Amazon ECS-optimized Linux AMIs
Amazon ECS provides the Amazon ECS-optimized AMIs that are preconfigured with the requirements and recommendations to run your container workloads. We recommend that you use the Amazon ECS-optimized Amazon Linux 2023 AMI for your Amazon EC2 instances unless your application requires Amazon EC2 GPU-based instances, a specific operating system or a Docker version that is not yet available in that AMI. For information about the Amazon Linux 2 and Amazon Linux 2023 instances, see Comparing Amazon Linux 2 and Amazon Linux 2023 in the Amazon Linux 2023 User Guide. Launching your container instances from the most recent Amazon ECS-Optimized AMI ensures that you receive the current security updates and container agent version. For information about how to launch an instance, see Launching an Amazon ECS Linux container instance.
When you create a cluster using the console, Amazon ECS creates a launch template for your instances with the latest AMI associated with the selected operating system.
When you use Amazon CloudFormation to create a cluster, the SSM parameter is part of the Amazon EC2 launch template for the Auto Scaling group instances. You can configure the template to use a dynamic Systems Manager parameter to determine what Amazon ECS Optimized AMI to deploy. This parameter ensures that each time you deploy the stack it will check to see if there is available update that needs to be applied to the EC2 instances. For an example of how to use the Systems Manager parameter, see Create an Amazon ECS cluster with the Amazon ECS-optimized Amazon Linux 2023 AMI in the Amazon CloudFormation User Guide.
If you need to customize the Amazon ECS-optimized AMI, see Amazon ECS Optimized AMI Build Recipes
The Linux variants of the Amazon ECS-optimized AMI use the Amazon Linux 2 AMI as their base. The Amazon Linux 2 AMI release notes are available as well. For more information, see Amazon Linux 2 release notes.
We recommend that you use an AMI with Linux kernel 5.10 because Linux kernel 4.14 reached end-of-life on January 10, 2024.
The following variants of the Amazon ECS-optimized AMI are available for your Amazon EC2 instances with the Amazon Linux 2023 operating system.
| Operating system | AMI | Description | Storage configuration |
|---|---|---|---|
| Amazon Linux 2023 | Amazon ECS-optimized Amazon Linux 2023 AMI |
Amazon Linux 2023 is the next generation of Amazon Linux from Amazon. For most cases, recommended for launching your Amazon EC2 instances for your Amazon ECS workloads. For more information, see What is Amazon Linux 2023 in the Amazon Linux 2023 User Guide. |
By default, the Amazon ECS-optimized Amazon Linux 2023 AMI ships with a single 30-GiB root volume. You
can modify the 30-GiB root volume size at launch time to increase the
available storage on your container instance. This storage is used for the
operating system and for Docker images and metadata. The default
filesystem for the Amazon ECS-optimized Amazon Linux 2023 AMI is |
| Amazon Linux 2023 (arm64) | Amazon ECS-optimized Amazon Linux 2023 (arm64) AMI |
Based on Amazon Linux 2023, this AMI is recommended for use when launching your Amazon EC2 instances, which are powered by Arm-based Amazon Graviton/Graviton 2/Graviton 3/Graviton 4 Processors, for your Amazon ECS workloads. For more information, see Specifications for the Amazon EC2 general purpose instances in the Amazon EC2 Instance Types guide. |
By default, the Amazon ECS-optimized Amazon Linux 2023 AMI ships with a single 30-GiB root volume. You
can modify the 30-GiB root volume size at launch time to increase the
available storage on your container instance. This storage is used for the
operating system and for Docker images and metadata. The default
filesystem for the Amazon ECS-optimized Amazon Linux 2023 AMI is |
| Amazon Linux 2023 (Neuron) | Amazon ECS-optimized Amazon Linux 2023 AMI |
Based on Amazon Linux 2023, this AMIis for Amazon EC2 Inf1, Trn1 or Inf2 instances. It comes pre-configured with Amazon Inferentia and Amazon Trainium drivers and the Amazon Neuron runtime for Docker which makes running machine learning inference workloads easier on Amazon ECS. For more information, see Amazon ECS task definitions for Amazon Neuron machine learning workloads. The Amazon ECS-optimized Amazon Linux 2023 (Neuron) AMI does not come with the Amazon CLI preinstalled. |
By default, the Amazon ECS-optimized Amazon Linux 2023 AMI ships with a single 30-GiB root volume. You
can modify the 30-GiB root volume size at launch time to increase the
available storage on your container instance. This storage is used for the
operating system and for Docker images and metadata. The default
filesystem for the Amazon ECS-optimized Amazon Linux 2023 AMI is |
| Amazon Linux 2023 GPU | Amazon ECS optimized Amazon Linux 2023 GPU AMI |
Based on Amazon Linux 2023, this AMI is recommended for use when launching your Amazon EC2 GPU-based instances for your Amazon ECS workloads. It comes pre-configured with NVIDIA kernel drivers and a Docker GPU runtime which makes running workloads that take advantage of GPUs on Amazon ECS. For more information, see Amazon ECS task definitions for GPU workloads. |
By default, the Amazon ECS-optimized Amazon Linux 2023 AMI ships with a single 30-GiB root volume. You
can modify the 30-GiB root volume size at launch time to increase the
available storage on your container instance. This storage is used for the
operating system and for Docker images and metadata. The default
filesystem for the Amazon ECS-optimized Amazon Linux 2023 AMI is |
The following variants of the Amazon ECS-optimized AMI are available for your Amazon EC2 instances with the Amazon Linux 2 operating system.
| Operating system | AMI | Description | Storage configuration |
|---|---|---|---|
|
Amazon Linux 2 |
Amazon ECS-optimized Amazon Linux 2 kernel 5.10 AMI | Based on Amazon Linux 2, this AMI is for use when launching your Amazon EC2 instances and you want to use Linux kernel 5.10 instead of kernel 4.14 for your Amazon ECS workloads. The Amazon ECS-optimized Amazon Linux 2 kernel 5.10 AMI does not come with the Amazon CLI preinstalled. | By default, the Amazon Linux 2-based Amazon ECS-optimized AMIs (Amazon ECS-optimized Amazon Linux 2 AMI,
Amazon ECS-optimized Amazon Linux 2 (arm64) AMI, and Amazon ECS GPU-optimized AMI) ship with a single 30-GiB root volume. You can
modify the 30-GiB root volume size at launch time to increase the available
storage on your container instance. This storage is used for the operating
system and for Docker images and metadata. The default filesystem for
the Amazon ECS-optimized Amazon Linux 2 AMI is |
|
Amazon Linux 2 |
Amazon ECS-optimized Amazon Linux 2 AMI | This is for your Amazon ECS workloads. The Amazon ECS-optimized Amazon Linux 2 AMI does not come with the Amazon CLI preinstalled. | By default, the Amazon Linux 2-based Amazon ECS-optimized AMIs (Amazon ECS-optimized Amazon Linux 2 AMI,
Amazon ECS-optimized Amazon Linux 2 (arm64) AMI, and Amazon ECS GPU-optimized AMI) ship with a single 30-GiB root volume. You can
modify the 30-GiB root volume size at launch time to increase the available
storage on your container instance. This storage is used for the operating
system and for Docker images and metadata. The default filesystem for
the Amazon ECS-optimized Amazon Linux 2 AMI is |
|
Amazon Linux 2 (arm64) |
Amazon ECS-optimized Amazon Linux 2 kernel 5.10 (arm64) AMI |
Based on Amazon Linux 2, this AMI is for your Amazon EC2 instances, which are powered by Arm-based Amazon Graviton/Graviton 2/Graviton 3/Graviton 4 Processors, and you want to use Linux kernel 5.10 instead of Linux kernel 4.14 for your Amazon ECS workloads. For more information, see Specifications for Amazon EC2 general purpose instances in the Amazon EC2 Instance Types guide. The Amazon ECS-optimized Amazon Linux 2 (arm64) AMI does not come with the Amazon CLI preinstalled. |
By default, the Amazon Linux 2-based Amazon ECS-optimized AMIs (Amazon ECS-optimized Amazon Linux 2 AMI,
Amazon ECS-optimized Amazon Linux 2 (arm64) AMI, and Amazon ECS GPU-optimized AMI) ship with a single 30-GiB root volume. You can
modify the 30-GiB root volume size at launch time to increase the available
storage on your container instance. This storage is used for the operating
system and for Docker images and metadata. The default filesystem for
the Amazon ECS-optimized Amazon Linux 2 AMI is |
| Amazon Linux 2 (arm64) | Amazon ECS-optimized Amazon Linux 2 (arm64) AMI |
Based on Amazon Linux 2, this AMI is for use when launching your Amazon EC2 instances, which are powered by Arm-based Amazon Graviton/Graviton 2/Graviton 3/Graviton 4 Processors, for your Amazon ECS workloads. The Amazon ECS-optimized Amazon Linux 2 (arm64) AMI does not come with the Amazon CLI preinstalled. |
By default, the Amazon Linux 2-based Amazon ECS-optimized AMIs (Amazon ECS-optimized Amazon Linux 2 AMI,
Amazon ECS-optimized Amazon Linux 2 (arm64) AMI, and Amazon ECS GPU-optimized AMI) ship with a single 30-GiB root volume. You can
modify the 30-GiB root volume size at launch time to increase the available
storage on your container instance. This storage is used for the operating
system and for Docker images and metadata. The default filesystem for
the Amazon ECS-optimized Amazon Linux 2 AMI is |
|
Amazon Linux 2 (GPU) |
Amazon ECS GPU-optimized kernel 5.10 AMI | Based on Amazon Linux 2, this AMI is recommended for use when launching your Amazon EC2 GPU-based instances with Linux kernel 5.10 for your Amazon ECS workloads. It comes pre-configured with NVIDIA kernel drivers and a Docker GPU runtime which makes running workloads that take advantage of GPUs on Amazon ECS. For more information, see Amazon ECS task definitions for GPU workloads. | By default, the Amazon Linux 2-based Amazon ECS-optimized AMIs (Amazon ECS-optimized Amazon Linux 2 AMI,
Amazon ECS-optimized Amazon Linux 2 (arm64) AMI, and Amazon ECS GPU-optimized AMI) ship with a single 30-GiB root volume. You can
modify the 30-GiB root volume size at launch time to increase the available
storage on your container instance. This storage is used for the operating
system and for Docker images and metadata. The default filesystem for
the Amazon ECS-optimized Amazon Linux 2 AMI is |
| Amazon Linux 2 (GPU) | Amazon ECS GPU-optimized AMI | Based on Amazon Linux 2, this AMI is recommended for use when launching your Amazon EC2 GPU-based instances with Linux kernel 4.14 for your Amazon ECS workloads. It comes pre-configured with NVIDIA kernel drivers and a Docker GPU runtime which makes running workloads that take advantage of GPUs on Amazon ECS. For more information, see Amazon ECS task definitions for GPU workloads. | By default, the Amazon Linux 2-based Amazon ECS-optimized AMIs (Amazon ECS-optimized Amazon Linux 2 AMI,
Amazon ECS-optimized Amazon Linux 2 (arm64) AMI, and Amazon ECS GPU-optimized AMI) ship with a single 30-GiB root volume. You can
modify the 30-GiB root volume size at launch time to increase the available
storage on your container instance. This storage is used for the operating
system and for Docker images and metadata. The default filesystem for
the Amazon ECS-optimized Amazon Linux 2 AMI is |
| Amazon Linux 2 (Neuron) | Amazon ECS optimized Amazon Linux 2 (Neuron) kernel 5.10 AMI | Based on Amazon Linux 2, this AMI is for Amazon EC2 Inf1, Trn1 or Inf2 instances. It comes pre-configured with Amazon Inferentia with Linux kernel 5.10 and Amazon Trainium drivers and the Amazon Neuron runtime for Docker which makes running machine learning inference workloads easier on Amazon ECS. For more information, see Amazon ECS task definitions for Amazon Neuron machine learning workloads. The Amazon ECS optimized Amazon Linux 2 (Neuron) AMI does not come with the Amazon CLI preinstalled. | By default, the Amazon Linux 2-based Amazon ECS-optimized AMIs (Amazon ECS-optimized Amazon Linux 2 AMI,
Amazon ECS-optimized Amazon Linux 2 (arm64) AMI, and Amazon ECS GPU-optimized AMI) ship with a single 30-GiB root volume. You can
modify the 30-GiB root volume size at launch time to increase the available
storage on your container instance. This storage is used for the operating
system and for Docker images and metadata. The default filesystem for
the Amazon ECS-optimized Amazon Linux 2 AMI is |
| Amazon Linux 2 (Neuron) | Amazon ECS optimized Amazon Linux 2 (Neuron) AMI | Based on Amazon Linux 2, this AMI is for Amazon EC2 Inf1, Trn1 or Inf2 instances. It comes pre-configured with Amazon Inferentia and Amazon Trainium drivers and the Amazon Neuron runtime for Docker which makes running machine learning inference workloads easier on Amazon ECS. For more information, see Amazon ECS task definitions for Amazon Neuron machine learning workloads. The Amazon ECS optimized Amazon Linux 2 (Neuron) AMI does not come with the Amazon CLI preinstalled. | By default, the Amazon Linux 2-based Amazon ECS-optimized AMIs (Amazon ECS-optimized Amazon Linux 2 AMI,
Amazon ECS-optimized Amazon Linux 2 (arm64) AMI, and Amazon ECS GPU-optimized AMI) ship with a single 30-GiB root volume. You can
modify the 30-GiB root volume size at launch time to increase the available
storage on your container instance. This storage is used for the operating
system and for Docker images and metadata. The default filesystem for
the Amazon ECS-optimized Amazon Linux 2 AMI is |
Amazon ECS provides a changelog for the Linux variant of the Amazon ECS-optimized AMI on GitHub.
For more information, see Changelog
The Linux variants of the Amazon ECS-optimized AMI use the Amazon Linux 2 AMI or Amazon Linux 2023 AMI as their base. You can retrieve the Amazon Linux 2 source AMI name or the Amazon Linux 2023 AMI name for each variant by querying the Systems Manager Parameter Store API. For more information, see Retrieving Amazon ECS-optimized Linux AMI metadata. The Amazon Linux 2 AMI release notes are available as well. For more information, see Amazon Linux 2 release notes. The Amazon Linux 2023 release notes are available as well. For more information see, Amazon Linux 2023 release notes.
The following pages provide additional information about the changes:
-
Source AMI release
notes on GitHub -
Docker Engine release notes
in the Docker documentation -
NVIDIA Driver Documentation
in the NVIDIA documentation -
Amazon ECS agent changelog
on GitHub The source code for the
ecs-initapplication and the scripts and configuration for packaging the agent are now part of the agent repository. For older versions ofecs-initand packaging, see Amazon ecs-init changelogon GitHub
Applying security updates to the Amazon ECS-optimized AMI
The Amazon ECS-optimized AMIs based on Amazon Linux contain a customized version of cloud-init. Cloud-init is a package that is used to bootstrap Linux images in a cloud computing environment and perform desired actions when launching an instance. By default, all Amazon ECS-optimized AMIs based on Amazon Linux released before June 12, 2024 have all "Critical" and "Important" security updates applied upon instance launch.
Beginning with the June 12, 2024 releases of the Amazon ECS-optimized AMIs based on Amazon Linux 2, the default behavior will no longer include updating packages at launch. Instead, we recommend that you update to a new Amazon ECS-optimized AMI as releases are made available. The Amazon ECS-optimized AMIs are released when there are available security updates or base AMI changes. This will ensure you are receiving the latest package versions and security updates, and that the package versions are immutable through instance launches. For more information on retrieving the latest Amazon ECS-optimized AMI, see Retrieving Amazon ECS-optimized Linux AMI metadata.
We recommend automating your environment to update to a new AMI as they are made
available. For information about the available options, see Amazon ECS enables easier EC2 capacity management, with managed instance
draining
To continue applying "Critical" and "Important" security updates manually on an AMI version, you can run the following command on your Amazon EC2 instance.
yum update --security
If you want to re-enable security updates at launch, you can add the following line to
the #cloud-config section of the cloud-init user data when launching your
Amazon EC2 instance. For more information, see Using cloud-init on Amazon Linux 2 in
the Amazon Linux User Guide.
#cloud-config repo_upgrade: security