Comparing Amazon Linux 2 and Amazon Linux 2022 - Amazon Linux 2022
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Amazon Linux 2022 is in preview release and is subject to change.

Comparing Amazon Linux 2 and Amazon Linux 2022

Support for each release

For Amazon Linux 2022 (AL2022), we offer five years of support.

For more information, see Amazon Linux 2022 release cadence.

Naming and versioning changes

Amazon Linux 2022 supports the same mechanisms that Amazon Linux 2 supports for platform identification. Amazon Linux 2022 also introduces new files for platform identification.

For more information, see Naming and versioning.

Optimizations

Amazon Linux 2022 optimizes boot time to reduce the time from instance launch to running the customer workload. These optimizations span the Amazon EC2 instance kernel configuration, cloud-init configurations, and features that are built into packages in the OS such askmod and systemd.

For more information about optimizations, see Performance and operational optimizations.

Security updates

SELinux

By default, Security Enhanced Linux (SELinux) for Amazon Linux 2022 is enabled and set to permissive mode. In permissive mode, permission denials are logged but not enforced.

SELinux is a security feature of the Amazon Linux kernel, which was disabled in Amazon Linux 2. SELinux is a collection of kernel features and utilities that provides mandatory access control (MAC) architecture into the major subsystems of the kernel.

For more information, see Setting SELinux modes.

For more information about SELinux repositories, tools, and policies, see SELinux Notebook, Types of SELinux policy, and SELinux Project .

OpenSSL 3

Amazon Linux 2022 features the Open Secure Sockets Layer version 3 (OpenSSL 3) cryptography toolkit. Amazon Linux 2022 uses the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) network protocols. It also uses the required cryptography standards.

By default, Amazon Linux 2 comes with OpenSSL 1.0.2. You can build applications against OpenSSL 1.1.1.

For more information about OpenSSL, see the OpenSSL migration guide.

For more information about security, see Security updates and features.

IMDSv2

By default, Amazon Linux 2022 is enabled with Instance Metadata Service Version 2 (IMDSv2). IMDSv2 is a session-oriented method for accessing instance metadata on a running Amazon EC2 instance. You must use a session token with IMDSv2. A session token allows for instance metadata requests for as long as the token is valid.

Note

The session token's time of validity can be anywhere between 1 second and 6 hours. The addresses to direct the API requests for IMDSv2 queries are the following:

  • IPv4: 169.254.169.254

  • IPv6: fd00:ec2::254

For more information about setting up and using the IMDSv2 service, see Use IMDSv2, Configure instance metadata options for new instances, and Modify instance metadata options for existing instances, in the Amazon EC2 User Guide for Linux Instances.

Deterministic upgrades for stability

With the deterministic upgrades through versioned repositories feature, every Amazon Linux 2022 Amazon Machine Image (AMI) by default is locked to a specific repository version. You can use deterministic upgrades to achieve greater consistency among package versions and updates. Each release, major or minor, includes a specific repository version.

New with Amazon Linux 2022, deterministic upgrading by default is enabled. This is an improvement over the manual, incremental method of locking that's used in Amazon Linux 2 and other earlier versions.

For more information, see Deterministic upgrades through versioned repositories.

Built on Fedora

Amazon Linux 2022 is based on Fedora, but isn't directly compatible with any particular release of Fedora. Amazon Linux 2 was built on several upstream sources including Fedora.

For more information, see Relationship to Fedora.

AMI root filesystem

The Amazon Linux 2022 AMI and Amazon Linux 2 both use the XFS filesystem on the root filesystem.

Amazon Linux 2022 also supports a number of other filesystems that you can use on other volumes to meet your specific requirements.

Networking system service

The systemd-networkd system service manages the network interfaces in Amazon Linux 2022. This is a change from Amazon Linux 2, which uses ISC dhclient or dhclient.

For more information, see Networking service.

Packages for glibc, gcc, and binutils

Amazon Linux 2022 includes many of the same core packages as Amazon Linux 2.

We updated the following three core toolchain packages for Amazon Linux 2022.

Package name Amazon Linux 2 Amazon Linux 2022
glibc

2.26

2.34

gcc

7.3

11.2

binutils

2.29

2.35

For more information, see Core toolchain packages glibc, gcc, binutils.

Package manager

The default software package management tool on Amazon Linux 2022 is DNF. DNF is the successor to YUM, the package management tool in Amazon Linux 2.

For more information, see Package management tool.

SSH server default configuration changes

For the Amazon Linux 2022 AMI, we changed the types of SSHD host keys that we generate with the release. We also dropped some legacy key types to avoid generating them at launch time. Clients must support the rsa-sha2-256 and rsa-sha2-512 protocols or ssh-ed25519 with use of an ed25519 key. By default, ssh-rsa signatures are disabled.

For more information, see Default SSH server configuration.

Extra Packages for Enterprise Linux

Extra Packages for Enterprise Linux (EPEL) is a project in the Fedora community with the objective of creating a large array of packages for enterprise-level Linux operating systems. The project has primarily produced RHEL and CentOS packages. Amazon Linux 2 features a high level of compatibility with CentOS 7. As a result, many EPEL7 packages work on Amazon Linux 2. However, no EPEL or EPEL-like repositories currently work on Amazon Linux 2022.

Using cloud-init

In Amazon Linux 2022, cloud-init manages the package repository. By default, in earlier versions of Amazon Linux, cloud-init installed security updates. This isn't the default for Amazon Linux 2022. The new deterministic upgrading features for updating releasever at launch describe the Amazon Linux 2022 way to enable package updates at launch. For more information, see Managing packages and operating system updates and Deterministic upgrades for stability.

With Amazon Linux 2022, you can use cloud-init with SELinux. For more information, see Use cloud-init to enable enforcing mode.

Cloud-init loads configuration content with cloud-init from remote locations using HTTP(S). In earlier versions, Amazon Linux doesn't alert you when remote resources are unavailable. In Amazon Linux 2022, unavailable remote resources creates a fatal error and fails the cloud-init execution. This change in behavior from Amazon Linux 2, provides a safer "fail closed" default behavior.

For more information, see Customized cloud-init and the cloud-init Documentation.