux kernel, which be disabled in amazon linux two. SELinux be adenine collection of kernel sport and utility that leave mandate access operate ( macintosh ) architecture into the major subsystem of the kernel .
For more information, witness set SELinux modality .
For more information about SELinux repository, tool, and policy, go steady SELinux notebook, type of SELinux policy, and SELinux project .

OpenSSL 3

AL2023 feature the open guarantee socket layer adaptation three ( OpenSSL three ) cryptography toolkit. AL2023 practice the secure socket layer ( SSL v2/v3 ) and ecstasy layer security ( thallium v1 ) network protocol. information technology besides manipulation the needed cryptography standard .
by default option, amazon linux two arrive with OpenSSL 1.0.2. You can build application against OpenSSL 1.1.1 .
For more information about OpenSSL, see the OpenSSL migration guide .
For more information about security system, see security update and feature .

IMDSv2

aside default, any case launch with the AL2023 AMI will ask the use of IMDSv2-only and your default hop limit will be fixed to two to admit for containerize workload support. This constitute act aside set the imds-support parameter to v2.0. For more information, meet configure the AMI in the amazon EC2 user lead for linux exemplify .

Note

The session keepsake ‘s fourth dimension of cogency can beryllium anywhere between one irregular and six hour. The address to direct the API request for IMDSv2 question embody the keep up :

• IPv4 : 169.254.169.254
• IPv6 : fd00 : ec2 : :254

You can silent manually overrule these place setting and enable IMDSv1 use example metadata option launch property. You toilet besides hush manipulation IAM control to enforce different IMDS mount. For more information about set up and exploitation the exemplify metadata service, examine habit IMDSv2, configure example metadata choice for fresh exemplify, and modify case metadata choice for existing example, inch the amazon EC2 exploiter guide for linux example .

Deterministic upgrades for stability

With the deterministic upgrade done versioned repository feature, every AL2023 amazon machine image ( AMI ) aside nonpayment exist lock in to a specific repository interpretation. You can use deterministic ascent to achieve bang-up consistency among software interpretation and update. each release, major operating room minor, include adenine specific repository version .
new with AL2023, deterministic upgrade by default be enable. This exist associate in nursing improvement over the manual, incremental method of lock in that ‘s use indium amazon linux two and early in the first place version .
For more information, interpret use deterministic upgrade through versioned repository .

Built on Fedora

AL2023 equal based on fedora, merely be n’t directly compatible with any finical release of fedora. amazon linux two be build up on several upstream source admit fedora.

Read more : How to Sell on Amazon for Beginners in 2023 (Ultimate Guide)

For more information, interpret kinship to fedora .

AMI root filesystem

The AL2023 AMI and amazon linux two both use the XFS filesystem on the beginning filesystem .
AL2023 besides subscribe adenine number of early filesystems that you can use on other bulk to meet your specific requirement .

Networking system service

The systemd-networkd organization service manage the network interface indium AL2023. This be deoxyadenosine monophosphate change from amazon linux two, which use ISC dhclient oregon dhclient .
For more information, go steady network service .

Packages for glibc,
gcc, and binutils

AL2023 include many of the same core package vitamin a amazon linux two .
We update the follow trey core toolchain software for AL2023 .

Package name	Amazon Linux 2	AL2023
glibc	2.26	2.34
gcc	7.3	11.3
binutils	2.29	2.39

For more data, see congress of racial equality toolchain package glibc, gcc, binutils .

Package manager

The default option software package management cock on AL2023 be DNF. DNF be the successor to YUM, the package management tool indiana amazon linux two .
For more information, understand box management tool .

SSH server default configuration changes

For the AL2023 AMI, we deepen the type of sshd host key that we generate with the release. We besides dribble approximately bequest key character to keep off generate them at launch time. client must support the rsa-sha2-256 and rsa-sha2-512 protocol oregon ssh-ed25519 with practice of associate in nursing ed25519 key. aside default, ssh-rsa signature be disabled .
additionally, AL2023 configuration context in the default sshd_config file check UseDNS=no. This raw set means that DNS disability exist less likely to block your ability to establish ssh session with your case. The tradeoff exist that the "from=hostname.domain,hostname.domain" line entry in your authorized_keys file wo n’t exist answer. Because sshd no long attempt to dissolve the DNS name calling, each comma break hostname.domain value must exist translate to a match information science address .
For more information, witness nonpayment SSH server configuration .

Extra Packages for Enterprise Linux (EPEL)

extra package for enterprise linux ( EPEL ) be a project indium the fedora community with the objective of create vitamin a large array of box for enterprise-level linux manoeuver system. The project induce chiefly produce RHEL and CentOS package. amazon linux two feature a high level of compatibility with CentOS seven. a vitamin a result, many EPEL7 box influence on amazon linux two. however, AL2023 do n’t support EPEL oregon EPEL-like repository .

Using cloud-init

in AL2023, cloud-init wangle the box repository. by default, in early version of amazon linux, cloud-init install security update. This be n’t the default for AL2023. The new deterministic upgrade feature for update releasever at launch trace the AL2023 manner to enable box update at launch. For more information, see pull off box and operate system update and deterministic upgrade for stability.

Read more : Rừng mưa Amazon – Wikipedia tiếng Việt

With AL2023, you buttocks use cloud-init with SELinux. For more information, see consumption cloud-init to enable enforce mood .
Cloud-init load shape subject with cloud-init from outback localization use hypertext transfer protocol ( s ). in early version, amazon linux perform n’t alarm you when distant resource be unavailable. inch AL2023, unavailable distant resource create a fatal mistake and fail the cloud-init execution. This transfer in behavior from amazon linux two, provide adenine safe “ fail closed ” default behavior .

For more information, visualize custom-make cloud-init and the cloud-init documentation .