AWS has launched a new open-source operating system called AWS Bottlerocket that is designed specifically for running containers. The OS is based on Linux.
AWS Bottlerocket includes just the software needed for running containers, as well as a transactional update mechanism. According to AWS, this allows users to use container orchestration to run OS updates with minimal disruptions, leading to improved security and lower operational costs.
According to Amazon, Bottlerocket was created with a focus on security. It reduces attack exposure by only including essential software. It comes with Security-Enhanced Linux (SELinux) in enforcing mode, which adds extra isolation, and it uses Device Mapper’s verity target (dm-verity), which helps prevent rootkit-based attacks. Updates to Bottlerocket are also applied and can be rolled back in an atomic manner, which Amazon says simplifies update management.
“Most containers today run on general-purpose operating systems that are built to support applications packaged in a variety of formats. Such operating systems include hundreds of packages, and need frequent security and maintenance updates even though only a few of the packages are used for running a containerized application,” AWS wrote in a post.
Security updates and bug fixes for Bottlerocket will be made available for a three-year period after the first release.
AWS Bottlerocket can be viewed on GitHub here.