Help improve this page
To contribute to this user guide, choose the Edit this page on GitHub link that is located in the right pane of every page.
Guide to EKS AL2 & AL2-Accelerated AMIs transition features
Amazon will end support for EKS AL2-optimized and AL2-accelerated AMIs, effective November 26, 2025. While you can continue using EKS AL2 AMIs after the end-of-support (EOS) date (November 26, 2025), EKS will no longer release any new Kubernetes versions or updates to AL2 AMIs, including minor releases, patches, and bug fixes after this date. We recommend upgrading to Amazon Linux 2023 (AL2023) or Bottlerocket AMIs:
-
AL2023 enables a secure-by-default approach with preconfigured security policies, SELinux in permissive mode, IMDSv2-only mode enabled by default, optimized boot times, and improved package management for enhanced security and performance, well-suited for infrastructure requiring significant customizations like direct OS-level access or extensive node changes.
-
Bottlerocket enables enhanced security, faster boot times, and a smaller attack surface for improved efficiency with its purpose-built, container-optimized design, well-suited for container-native approaches with minimal node customizations.
Alternatively, you can Build a custom Amazon Linux AMI until the EOS date (November 26, 2025), or build a custom AMI with an Amazon Linux 2 base instance until the Amazon Linux 2 EOS date (June 30, 2026). For more information, please visit AL2023 FAQs
Migration and support FAQs
How do I migrate from my AL2 to an AL2023 AMI?
We recommend creating and implementing a migration plan that includes thorough application workload testing and documented rollback procedures, then following the step-by-step instructions in the Upgrade from Amazon Linux 2 to Amazon Linux 2023
Can I build a custom AL2 AMI past the EKS end-of-support (EOS) date for EKS optimized AL2 AMIs?
While we recommend moving to officially supported and published EKS optimized AMIs for AL2023 or Bottlerocket, you can build custom EKS AL2-optimized and AL2-accelerated AMIs until the AL2 AMI EOS date (November 26, 2025). Alternatively, you can build a custom AMI with an Amazon Linux 2 base instance until the Amazon Linux 2 EOS date (June 30, 2026). For step-by-step instructions to build a custom EKS AL2-optimized and AL2-accelerated AMI, see Build a custom Amazon Linux AMI
Does the EKS Kubernetes version support policy apply to Amazon Linux distributions?
No. The EOS date for EKS AL2-optimized and AL2-accelerated AMIs is independent of the standard and extended support timelines for Kubernetes versions by EKS. You need to migrate to AL2023 or Bottlerocket even if you are using EKS extended support.
How does the shift from cgroupv1 to cgroupv2 affect my migration?
The Kubernetes communitycgroupv1 support (used by AL2) into maintenance mode, meaning no new features will be added and only critical security and major bug fixes will be provided.
To adopt cgroupv2 in Kubernetes, you need to ensure compatibility across the OS, kernel, container runtime, and Kubernetes components.
This requires a Linux distribution that enables cgroupv2 by default, such as AL2023, Bottlerocket, Red Hat Enterprise Linux (RHEL) 9+, Ubuntu 22.04+, or Debian 11+.
These distributions ship with kernel versions ≥5.8, which is the minimum requirement for cgroupv2 support in Kubernetes. To learn more, see About cgroup v2
What do I do if I need Neuron in my custom AL2 AMI?
You cannot run your full Neuron-powered applications natively on an AL2-based AMIs.
To leverage Amazon Neuron on an AL2 AMI, you must containerize you applications using a Neuron-supported container with a non-AL2 Linux distribution (e.g., Ubuntu 22.04, Amazon Linux 2023, etc.) and then deploy those containers on an AL2-based AMI that has the Neuron Driver (aws-neuronx-dkms) installed.
Compatibility and versions
Supported Kubernetes versions for AL2 AMIs
Kubernetes version 1.32 is the last version for which Amazon EKS will release AL2 (Amazon Linux 2) AMIs. For supported
NVIDIA drivers comparison for AL2, AL2023, and Bottlerocket AMIs
| Driver Branch | Amazon Linux 2 AMI | Amazon Linux 2023 AMI | Bottlerocket AMI | End-of-Life Date |
|---|---|---|---|---|
|
R535 |
Not Supported |
Not Supported |
Supported |
|
|
R550 |
Supported |
Supported |
Not Supported |
|
|
R560 |
Not Supported |
Supported |
Not Supported |
|
|
R570 |
Not Supported |
Supported |
Coming soon |
To learn more, see Nvidia Release Documentation
NVIDIA CUDA versions comparison for AL2, AL2023, and Bottlerocket AMIs
To learn more, see CUDA Release Documentation
Supported drivers and Linux kernel versions comparison for AL2, AL2023, and Bottlerocket AMIs
Amazon Neuron compatibility with AL2 AMIs
Starting from Amazon Neuron release 2.20aws-neuronx-runtime-lib) used by EKS AL-based AMIs no longer supports Amazon Linux 2 (AL2).
The Neuron Driver (aws-neuronx-dkms) is now the only Amazon Neuron package that supports Amazon Linux 2.
This means you cannot run your Neuron-powered applications natively on an AL2-based AMI.
To setup Neuron on AL2023 AMIs, see the Amazon Neuron Setup
Kubernetes compatibility with AL2 AMIs
The Kubernetes community has moved cgroupv1 support (used by AL2) to maintenance mode.
This means no new features will be added, and only critical security and major bug fixes will be provided.
Any Kubernetes features relying on cgroupv2, such as MemoryQoS and enhanced resource isolation, are unavailable on AL2.
Furthermore, Amazon EKS Kubernetes version 1.32 was the last version to support AL2 AMIs.
To maintain compatibility with the latest Kubernetes versions, we recommend migrating to AL2023 or Bottlerocket, which enable cgroupv2 by default.
Linux version compatibility with AL2 AMIs
Amazon Linux 2 (AL2) is supported by Amazon until its end-of-support (EOS) date on June 30, 2026.
However, as AL2 has aged, support from the broader Linux community for new applications and functionality has become more limited.
AL2 AMIs are based on Linux kernel 5.10
Deprecated packages not included in AL2023
A few of the most common packages that are not included or which changed in AL2023, include:
-
Some source binary packages in Amazon Linux 2
are no longer available in Amazon Linux 2023 -
Changes in how Amazon Linux supports different versions of packages (e.g., amazon-linux-extras system
) in AL2023 -
Extra Packages for Enterprise Linux (EPEL)
are not supported in AL2023 -
32-bit applications
are not supported in AL2023 -
AL2023 does not make mate-desktop
packages
To learn more, see Comparing AL2 and AL2023
FIPS validation comparison across AL2, AL2023, and Bottlerocket
Amazon Linux 2 (AL2), Amazon Linux 2023 (AL2023), and Bottlerocket provide support for Federal Information Processing Standards (FIPS) compliance.
-
AL2 is certified under FIPS 140-2 and AL2023 is certified under FIPS 140-3. To enable FIPS mode on AL2023, install the necessary packages on your Amazon EC2 instance and follow the configuration steps using the instructions in Enable FIPS Mode on AL2023
. To learn more, see AL2023 FAQs . -
Bottlerocket provides purpose-built variants specifically for FIPS which constrain the kernel and userspace components to the use of cryptographic modules that have been submitted to the FIPS 140-3 Cryptographic Module Validation Program.
EKS AMI driver and versions changelog
For a complete list of all EKS AMI components and their versions, see Amazon EKS AMI Release Notes