Amazon Web Services launched Bottlerocket, a new open-source Linux-based Operating System purpose-built to run containers. The new OS only includes the software needed to run containers and comes with a transactional update mechanism. It allows users to use container orchestrators to manage OS updates with minimal disruptions, enabling improved security and lower operational costs for containerized applications.
Amazon EKS and ECS
Amazon’s new operating system’s images are now available for Amazon EKS and Amazon ECS. AWS also announced that Bottlerocket focuses on security. It only includes the essential software to host containers, thus reduces exposure to attacks. Security-Enhanced Linux included in the Bottlerocket in enforcing mode for isolation and uses Device Mapper’s verity target, a Linux kernel feature that helps prevent rootkit-based attacks. Bottlerocket updates are also applied and rolled back in an atomic manner.