Amazon Linux 2023 and beyond

All right. Hey, everyone. Welcome to the session. Amazon Linux 2023 and Beyond. My name is Palvi Ravishankar. I am a Senior Product Manager on the EC2 team and with me today is Chris Schlager.

Chris: Hello. Uh good afternoon. Uh I'm the Director of Kernel and Operating System within EC2. And Amazon Linux is one of the key deliverables of my organization.

Awesome. Before we kick things off today, um can we do a little show of hands? How many of you run Amazon Linux today? Oh, fair number of you. All right. Anybody running another Linux distribution, not Amazon Linux? Ok. Get a fair number. Anybody running a non Linux distribution? There's still some of you. All right, great.

So today, what we're gonna do is we're gonna do a brief intro to all things, Amazon Linux. And then we're going to tell you a little bit about our latest version, Amazon Linux 2023. And then we're gonna get into why Amazon Linux should be your operating system of choice on AWS followed by. Since a number of you are running Amazon Linux already, we're going to talk a little bit about migration and how to get on to the latest version of Amazon Linux and then we're gonna finish off with uh our engineering philosophy. I will leave some time towards the end for Q&A.

All right, that I'm gonna hand it off to Chris.

Chris: Ok. Yeah, so we've seen uh many of you are familiar with Amazon Linux already, but for those that haven't had a chance to look at it yet. Now, let me do a quick introduction of what it is. Um Amazon Linux is an RPM based distribution that was first introduced in 2014 to the world. Um we had internal versions of it before that, but I mean, the public part is probably what counts. Um the idea behind Amazon Linux is that it's optimized for use within AWS. That is our primary use case. So if you wanna run an up uh workload on AWS, uh and you need an operating system, we want you to consider Amazon Billings being the best choice that you have.

Um we do quite a bit of work and we'll explain that in this uh uh session, what we're all doing and why uh it actually makes sense for you to use Amazon Linux. Um it's available in multiple forms so you can use Amazon Linux. If you run on bare metal instances, you can use Amazon Linux if you use EC2 instances. Um you can use it if you are using containers with ECS or EKS uh and we even provide what we call the on prem images. So if you wanna run it uh on your workstation at uh home or in your laptop, uh you can use it. The only caveat there is you need to have a hypervisor. It's not bare metal for uh that use case. Um reason is there's no installation process that is available. The cloud is image based.

Um Amazon Linux is intended to be a general purpose operating system. So we wanna cover as many workloads as possible um that you have. Um and uh it's focused obviously on workloads that you find in the cloud. Um and so it's not a surprise that almost every AWS service that we have runs on Amazon Linux. So even if you're not using Amazon Linux directly, there is a fair chance that you have used Amazon Linux before because if you're using S3 or EKS ECS, Lambda, you name it. Um you will have used Amazon Linux behind the scenes.

Ok. Let's move on. So what is Amazon Lys? Did we go back? Yes, we did go back. Sorry, this is the right side. So let's talk a little bit about the latest version, Amazon Linux 2023. Um it was released um earlier this year in March. It comes down with a five year support period and uh we're gonna talk about the features uh that make Amazon Linux 2023 special and why you should consider migrating to Amazon Linux 2023 as quickly as possible.

So um Amazon Linux features a predictable release cadence um that starts with our biweekly security updates. So every second week, we provide typically an update um with security patches if there is an important or critical um uh CVE that we want you to get as quickly as possible. We also do out of cycle releases for this specific uh purpose.

Um outside of the security updates, you will get quarterly releases, these come with um uh bug fixes or even new packages that we release. So every quarter, um there's a release that package in ic and then uh we'll do an announcement and you can um get that.

Um all of these updates are always available as AMIs as well. So we're not just updating the, the RPM packages, but we are also providing corresponding new AMIs. So if you do want to use the latest AMI and there are good reasons why you want to do that. Um then feel free to always grab the latest on um in terms of features that we introduced with Amazon Linux, there is a whole bunch.

Um one of the few that we will talk about here are either something that we developed internally specifically for the use of our customers like deterministic updates. And there's gonna be a demo from fla uh in the session. And then um there are also uh things we have curated specifically for the needs of our customers. This is typically stuff that was developed outside of Amazon in the upstream open source communities and some features to name here are, for example, um SELinux support or uh kernel hardening and uh features like that.

So, um oh henry black two. All right, thanks. Um so that brings us to why you should select Amazon Linux as your operating system of choice. When you run workloads on AWS, there are several reasons why and we're going to get into each one of these in depth through, through the course of this presentation broadly speaking, they can be categorized into four pillars, right? The first one is the optimization for AWS secure by default, an operating system that is simple and easy to maintain as you run workloads on it. And of course, there is cost which that is not associated with Amazon Linux. We're going to get into every one of these.

Let's start with the first one, why Amazon Linux is optimized for AWS. Amazon Linux comes integrated with the tools, agents and service support that you need to run your workloads. Let me explain what this means. What do you need to run a workload on AWS? Typically you start with an instance or a container, let's say you start with an instance. And when you launch your Amazon Linux, when you, when you launch your first instance on two, amaz on linux, and usually the latest AMI that we provide, which is now Amazon Linux 2023 is the default AMI that is available to you, right? You just hit launch instance and then boom, you got an Amazon Linux 2023 instance.

The reason why this is optimized is because regardless of the instance family or type that you select as during your instance launch process, Amazon Linux will run on it, right? It also comes integrated with additional tools and agents that you need. Let me give you an example. One of the first things that most people do when they launch an instance is they connect to it, you either go to the EC2 console and and have that one click EC2 instance connect connection to your instance or perhaps you want to do this at scale, you have hundreds of instances and you use something like AWS Systems Manager, Patch Manager or Fleet Manager to administer your infrastructure at scale.

Amazon Linux comes bundled with the SSM agent that is ready for you to use without additional overhead of setup or figuring out what I need in order to use this other AWS service that is making my management so simple, right?

Then there is then perhaps another example which is a lot of you use Amazon Inspector to for your vulnerability management, right? One of the ways that Amazon Linux simplifies this for you is it comes bundled with the Amazon Inspector agent and you know, automatically all of the vulnerability information CVE patches. So status, all of it is available to you through one dashboard in the Amazon Inspector page.

This is even applicable to things like AWS Batch perhaps where you're just running a job and automatically the default option for you is Amazon with us. You don't even have to think about, you know how you're running your workload. You've sort of got you covered regardless of your journey.

Another way, as I mentioned, another typical workflow is you're perhaps using a container to run your workload. So this could be the ECS or EKS and you can simply grab the ECS or EKS optimized. Amazon Linux AMI to run your workloads on or perhaps you are a developer and you do not want to worry about, you know, you just want to run your code without worrying about provisioning servers or maintaining them, right? You can simply, you, you simply want the latest version of latest run time for your favorite um language like Python or PHP. You can use the AWS Lambda function, which is powered by Amazon Linux to run your particular application.

Or perhaps you just want to deploy an application without even wondering about the software dependencies or versions or underlying infrastructure, then you have the option to run it with the AWS Elastic Beanstalk which allows you to run your application on the latest version of Amazon Linux that is available to you.

So I think in summation. Right. Amazon Linux, regardless of your journey of how you want to run your workload on AWS. There are many facets to it and there are many ways that you can do it. But we have support for all of those different ways that you could potentially run a workload on AWS.

All right. Now that you're on your journey and you're running your workload on AWS. What's next? You want to make sure that your workloads are running in a secure manner. The whole philosophy behind Amazon Linux is to raise the bar of security with every single security update, minor update or major version of Amazon Linux that we launch. And as a testament to that, one of I want to talk through some of the major changes that we've introduced in Amazon Linux 2023 to improve the security posture.

So starting off the first thing is the package footprint. A 2023 took a very critical approach to security by reducing the number of packages that we ship while largely retaining and offering you the same functionality that we provide as part of a two, reducing the package footprint means we are reducing the dependencies and thus improving the posture of the us by limiting the exposure.

Another thing that we introduced as part of a l 2023 as chris was alluding to is SELinux support A L 2023 comes with several preconfigured security policies that make it easy for you to implement common industry guidelines and these policies can be configured at launch time or perhaps, you know, you're setting it, setting the system crypto policy or even post deploying your application. You want to go from SELinux permissive to enforcing by default. Amazon Linux 2023 is has SELinux in permissive mode, you can always go ahead and enforce it.

Another key aspect of security is ensuring that the kernel of the operating system is secure and we have improvements there as well. A 2023 builds on the hardening offered and present in Amazon. The next two, we take advantage of key features like the Graviton three support for pointer authentication by and automatically enable it for you in the kernel. A pointer authentication code is used to determine if the pointers are opt i'm so um if the pointers have been modified uh unexpectedly, right? There are other optional features that you can enable in terms of kernel hardening such as kernel stack offset that you can go and configure on your own for your cisco entries.

For a full list of all the changes that we've made to the Linux kernel as well as how to enable optional features. You can refer the A L 2023 user guide that will give you detailed instructions on how to get this set up and how to further harden your Linux kernel from an applying patches perspective. We have introduced support for live kernel patching, live kernel patching allows you to patch vulnerabilities in your Amazon Linux kernel without any downtime to your workloads. This is an additional improvement from the biweekly security updates that chris was talking about.

We have moved, we have generally moved to a more predictable cadence for all kinds of updates, updates, upgrades and package availability. Right. The first one is the biweekly security updates. Every two weeks, we provide a security update and for every one of those updates, we provide a new Amazon xu AMI. So if you're running a workload on AWS, the best thing to do is to always grab the latest AMI because it will contain the latest most recent security updates that are available for the operating system.

Now, obviously, this is appealing from an ephemeral workload perspective, right? If you're running an ephemeral workload, you simply ensure you're always self selecting the latest AMI and running your workload on it. Now, I understand there are a lot of workloads that are not ephemeral and it may not always be possible to run your workload on the latest AMI because either you know, you're dependent on your application life cycle or perhaps you have a qualification requirement or there is a compliance need and we've got you covered there as well and i'm going to talk a little bit more about it in depth in our next pillar.

So i gave you, i gave you a lot of met a lot of information about features and you know, updates that you've made as part of a l 2023. Let's talk some metrics, right. The amazon linux team continually continuously evaluates critical uh common vulnerabilities and exposures and determines if they are applicable to various versions of amazon linux that we ship

So this includes Amazon Linux One, Amazon Linux Two and Amazon Linux 2023.

So year to date this year, we have evaluated 3,636 CVEs, um, just from January alone and we've done this with a p95 valuation time of less than or equal to three days.

Now, once a CVE has been evaluated, we assign it a severity rating and then subsequently provide a fix for it. So in terms of CVEs that have been patched, we have patched 232 CVEs that were deemed applicable on a 1, 1,000 and 18 vulnerabilities patched on a 2 and 592 CVEs patched on a 2023. This is all year to date.

The other differentiating aspect of Amazon Linux versus perhaps another Linux distribution is we actively patch CVEs regardless of their severity rating, which means we're not just patching, critical and important. We are patching CVEs of all severity, even mediums and lows.

So how do you stay abreast of all of the information around CVEs? We have a website called the Amazon Linux Security Center where you can subscribe to the RSS feed and ensure that you're consuming the latest security and CVE information. Alternatively, as I mentioned towards the beginning of the presentation, if you're using something like Amazon Inspector, this information is readily available to you in that forum as well.

Alright, before I move on to our next section around operations and just how do you maintain an OS, I want to mention a little quote from one of our key customers. Klarna is an AI powered global payments network and shopping assistant of the future. Klarna is one of the customers that recently moved a bunch of their workloads from Amazon Linux Two to AL 2023. And this is what Simone Marzola, their Senior Engineering Manager of the Klarna Engineering Platform had to say about this:

"Security is paramount. The shift to AL 2023 coupled with our atomic upgrade strategy has fortified our immutability standards with AL 2023's version repositories. We can ensure that a specific army version runs exact library versions laying the foundation for a deterministic software bill of materials, significantly enhancing our security posture."

There are a bunch of features mentioned in here. Um, and we're going to touch upon the deterministic updates and I'm going to show you a demo of how that works in a second here. But uh Klarna had a pretty successful migration to AL 2023. And they have been availing themselves of all the security and operational benefits that are available in the latest version.

Alright, a big piece of just running your workloads on a Linux distribution and just making sure it's secure is constantly patching and updating the operating system, um, to keep it secure. I'm going to talk a little bit about how we give you tools and capabilities to do so in a seamless manner.

Security is a shared responsibility. In the previous section, I talked about all the improvements and enhancements that we've made as part of Amazon Linux. And now I'm going to take you through what are some tools and mechanisms that you can use if you're not already using them to consume them.

Um beginning with our design philosophy, right? We try to introduce major changes with major versions of the OS in terms of managing your infrastructure at scale. As I was mentioning towards the beginning, we integrate with capabilities like Patch Manager and Fleet Manager to allow you to easily administer your instances at scale. A lot of these functionalities are available to you out of the box and free of charge.

Um in terms of predictability, we have a cadence, not just for our security updates but also for package updates and new features. We have moved to a quarterly cadence where every quarter we have a new release of Amazon Linux which contains potentially new packages, new features and updates to existing packages. And these are, these batched updates allow you to plan your migrations and updates in a more predictable manner.

But perhaps the biggest thing that we have introduced or rather a marquee feature of Amazon Linux 2023 is version repositories or deterministic updates with repository locking. Deterministic updates is a feature that is unique to Amazon Linux. We are the first operating system to introduce this capabilities and the key benefit of this is it just as the name suggests, it makes your updates more predictable. It also helps ensure you have a single consistent environment across your AWS infrastructure that you are running. This includes and holds true when even when new instances are launched, or perhaps somebody is running an update out of band you have the ability to ensure and the assurance that your Linux repository is locked to the version that you set.

Additionally, the other advantage is it also allows you to selectively consume the updates that you want. So what I mean by that is let's say you want to lock your repository to a specific version, but you want to continue receiving the security updates and bug fixes, you have the option to only consume those by setting your release version equals latest and just specifying security. That way you're continuing to keep your workload secure by, but you're locked to the version or um set of packages that you were originally using.

You also have the option to selectively consume updates for a specific package. Let's say you pick a package like OpenSSL and you know, you want to keep everything else the same but only continue to receive updates on OpenSSL. You have the option to specify release version equals later and specify the package name allowing you to consume selectively consume the updates that you want.

Now, this allows you to plan, gives you the flexibility and ability to plan your update, upgrade and migration cycles with limited downtime or limited impact to your business continuity with that. I'm going to hand it off to Chris to talk about the other aspect of OS maintenance, which is migrations.

Yes, thank you Pa um yeah, migration is the process to move from one major version to the next major version or skipping versions if you want to do that. Um this is a process that I think the industry at large has neglected too much. Um we are seeing customers staying too long on the old versions. Um one of the big mistakes we're seeing is that customers are designing services systems launch them. But during the whole process of creating the service or product, nobody ever spent a minute thinking about what is the process that I need to go through to update the OS to a newer version while the lifetime of this service. And that is a very crucial mistake that then is very painful.

So it's not super complicated. There are a few things you need to keep in mind. The most important one is a you should put this on the requirement list right from the get go right. Keep the OS up to date as possible. And you always run the latest major version to do that.

Separating your data from the operating system as much as possible is a very important guidance. So if you put your data and mix it right into the file system of the root volume. You will have a really hard time upgrading this host to a new operating system. What you should do instead is, create a separate volume and put your data and potentially even the application itself onto that separate volume. If you do that, you are in a much better position to move forward.

So what are the steps you need to go through to move to a new version of migrate to a new version of Amazon Linux here in this example, we're using Amazon Linux 2023 because it's the latest version. And um ideally, you should be coming from a 02. If you are still using a 01, which is by the way, end of life, end of this year, you really should do the migration now. Um but you can move from AL one to AL 2023 as well. It's just a little bit more complicated.

So first step you launch a new instance um that's uh primarily to make sure that your application is still compatible. Um so you launch a new instance, give it a go let your application one and then you need to watch out for a number of things that could have changed.

Um keep in mind, Amazon Linux 20 a AL two is being almost 10 years out now. So the changes that you see are essentially the progress that the open source community tens of thousands of developers have made over the past 10 years. That is a significant jump.

Um that's also one of the reasons why we are increasing the release cases with future Amazon Linux versions because we want you to not have to go to, to do these big jumps anymore.

Now, uh once you have launched the instance, watch out for a few things we already talked about. SELinux, uh it's in permissive mode so it shouldn't get in your way. Uh but it may be something you wanna consider because there are some new features now available that you wanna make use of. And that's primarily to put some guard rails in place that define what your application can do and anything outside of that should not be do or done. And that means uh it's usually considered a security violation.

So have a look at SELinux. Um the next area you definitely need to look at are the language runtime. So these are things like Perl Python, Ruby Java, etcetera. Um again, 10 years of development sits between what you have in AL two and what is now available uh in AL 2023.

Um one of the biggest changes is uh in Java because we've moved uh to the AWS Corretto uh JDK. Now, now this is not totally impossible and often you get away with a handful of changes in your code and your application is up and running again.

Um if you listen to the keynote this morning. Um we have announced um an AWS Code Whisperer feature that helps you in that migration. So essentially you can point Code Whisperer to your old code and ask it to migrate to a newer version of the language runtime and it will do the changes for you automatically. Great feature, go check it out now.

So once you have your application up and running, uh you need to be aware that we have changed. The package manager. DNF is the new package manager. This is not something that is specific to Amazon Linux, the whole RPM based world has made or is in the process to move from Yum. Um the old package manager front end to the new DNF, front end.

Um the commands and parameters are largely the same. Uh we even kept the old um uh Yum utility on the product. So if you're uh one of those forces that don't want to learn new tricks, you can still use it. Uh but I would recommend long term perspectively to move to DNF. Uh the commands are largely the same. You just need to type DNF, another area that you definitely need to have an eye on.

If you're using IMDS, the instance metadata service for security reasons, we had to make changes to it that are incompatible. Uh so, IMDS v2 reps uh presents the information in a different form. The file system layout is slightly different. So you will need to make sure that if your application is using IMDS uh that you are now using IMDS v2.

The army attributes control. If you are still having access to am bs v one, im bs v one is not by default available on amazon linux. So if you use the standard army, it's gonna automatically configure your infant to have im bs b two. So keep that in mind.

And last but not least, um we have included the latest version of the aws co i. Um usually we go at lengths to prevent api changes that are incompatible. So this should just run smoothly. But again, as with the language runtime or any of the packages, there may be new features that are useful within your application context that you now wanna make use of to, you know, make your applications perform better or uh add new features. So it's worth spending a look and uh making sure you're uh uh using the all the great power of the new services that are available to you.

So once that is done, we assume your application is running. Um so how do you make the switch? Um since we've separated the data from the operating system with different volumes, all you need to do is take one of your old hosts that you want to upgrade. Um create an ebs snapshot of the volume, then you turn that ebs snapshot that you've created into a new volume. And then once you launch the new instance, um then you just add the new volume and you have it available. So that allows you to do a rather smooth transition.

Keep in mind this is the cloud. So you don't have this problem that you used to have with old hardware that you had to take the server down and then uh install the new rs and then make sure you don't corrupt the data with aws instances are essentially almost for free. You can always just launch a new instance and then turn the old one down. So theoretically, you can switch your service live from the old operating system to the new operating system.

So um we already mentioned klarna. Um they were one of the first larger customers that we have that uh made um the transition um with some of the key services. And uh simon also provided another quote that i think it's worth sharing with you. Let me read that out for you.

So in karna, large scale container, i set up migrating to a 03, the 2023 significantly boosted our operational efficiency and security posture a l 2023 c groups v two support is key enabling features like container where oom killer and rootless container management vital to our infrastructure.

So like in the previous quote, there's a lot of stuff in there. So let me um uh take some of the things that they call out. So c groups v two is a feature of the linux kernel. Um that's how you manage certain uh security attributes. Um and c groups v two scales way better than the old original c groups implementation.

Um container aware out of memory killer oom killer. Yeah, this is something that hopefully most of you never had contact with. Um what that is is the feature in the linux kernel. Um if your instance runs out of memory because your, your applications are consuming so much memory that the kernel can't fulfill the request anymore. There is some logic in the kernel that assumes something is going really wrong and you have a rogue application or a rogue process in your uh instance that is consuming way more memory than it should and what it does, it kills that process.

So now you can add some guidance to the colonel and let it know what processes you never consider broke and you don't want to have killed. Um so this is typically like your main service uh process that handles your requests. If you're reasonably certain that that is not going broke, then you probably wanna uh eliminate that from the uh oom killer. But if you have some clean up jobs, for example, that suddenly, you know, hit a um like a symbolic link, uh endless loop or something and then goes out of memory. This is exactly what the om killer is designed to do good.

And then yes, uh this can be especially valuable in a container. Uh uh one i just want to call out, i think clama is using amazon linux 2023 in conjunction with the ecs. So a bunch of these features are exposed through that image as well. I just want to call that out. Yes. Although all of these features are available normals or even bare metal setups as well if you choose to use those good.

So um the final point on our list is cost and this one is actually relatively easy to cover uh because amazon linux is free. So there is no additional cost for you to use. Amazon linux, uh you are just paying for the uh normal aws resources that you are using anyway. So uh if, if cost is the decision factor for you, i don't think you can beat amazon linux. It's, it's definitely the cheapest option.

Um now, um did i push the button or no? Ok. Ok. good. Yes. So that one was easy.

Um finally, we wanna talk a little bit more about the philosophy behind amazon linux. So there are obviously a number of linux distributions out there. And in general, from an ec2 perspective, uh we do support all of the operating systems. We really don't care too much which operating system you want to run if you have a certain preference or a good reason to not run amazon in that is totally fine and we are working with those vendors to make sure that their workload is uh or their os is optimally tuned to aws as well.

But from experience, it is a lot easier for us to make the changes. Like if we launch a new instance, um this often happens behind the scene or hardware comes in relatively late. Um it is way easier for my engineering team to work with the team that runs uh the launch of the new instance um than any external vendor could do to make sure that right from the get go, things are optimally working. So that's one of the advantages um behind it.

Um now, other than that, we don't wanna be different, right? We don't want to make your life more complicated and we don't wanna do work that, you know, isn't generating any extra value. We are just like any other disco picking the packages from the open source repository. So uh we work with the open source community uh to curate the best possible set of uh packages that is available at the time that we create the distro and put this into one cohesive product.

As all of these things are open source, we're obviously abiding by the pla uh the uh the rules of the open source community or otherwise known as the licenses and we wanna be a good citizen. So all of the packages are available as open source. Again, they're on github. Um if you wanna check them out, you can uh do that.

And um we actually routinely take package requests and future requests using github issues. So if you ever, if you ever need anything in amazon linux, you can simply cut us an issue on github and we will take it through the regular prioritization sessions that we have for amazon linux.

And as we already pointed out, there are a few things that we do different. And this is to provide you the best possible operating system, we talked about deterministic updates. Hopefully, this is something you like if you run multiple hosts or many hosts and ideally have an environment where you are uh very careful with introducing changes through your system, have a, a proper qualification process that you want all of your changes, all of your new bits to go through that. Amazon linux supports this perfectly now because you can take this functionality, make sure that you qualify it to the degree that you need or want. And only once you have successfully completed the qualification step, then you can make sure all of your instances, update to the latest version or to that specific version that you have tested and not just some random version.

So in the past, with other operating systems or a l two or a 01, if you had multiple uh hosts, it depended on the time of the launch, which package that you have and that's not typically what you want if you run a large fleet of scale, right? You want to make sure that all of the hosts are bit for bit identical.

We also want to be the most secure operating system. So as pilla pointed out, we really go a long way to make sure we fix security issues as quickly as possible. We scan literally every cv, we can get our hands on, make sure uh if it's applicable to amazon linux that we get you the updates or the changes uh as quickly as possible, regardless of the severity rating that is assigned to these cv s.

Yes, this is important because if you want to check if you're using other discos, uh they may have different policies there. And um i think the internet, it has become a so hostile place that we don't have the luxury to only fix the stuff that we deem super important. And then finally, we have the release cadence and that is probably the most uh important reason why we may be different than other discos in terms of what packages uh uh we have or what versions of the package because we obviously wanna only introduce major changes with the major releases.

Uh so whenever we cut the distro and that is in our case, um uh the, the early part of the year, like uh this year, it was uh a march. Um then we take what's available and what we were able to uh to, to a, a comprehensive distribution. So keep that in mind.

Ok. I hope we were. Oh no, there's one more thing we want to talk about our partner ecosystem, talk so much about the stuff we do. But amazon linux isn't living in isolation, right. Amazon linux is a product that we do together with the open source community and a large set of cc of partners that we're working with.

Um here on the slide, you see uh uh subset this, this is not the full co it's just a subset of logos of the partners we are working with. As you can see, most of them, some are hardware vendors, some are software vendors. Um uh the software vendors mostly work on the qualification site. They make sure that their software runs well on amazon linux and we uh give them early access to make sure that they can qualify their software. So when we launch everything is in order if you are a partner in the audience and you want to participate in a qualification to be on the next slide. Next year, you want to be on the slide. Next year, we have this program called a of service ready. And in a few simple steps, you can just go online and click through the through the form and then sign up to do your qualification for amazon deluxe 2023 and future versions. Ok?

So let's conclude. So hopefully, we were able to explain you a little bit the idea of amazon linux, why you should be using it if you're not yet using it, if you're using an older version, um please consider migration. Uh hopefully, we've explained that this isn't an unsurmountable process is something that you should all be getting a very good exercise at, so you can do it regularly.

We will provide you updates as quickly as possible and major version releases on a predictable occasion, this will simplify your maintenance and make your service perform better and hopefully provide a better experience for your customers. It is always recommended to run the latest most secure version of the operating system. So you want to grab the latest army.

But if you, if your workloads are not fm room, and if you can't grab the latest army for whatever reason, then to take advantage of deterministic updates to regularly plan your update cycles with flexibility and uh within the windows. That makes sense for your business.

And you're still thinking of amazon l is, is the right version or some else try to, you know, look at the whole picture, right. Amazon linux is just the us. It's the foundation that you're operating, your application is standing on. But um the better it is integrated with the rest of aws, things like uh uh a, a systems manager or amazon inspector or cloudwatch, the better you can make use of these features. And obviously, that's just a small subset given that we have aws co i to interact with tons of other services. If you really wanna, you know, go all in on amazon linux or in aws, then amazon linux is probably the best route for you with that.

That brings us to the end of our presentation. I'm going to leave some resources for you to scan and learn more about. Uh we have our github page on there. We have our partner page if you're interested in being featured on the slide next year. Uh we have our amazon the next 2023 user guide that you can use to learn more about all of the features that we talked about and those that we didn't talk about today.

Thank you for attending the session and please don't forget to rate the session in your app. If you have questions, chris and i will be available on the site here to take any questions that you may have. Thank you for coming.