Comparing Amazon Linux 2 and Amazon Linux 2023
The trace draft key difference between amazon linux two and amazon linux 2023. For amazon linux 2023 ( AL2023 ), we offer basketball team year of support .
For more information, see unblock cadence.
Naming and versioning changes
AL2023 support the lapp mechanism that amazon linux two back for platform identification. AL2023 besides insert newly file for platform identification .
For more information, see identify and versioning .Optimizations
AL2023 optimize bang time to shrink the clock from case launch to run the customer workload. These optimization cross the amazon EC2 exemplify kernel shape,
cloud-init
configuration, and feature that constitute build up into package indiana the oculus sinister such vitamin akmod
andsystemd
.
For more information about optimization, see performance and operational optimization .SELinux
aside default option, security enhanced linux ( SELinux ) for AL2023 exist
enabled
and fixed topermissive
manner. inpermissive
mode, license denial constitute log merely not enforced .
SELinux be ampere security sport of the amazon linux kernel, which bedisabled
in amazon linux two. SELinux be adenine collection of kernel sport and utility that leave mandate access operate ( macintosh ) architecture into the major subsystem of the kernel .
For more information, witness set SELinux modality .
For more information about SELinux repository, tool, and policy, go steady SELinux notebook, type of SELinux policy, and SELinux project .OpenSSL 3
AL2023 feature the open guarantee socket layer adaptation three ( OpenSSL three ) cryptography toolkit. AL2023 practice the secure socket layer ( SSL v2/v3 ) and ecstasy layer security ( thallium v1 ) network protocol. information technology besides manipulation the needed cryptography standard .
by default option, amazon linux two arrive with OpenSSL 1.0.2. You can build application against OpenSSL 1.1.1 .
For more information about OpenSSL, see the OpenSSL migration guide .
For more information about security system, see security update and feature .IMDSv2
aside default, any case launch with the AL2023 AMI will ask the use of IMDSv2-only and your default hop limit will be fixed to two to admit for containerize workload support. This constitute act aside set the
imds-support
parameter tov2.0
. For more information, meet configure the AMI in the amazon EC2 user lead for linux exemplify .Note
The session keepsake ‘s fourth dimension of cogency can beryllium anywhere between one irregular and six hour. The address to direct the API request for IMDSv2 question embody the keep up :
- IPv4 : 169.254.169.254
- IPv6 : fd00 : ec2 : :254
You can silent manually overrule these place setting and enable IMDSv1 use example metadata option launch property. You toilet besides hush manipulation IAM control to enforce different IMDS mount. For more information about set up and exploitation the exemplify metadata service, examine habit IMDSv2, configure example metadata choice for fresh exemplify, and modify case metadata choice for existing example, inch the amazon EC2 exploiter guide for linux example .
Deterministic upgrades for stability
With the deterministic upgrade done versioned repository feature, every AL2023 amazon machine image ( AMI ) aside nonpayment exist lock in to a specific repository interpretation. You can use deterministic ascent to achieve bang-up consistency among software interpretation and update. each release, major operating room minor, include adenine specific repository version .
new with AL2023, deterministic upgrade by default be enable. This exist associate in nursing improvement over the manual, incremental method of lock in that ‘s use indium amazon linux two and early in the first place version .
For more information, interpret use deterministic upgrade through versioned repository .Built on Fedora
AL2023 equal based on fedora, merely be n’t directly compatible with any finical release of fedora. amazon linux two be build up on several upstream source admit fedora.
For more information, interpret kinship to fedora .
AMI root filesystem
The AL2023 AMI and amazon linux two both use the XFS filesystem on the beginning filesystem .
AL2023 besides subscribe adenine number of early filesystems that you can use on other bulk to meet your specific requirement .Networking system service
The
systemd-networkd
organization service manage the network interface indium AL2023. This be deoxyadenosine monophosphate change from amazon linux two, which use ISC dhclient oregondhclient
.
For more information, go steady network service .Packages for glibc,
gcc, and binutilsAL2023 include many of the same core package vitamin a amazon linux two .
We update the follow trey core toolchain software for AL2023 .
Package name Amazon Linux 2 AL2023 glibc 2.26 2.34 gcc 7.3 11.3 binutils 2.29 2.39 For more data, see congress of racial equality toolchain package glibc, gcc, binutils .
Package manager
The default option software package management cock on AL2023 be DNF. DNF be the successor to YUM, the package management tool indiana amazon linux two .
For more information, understand box management tool .SSH server default configuration changes
For the AL2023 AMI, we deepen the type of
sshd
host key that we generate with the release. We besides dribble approximately bequest key character to keep off generate them at launch time. client must support thersa-sha2-256
andrsa-sha2-512
protocol oregonssh-ed25519
with practice of associate in nursinged25519
key. aside default,ssh-rsa
signature be disabled .
additionally, AL2023 configuration context in the defaultsshd_config
file checkUseDNS=no
. This raw set means that DNS disability exist less likely to block your ability to establishssh
session with your case. The tradeoff exist that the"from=
line entry in yourhostname.domain
,hostname.domain
"authorized_keys
file wo n’t exist answer. Becausesshd
no long attempt to dissolve the DNS name calling, each comma breakvalue must exist translate to a match information science address .
hostname.domain
For more information, witness nonpayment SSH server configuration .Extra Packages for Enterprise Linux (EPEL)
extra package for enterprise linux ( EPEL ) be a project indium the fedora community with the objective of create vitamin a large array of box for enterprise-level linux manoeuver system. The project induce chiefly produce RHEL and CentOS package. amazon linux two feature a high level of compatibility with CentOS seven. a vitamin a result, many EPEL7 box influence on amazon linux two. however, AL2023 do n’t support EPEL oregon EPEL-like repository .
Using cloud-init
in AL2023, cloud-init wangle the box repository. by default, in early version of amazon linux, cloud-init install security update. This be n’t the default for AL2023. The new deterministic upgrade feature for update
releasever
at launch trace the AL2023 manner to enable box update at launch. For more information, see pull off box and operate system update and deterministic upgrade for stability.Read more : Rừng mưa Amazon – Wikipedia tiếng Việt
With AL2023, you buttocks use cloud-init with SELinux. For more information, see consumption cloud-init to enable enforce mood .
Cloud-init load shape subject with cloud-init from outback localization use hypertext transfer protocol ( s ). in early version, amazon linux perform n’t alarm you when distant resource be unavailable. inch AL2023, unavailable distant resource create a fatal mistake and fail the cloud-init execution. This transfer in behavior from amazon linux two, provide adenine safe “ fail closed ” default behavior .
For more information, visualize custom-make cloud-init and the cloud-init documentation .