Posted On: Aug 31, 2020
Today, Amazon Web Services (AWS) announced the General Availability of Bottlerocket, a new open source Linux-based Operating System (OS) purpose-built to run containers. Bottlerocket includes only the software needed to run containers and comes with a transactional update mechanism. These properties enable customers to use container orchestrators to manage OS updates with minimal disruptions, enabling improved security and lower operational costs for containerized applications. AWS-provided Bottlerocket images are available for Amazon EKS (GA) and Amazon ECS (Preview). Bottlerocket is developed as an open source project on GitHub.
Most containers today run on general-purpose operating systems that are built to support applications packaged in a variety of formats. Such operating systems include hundreds of packages, and need frequent security and maintenance updates even though only a few of the packages are used for running a containerized application. Bottlerocket focuses on security and reduces exposure to attacks by including only the essential software to host containers. It comes with Security-Enhanced Linux (SELinux) in enforcing mode for additional isolation and uses Device Mapper’s verity target (dm-verity), a Linux kernel feature which helps prevent rootkit-based attacks. In addition to to these security enhancements, updates to Bottlerocket are applied and rolled back in an atomic manner to further simplify update management.
AWS-provided builds of Bottlerocket are covered under AWS Support plans. Bottlerocket's first major release receives security updates and bug fixes for three years. Additionally, many AWS partners (read the Partner blog here) provide support for their applications on Bottlerocket, giving customers confidence to run popular partner applications.
You can get started using Bottlerocket on Amazon EKS, Amazon ECS or Amazon EC2 in all commercial regions, by following the instructions detailed here. You can also fork the source on the GitHub repository and make your changes by following our building guide. For more details, see Bottlerocket FAQs and Bottlerocket Open Source Blog.