Search the Community
Showing results for tags 'amazon linux'.
-
Introduction We are excited to announce general availability of Amazon Linux 2023 (AL2023) on Amazon Elastic Kubernetes Service (Amazon EKS). AL2023 is the next generation of Amazon Linux from Amazon Web Services (AWS) and is designed to provide a secure, stable, high-performance environment to develop and run your cloud applications. The standard AL2023-based EKS-optimized Amazon Machine Image (AMI) can be used with Karpenter, managed node groups (MNG), and self-managed nodes in all AWS Regions. It can be used on Amazon EKS versions 1.25 or greater in standard support and Amazon EKS versions 1.23 and 1.24 in extended support. The standard AL2023-based EKS-optimized AMI is available for both x86 and ARM64 variants. Accelerated AL2023 AMIs will be released at a later date. If you would like to continue to use the accelerated AMI, you should do so by using the AL2-based accelerated AMI. The standard AL2023-based EKS-optimized AMI helps you increase security and improve application performance. AL2023 includes preconfigured security policies to help you adhere to common industry guidelines that can be confirmed at launch time or run time. By default, any Amazon EC2 instances launched with the AL2023-based EKS-optimized AMI will automatically use Security Enhanced Linux (SELinux), Open Secure Sockets Layer version 3 (OpenSSL 3), and Instance Metadata Service Version 2 (IMDSv2). To learn more about how these protocols will help improve your security posture, see Comparing AL2 to Amazon Linux 2023. From a performance standpoint, the standard AL2023-based EKS-optimized AMI optimizes boot time to reduce the time from instance launch to running your applications. These optimizations span the Amazon Linux kernel and beyond. AL2023 offers an integrated experience with many AWS-specific tools such as Systems Manager and the AWS Command Line Interface (AWS CLI). The standard AL2023-based EKS-optimized AMI also uses Control Group version 2 (cgroup v2), which is a Linux kernel feature that hierarchically organizes processes and distributes system resources between them. Cgroup v2 offers several improvements such as a single unified hierarchy design in API, safer sub-tree delegation to containers, enhanced resource allocation management, and isolation across multiple resources. Together, these improvements help with unifying accounting of different memory allocations such as network memory and kernel memory. Cgroup v2 became available on Kubernetes starting with version 1.25, and now by default comes with AL2023. Before upgrading to AL2023 While there are security and performance benefits, there are also several package changes and we recommend you to test applications thoroughly before upgrading applications in production environments. For a list of all package changes in AL2023, refer to Package changes in Amazon Linux 2023. In addition to these changes in AL2023, you should be aware of the following: AL2023 introduces a new node initialization process nodeadm that uses a YAML configuration schema. If you are using self-managed nodes or MNG with a custom launch template, you will now need to provide additional cluster metadata explicitly when creating a new node group. An example of the minimum required parameters is as follows, where apiServerEndpoint, certificateAuthority, and service cidr are now requir --- apiVersion: node.eks.aws/v1alpha1 kind: NodeConfig spec: cluster: name: my-cluster apiServerEndpoint: https://example.com certificateAuthority: Y2VydGlmaWNhdGVBdXRob3JpdHk= cidr:10.100.0.0/16 In AL2, the metadata from these parameters was discovered from the Amazon EKS DescribeCluster API call as part of the bootstrap.sh script. With AL2023, this behavior has changed since the additional API call risks throttling during large node scale ups. This change does not affect customers that are using MNG without a custom launch template or Karpenter. For more information on certificateAuthority and service cidr, see DescribeCluster. Docker is not supported in AL2023 for all supported Amazon EKS versions. Support for Docker has ended and been removed from Amazon EKS version 1.24 or greater on AL2. For more information on deprecation, see Amazon EKS ended support for Dockershim. VPC CNI v1.16.2 or greater is required for AL2023 AL2023 requires IMDSv2 by default. IMDSv2 has several benefits that help improve security posture. It uses a session-oriented authentication method that requires the creation of a secret token in a simple HTTP PUT request to start the session. A session’s token can be valid for anywhere between 1 second and 6 hours. For more information on how to transition from IMDSv1 to IMDSv2, see Transition to using Instance Metadata Service Version 2 and Get the full benefits of IMDSv2 and disable IMDSv1 across your AWS infrastructure. If you would like to use IMDSv1, you can still do so by manually overriding the settings using Instance Metadata option launch properties. Note: For IMDSv2 the default hop count for MNG is set to 1. This means that containers will not have access to the node’s credentials via IMDS. If you would like to use IMDSv1, you can still do so by manually overriding the settings using instance metadata option launch properties. Using the standard AL2023-based Amazon EKS Amazon Machine Image The Amazon EKS-optimized Amazon Linux 2023 AMI is built on top of Amazon Linux 2023, and is configured to serve as the base image for Amazon EKS nodes. The AMI is configured to work with Amazon EKS and it includes the following components: kubelet AWS IAM Authenticator containerd To retrieve the AMI ID, you will need to query the AWS Systems Manager Parameter Store API. To do this, you need to first determine the AWS region where your node will be deployed in and the Kubernetes version of the cluster your node will join. You can then run the following AWS CLI command to retrieve the appropriate AL2023 AMI ID. At launch, the AL2023 AMI comes in two flavors: x86 standard and arm64 standard. AL2023_x86_64_STANDARD: 'amazon-linux-2023/x86_64/standard' AL2023_ARM_64_STANDARD: 'amazon-linux-2023/arm64/standard' Replace the AWS Region and Kubernetes version as appropriate. Note, you must be logged into the AWS CLI using an IAM principal that has the ssm:GetParameter IAM permission to retrieve the Amazon EKS-optimized AMI metadata. aws ssm get-parameter --name /aws/service/eks/optimized-ami/1.29/amazon-linux-2023/x86_64/standard/recommended/image_id --region region-code --query "Parameter.Value" --output text For managed node groups (MNG) You can create a new MNG using the CreateNodeGroup Amazon EKS API and specifying the AMI family type, either AL2023_x86_64_STANDARD or AL2023_ARM_64_STANDARD. The new node group will be created with the latest AL2023 AMI. If you would like to use a specific AMI version, you can specify the AL2023 Amazon EKS-optimized AMI ID in a custom launch template. If you are using the Amazon EKS console to create a new MNG, you can select Amazon Linux 2023 from the drop down menu for AMI type: If you have an existing MNG, you can upgrade to AL2023 by either performing in-place upgrade or a blue/green upgrade depending on how you are using a launch template: If you are using a custom AMI with an MNG and you are specifying the AMI ID, you can perform an in-place upgrade by swapping the AMI ID in the launch template. You should ensure that your applications and any user data transfer over to AL2023 first, before performing this upgrade strategy. If you are using MNG with either the standard launch template or with a custom launch template that does not specify the AMI ID, you are required to upgrade using a blue/green strategy since at this time, you cannot edit the amiType in the MNG. A blue/green upgrade is an alternative strategy that is more involved since a new node group will be created with AL2023 as the AMI type. You will need to ensure that the new node group is carefully configured so that all custom user data from the AL2 node group is compatible with the new operating system. Once the new node group is ready, nodes in the old node group can be cordoned and drained so that pods are scheduled on the new node group. For more on custom user data, see Customizing managed nodes with launch templates. Starting with Amazon EKS version 1.30 or newer, new MNG’s will default to using the AL2023 Amazon EKS-optimized AMI. You can continue to use AL2 by choosing it as the AMI type when creating a new MNG. For Karpenter Karpenter users who want to use AL2023 should modify the EC2NodeClass amiFamily field with AL2023. By default, Drift is enabled in Karpenter. This means that once the amiFamily field has been changed, Karpenter will detect that the Karpenter-provisioned nodes are using EKS-optimized AMIs for the old AMI. Karpenter will then automatically cordon, drain, and replace those nodes with the new AMI. apiVersion: karpenter.sh/v1beta1 kind: NodePool metadata: name: default spec: template: spec: nodeClassRef: apiVersion: karpenter.k8s.aws/v1beta1 kind: EC2NodeClass name: default --- apiVersion: karpenter.k8s.aws/v1beta1 kind: EC2NodeClass metadata: name: default spec: # Required, resolves a default ami and userdata amiFamily: AL2023 Conclusion The Amazon EKS-optimized AL2023 AMI helps you improve the performance and security posture of your applications. The EKS-optimized AL2023 AMI is available today for MNG, Karpenter, and self-managed nodes. You can also customize your EKS-optimized AMIs using packer build steps listed in the amazon-eks-ami GitHub repo. To learn more about using Amazon Linux 2023 with Amazon EKS, see Amazon EKS-optimized Amazon Linux AMIs. For accelerated workloads, the Accelerated AL2023-based AMIs will be released at a later date. If you would like to continue to use the accelerated AMI, you should do so by using the AL2-based accelerated AMI. View the full article
-
- amazon eks
- amazon linux
-
(and 2 more)
Tagged with:
-
Today we are announcing the availability of the fourth quarterly update for Amazon Linux 2024, AL2023.4 as well as the Amazon Linux 2023 EKS optimized AMI. Amazon EKS customers can now use the standard AL2023-based EKS optimized Amazon Machine Image (AMI) with Managed Node Groups, self-managed nodes, and Karpenter, and is available across all supported version of Amazon EKS. To learn more about using Amazon Linux 2023 with EKS, see Amazon EKS optimized Amazon Linux AMIs. View the full article
-
Today, we are announcing general availability of Amazon Linux 2023 (AL2023) on Amazon Elastic Kubernetes Service (EKS). AL2023 is the next generation of Amazon Linux from Amazon Web Services and is designed to provide a secure, stable, high-performance environment to develop and run your cloud applications. EKS customers can enjoy the benefits of AL2023 by using the standard AL2023-based EKS optimized Amazon Machine Image (AMI) with Managed Node Groups, self-managed nodes, and Karpenter. View the full article
-
- 1
-
- amazon eks
- linux
-
(and 2 more)
Tagged with:
-
With just 41 days until AWS re:Invent 2023 opens, I’m doing my best to stay heads-down and focused on working with the entire AWS News Blog team to create plenty of awesome new posts for your reading pleasure! I’ll take a short break this morning to share some of the most exciting launches and other news from last week. Here we go! Last Week’s Launches Here are some of the launches that captured my attention: Amazon EBS – The new Attached EBS Status Check CloudWatch metric lets you monitor the status of all of the Amazon Elastic Block Store (Amazon EBS) volumes attached to a particular Amazon Elastic Compute Cloud (Amazon EC2) instance, verifying that the volumes are reachable and able to complete I/O operations. AWS Systems Manager – You can now enable AWS Systems Manager by default for all EC2 instances within an Organization. This lets you confirm that core Systems Manager capabilities are present on all new and existing instances. Amazon EC2 – You can now set unused or obsolete AMIs to a disabled state. This makes the AMI private if it was previously shared, hides it from DescribeImages by default, and prevents new instances from being launched from it. Amazon Textract – You can now use Custom Queries to adapt Textract’s Queries feature to improve extraction accuracy for business-specific documents. You upload sample documents, label the data, and generate an adapter, which you then use in calls to the AnalyzeDocument function. Amazon OpenSearch Service – You can now create Search Pipelines for easier processing of queries and results. Each search pipeline can contain multiple processing steps: query rewriters, natural language processors, result rerankers, and filters; several standard processors are also included. Amazon Linux 2 – The latest quarterly release (AL2023.2) of Amazon Linux 2 includes a core set of Ansible features as well as a curated set of community collections. It also includes Amazon Corretto 21, and many other new features and capabilities. Amazon Rekognition – You can now train custom adapters to reduce the number of false positives and false negative flagged by Amazon Rekognition, giving you the power to tailor the deep learning model to improve performance for your specific use case. Amazon RDS – Amazon Relational Database Service (RDS) now supports PostgreSQL, MySQL, and MariaDB databases on M6in, M6idn, R6in, and R6idn database instances. X in Y – We launched existing services and instance types in additional regions: M6in and M6idn instances in Asia Pacific (Sydney) and Europe (Stockholm). C7gd, M7gd, and R7gd instances in Asia Pacific (Singapore, Tokyo). C7gd instances in Asia Pacific (Sydney). Unified settings for the AWS Management Console in AWS GovCloud (US) Regions. AWS Direct Connect in Seoul, South Korea. AWS Global Accelerator in Hanoi, Vietnam (second location). Amazon FSx for NetApp ONTAP in Asia Pacific (Osaka). AWS Organizations Service Control Policies in AWS China Regions. AWS Verified Access in Asia Pacific (Singapore, Tokyo). Private Access to the AWS Management Console in Israel (Tel Aviv). Amazon RDS Custom for Oracle in Asia Pacific (Jakarta). Other AWS News Here are some other blog posts and news items that you might like: On the Community.AWS Blog, Seth Eliot listed Twelve Resilience Sessions at AWS re:Invent You Won’t Want to Miss, Brooke Jamieson explained How to Learn Generative AI from Scratch, and Daniel Wirjo shared some Patterns for Building Generative AI Applications on Amazon Bedrock. On the AWS Insights blog, fellow news blogger Irshad Buchh explained why Two billion downloads of Terraform AWS Provider shows value of IaC for infrastructure management. The AWS IoT Blog explained How to build a scalable, multi-tenant IoT SaaS platform on AWS using a multi-account strategy. The Amazon SES Blog showed you how to Automate marketing campaigns with real-time customer data using Amazon Pinpoint. The AWS Big Data Blog showed you how to Orchestrate Amazon EMR Serverless jobs with AWS Step functions. The AWS Compute Blog talked about Filtering events in Amazon EventBridge with wildcard pattern matching. The AWS Storage Blog talked about Retaining Amazon EC2 AMI snapshots for compliance using Amazon EBS Snapshots Archive. The AWS Architecture Blog talked about how Internet Travel Service ITS adopts microservices architecture for improved air travel search engine. Some other great sources of AWS news include: AWS Open Source Newsletter AWS Graviton Weekly AWS Cloud Security Weekly Last Week in AWS Upcoming AWS Events Check your calendars and sign up for these AWS events: AWS Community Days – Join a community-led conference run by AWS user group leaders in your region: Italy (October 18), UAE (October 21), Jaipur (November 4), Vadodara (November 4), and Brasil (November 4). AWS Innovate: Every Application Edition – Join our free online conference to explore cutting-edge ways to enhance security and reliability, optimize performance on a budget, speed up application development, and revolutionize your applications with generative AI. Register for AWS Innovate Online Americas and EMEA on October 19 and AWS Innovate Online Asia Pacific & Japan on October 26. AWS re:Invent (November 27 – December 1) – Join us to hear the latest from AWS, learn from experts, and connect with the global cloud community. Browse the session catalog and attendee guides and check out the re:Invent highlights for generative AI. You can browse all upcoming in-person and virtual events. And that’s a wrap. Check back next Monday for another Weekly Roundup! — Jeff; This post is part of our Weekly Roundup series. Check back each week for a quick roundup of interesting news and announcements from AWS! View the full article
-
Today we are announcing the availability of Ansible and Corretto 21 on Amazon Linux 2023 as a part of second quarterly update. View the full article
-
- amazon linux
- corretto
-
(and 2 more)
Tagged with:
-
This post is part of our Week in Review series. Check back each week for a quick roundup of interesting news and announcements from AWS! A new week starts, and Spring is almost here! If you’re curious about AWS news from the previous seven days, I got you covered. Last Week’s Launches Here are the launches that got my attention last week: Amazon S3 – Last week there was AWS Pi Day 2023 celebrating 17 years of innovation since Amazon S3 was introduced on March 14, 2006. For the occasion, the team released many new capabilities: S3 Object Lambda now provides aliases that are interchangeable with bucket names and can be used with Amazon CloudFront to tailor content for end users. S3 now support datasets that are replicated across multiple AWS accounts with cross-account support for S3 Multi-Region Access Points. You can now create and configure replication rules to automatically replicate S3 objects from one AWS Outpost to another. Amazon S3 has also simplified private connectivity from on-premises networks: with private DNS for S3, on-premises applications can use AWS PrivateLink to access S3 over an interface endpoint, while requests from your in-VPC applications access S3 using gateway endpoints. We released Mountpoint for Amazon S3, a high performance open source file client. Read more in the blog. Note that Mountpoint isn’t a general-purpose networked file system, and comes with some restrictions on file operations. Amazon Linux 2023 – Our new Linux-based operating system is now generally available. Sébastien’s post is full of tips and info. Application Auto Scaling – Now can use arithmetic operations and mathematical functions to customize the metrics used with Target Tracking policies. You can use it to scale based on your own application-specific metrics. Read how it works with Amazon ECS services. AWS Data Exchange for Amazon S3 is now generally available – You can now share and find data files directly from S3 buckets, without the need to create or manage copies of the data. Amazon Neptune – Now offers a graph summary API to help understand important metadata about property graphs (PG) and resource description framework (RDF) graphs. Neptune added support for Slow Query Logs to help identify queries that need performance tuning. Amazon OpenSearch Service – The team introduced security analytics that provides new threat monitoring, detection, and alerting features. The service now supports OpenSearch version 2.5 that adds several new features such as support for Point in Time Search and improvements to observability and geospatial functionality. AWS Lake Formation and Apache Hive on Amazon EMR – Introduced fine-grained access controls that allow data administrators to define and enforce fine-grained table and column level security for customers accessing data via Apache Hive running on Amazon EMR. Amazon EC2 M1 Mac Instances – You can now update guest environments to a specific or the latest macOS version without having to tear down and recreate the existing macOS environments. AWS Chatbot – Now Integrates With Microsoft Teams to simplify the way you troubleshoot and operate your AWS resources. Amazon GuardDuty RDS Protection for Amazon Aurora – Now generally available to help profile and monitor access activity to Aurora databases in your AWS account without impacting database performance AWS Database Migration Service – Now supports validation to ensure that data is migrated accurately to S3 and can now generate an AWS Glue Data Catalog when migrating to S3. AWS Backup – You can now back up and restore virtual machines running on VMware vSphere 8 and with multiple vNICs. Amazon Kendra – There are new connectors to index documents and search for information across these new content: Confluence Server, Confluence Cloud, Microsoft SharePoint OnPrem, Microsoft SharePoint Cloud. This post shows how to use the Amazon Kendra connector for Microsoft Teams. For a full list of AWS announcements, be sure to keep an eye on the What's New at AWS page. Other AWS News A few more blog posts you might have missed: Women founders Q&A – We’re talking to six women founders and leaders about how they’re making impacts in their communities, industries, and beyond. What you missed at that 2023 IMAGINE: Nonprofit conference – Where hundreds of nonprofit leaders, technologists, and innovators gathered to learn and share how AWS can drive a positive impact for people and the planet. Monitoring load balancers using Amazon CloudWatch anomaly detection alarms – The metrics emitted by load balancers provide crucial and unique insight into service health, service performance, and end-to-end network performance. Extend geospatial queries in Amazon Athena with user-defined functions (UDFs) and AWS Lambda – Using a solution based on Uber’s Hexagonal Hierarchical Spatial Index (H3) to divide the globe into equally-sized hexagons. How cities can use transport data to reduce pollution and increase safety – A guest post by Rikesh Shah, outgoing head of open innovation at Transport for London. For AWS open-source news and updates, here’s the latest newsletter curated by Ricardo to bring you the most recent updates on open-source projects, posts, events, and more. Upcoming AWS Events Here are some opportunities to meet: AWS Public Sector Day 2023 (March 21, London, UK) – An event dedicated to helping public sector organizations use technology to achieve more with less through the current challenging conditions. Women in Tech at Skills Center Arlington (March 23, VA, USA) – Let’s celebrate the history and legacy of women in tech. The AWS Summits season is warming up! You can sign up here to know when registration opens in your area. That’s all from me for this week. Come back next Monday for another Week in Review! — Danilo View the full article
-
- women in tech
- s3
- (and 23 more)
-
Forum Statistics
63.6k
Total Topics61.7k
Total Posts