Amazon Linux is used as the primary operating system for running containerized backend services on EC2 and ECS. Amazon Linux 2023 serves as a base image for Docker containers and as the OS for host instances. With a mix of Graviton3 and x86-64 instances, having one OS optimized for both architectures without any extra configuration has been a real advantage.
When migrating the core API layer from Amazon Linux 2 to Amazon Linux 2023, average container cold start time dropped by around 25%. This improvement was largely thanks to boot time optimization in AL2023, with kernel configuration and cloud-init improvements making a noticeable difference. Kernel live patching allows critical fixes to be applied without rebooting instances, which has been significant for uptime requirements.
Amazon Linux 2023 is also used for data processing workers that run on Spot Instances, and the version locking feature has been especially useful in that context. All instances can be pinned to a specific repository snapshot so that a package update in deployment does not cause inconsistencies across the fleet. SELinux enforcing mode is leveraged to meet internal compliance requirements without having to write custom hardening scripts.
Three features stand out as the best that Amazon Linux offers. Kernel live patching is a game-changer for availability because being able to patch vulnerabilities without a reboot has been invaluable. The repository version locking provides deterministic, reproducible deployments. SELinux-by-default posture required some adjustment at first, but having a security-hardened baseline out of the box means less time spent on custom security configuration.
Kernel live patching alone probably saves the on-call team around ten to fifteen hours a month that previously went into scheduling maintenance windows for kernel updates. Version locking helps eliminate a whole class of deployment inconsistency bugs that were caused by package drift across environments. SELinux being pre-configured means the security team signs off on new deployments faster, whereas previously there was a back-and-forth that could delay releases by days.
The biggest organizational impact from Amazon Linux has been on deployment confidence and release velocity. Before AL2023, OS-level inconsistencies caused roughly twenty percent of production incidents. After standardizing on AL2023 with version locking and consistent AMI builds, that number dropped significantly. This also helped pass the SOC 2 audit faster because the security defaults were already aligned with what auditors were looking for. OS-related incident response time was reduced by about forty percent after moving to AL2023. Kernel live patching eliminated roughly six planned maintenance windows per year per cluster, which translates to real savings in engineering time and avoided customer downtime. Base AMI build time was trimmed by around thirty percent because there is no longer a need to layer on as many post-install hardening scripts.
The migration from Amazon Linux 2 to AL2023 was not completely painless, and some packages that were relied on were not available in the core repository and required using SPL, the Supplementary Package Repository, which comes with around-the-clock support. The documentation on SPL limitations could be clearer upfront so teams do not discover it mid-migration. SELinux enforcement, while beneficial for security, requires some ramp-up time for teams that have not worked with it before.
Better inline documentation with the OS itself would be valuable, especially clearer man pages for Amazon-specific tooling like the Amazon Linux Extras equivalent in AL2023. Debugging SELinux denials can be tricky without additional tools, so shipping something like audit2why or better integration with CloudWatch for SELinux logs out of the box would be a nice quality-of-life improvement.
I have been working with Amazon Linux for about three years, and the migration to Amazon Linux 2023 was completed roughly a year and a half ago.
Stability has been excellent with Amazon Linux. In about eighteen months of production use across hundreds of instances, there have been zero OS-level crashes or kernel panics. The version locking feature contributes significantly to this, and the environment is not caught off guard by a package update breaking something in production. Quarterly updates follow a predictable schedule, which makes release planning much more orderly.
Amazon Linux scales very well. The environment has grown from tens to hundreds of EC2 instances without any OS-level bottlenecks. Boot time optimization means new instances come online faster during auto-scaling events, which directly improves response during traffic spikes. There have been no issues running it across multiple AWS regions with consistent behavior everywhere.
