AWS re:Invent 2025 - Amazon Linux: latest features and AWS optimizations (CMP303)

Summary of AWS re:Invent 2025 - Amazon Linux: Latest Features and AWS Optimizations

Amazon Linux Overview

• Amazon Linux is a Linux distribution created and maintained by AWS, optimized for the AWS infrastructure
• Key benefits include:
  • Tight integration with AWS services for seamless deployment and operations
  • Strong security focus with regular security patches and bug fixes
  • Simplified operations through deep AWS service integrations
  • Compliance-ready for regulated industries
  • Lower total cost of ownership with no licensing fees

Evolution of Amazon Linux

• Amazon Linux 1 (AL1) launched in 2010, purpose-built for the cloud
• Amazon Linux 2 (AL2) launched in 2017, providing enhanced stability and security
• Amazon Linux 2023 (AL2023) launched in 2023, offering modern features and improved security defaults

Security Enhancements in AL2023

• Comprehensive security vulnerability management:
  • Evaluated over 1,500 security fixes for AL2023 this year alone
  • Prioritized based on severity, with a focus on critical and important CVEs
  • Over 60% of CVEs were related to the Linux kernel, highlighting the importance of kernel maintenance
• Improved kernel maintenance strategy:
  • Shifted to a 4-year kernel maintenance period, compared to the upstream 2-year support
  • Introduced SSM parameters to easily target specific kernel versions
  • Provided a "kernel default" option for seamless kernel version updates
• Compliance certifications:
  • Achieved FIPS 140 validation for key cryptographic modules in AL2023
  • Developed an AL2023-specific DISA STIG, with automation through EC2 Image Builder and AWS Systems Manager

Performance Optimizations

• Addressed performance regressions when transitioning from OpenSSL 1.0.2 (in AL2) to 3.0 (in AL2023)
  • Upgraded to OpenSSL 3.2.2, which restored performance to AL2 levels
  • Synthetic benchmarks showed up to 15x improvements, and real-world TLS performance doubled or tripled
• Separated the FIPS-validated OpenSSL modules into a standalone package

New Features

• Introduced a Gnome-based graphical desktop environment for AL2023
  • Designed to minimize dependencies and security risks
  • Integrated with the Amazon DCV service for secure remote access
• Provided optimized Nvidia software stacks for EC2 accelerated instances
  • Validated and qualified by the EC2 platform team for best performance
  • Included security metadata and advisories for easier compliance reporting

Upcoming Changes

• Amazon Linux 2 (AL2) will reach end-of-support on June 30, 2026
  • Customers are encouraged to migrate to AL2023 before this deadline
• The next version of Amazon Linux (planned for 2027) will focus on:
  • Continuity and predictability, with a 12-month advance notice for new versions
  • Easier upgrades, with overlapping kernel versions and enhanced migration guidance
  • Expanded support for AI/ML workloads

Key Takeaways

• AL2023 introduces significant security, performance, and compliance enhancements, addressing customer feedback
• The new kernel maintenance strategy and OpenSSL optimizations improve stability and reduce operational overhead
• The graphical desktop and Nvidia software integrations expand the capabilities of Amazon Linux
• Customers should plan their migration from AL2 to AL2023 before the end-of-support deadline
• The next version of Amazon Linux (planned for 2027) will focus on predictability, easy upgrades, and AI/ML support