Key Features Introduced in Amazon Linux 2023 vs Amazon Linux 2

Amazon have launched the latest Amazon Linux 2023(AL2023). It comes with a two year of standard support & add on three years of maintenance support. The Amazon Linux 2 will no longer be receiving the security & maintenance updates after 30th June 2025.

This Article helps to understand the key updates in the Amazon Linux 2023(AL2023) & why you should start using AL2023 instead of Amazon Linux 2.

  • Python Upgrade

    The AL2023 is going to have Python3 compared to the python 2.7 in Amazon Linux 2. If your application code is using python make sure to upgrade your code with the compatibility to python3.

  • Package Manager

    The default yum package manager is changed to the dnf package manager. Though the yum package manager will still be working it is advisable to upgrade to dnf for avoiding any future potential issue.

  • SELinux Security Update

    AL2023 feature a default SELinux enabled with the permissive mode. So In permissive mode, SELinux does not actively enforce security policies; instead, it logs policy violations but allows the actions to occur. The SELinux is disabled by deafult in the AL2.

  • Extra Packages For Enterprise Linux (EPEL)

    The EPEL is not supported by the Amazon Linux 2023 which was primarily supported by the RHEL & CentOS packages.

  • Deterministic Upgrade in AL2023

    In AL2023 every AMI is locked to a specific repository version. Using the deterministic upgrade you can update your packages version. For example for updating the containerd package to a specific version, you can find the repository name linked to that version. After that you can simply update with the command sudo dnf upgrade containerd --releasever=<Repository-version>. By default the deterministic upgrade is allowed in Amazon Linux 2023.

  • AWS CLI

    The AWS CLI version is updated to version 2

  • Amazon EBS volume type

    The default EBS volume type for AL2023 is gp3 volume, while the Amazon Linux 2 contained the default EBS volume type as gp2. The AL2023 continue to use the XFS file system as the root file system same as AL2 but with further optimization.

  • OpenSSL, JVM

    The AL2023 supports the Open Secure Sockets Layer version 3 & the Amazon Corretto 17 as default JDK.

  • Scheduled Task

    Cron was installed by default in the Amzon Linux 2 but in case of AL2023 you need to install the cronie package to start using the cron jobs. The corntab for scheduling the cron jobs is not provided by default in AL2023.

  • IMDSv2

    Instance Metadata Service Version 2 is one the most important update provided by the Amazon as it deals with a potential threat.

    Using command curl 169.254.169.254/latest/metadata you can get the metadata for the instance. This can be used to generate the temporary credentials which can further be used to get the access to the other AWS resources.
    In case of AL2023 there is security by default, so for accessing the instance metadata you need to generate a Token first which will be valid for a certain period time & by using that token in the command line you can get the instance metadata information.

Conclusion

In conclusion, the release of Amazon Linux 2023 (AL2023) brings significant enhancements and crucial updates, urging users to transition from Amazon Linux 2 before its security and maintenance support ends in June 2025. With Python 3, DNF package manager, SELinux improvements, and deterministic updates, enhanced security measures in IMDSv2 Amazon Linux 2023 making it a compelling choice for optimized performance and security in AWS environments.