Amazon EKS optimized Amazon Linux AMIs - Amazon EKS

Amazon EKS optimized Amazon Linux AMIs

The Amazon EKS optimized Amazon Linux AMI is built on top of Amazon Linux 2, and is configured to serve as the base image for Amazon EKS nodes. The AMI is configured to work with Amazon EKS and it includes Docker, kubelet , and the AWS IAM Authenticator.

Note
  • You can track security or privacy events for Amazon Linux 2 at the Amazon Linux security center or subscribe to the associated RSS feed. Security and privacy events include an overview of the issue, what packages are affected, and how to update your instances to correct the issue.

  • Before deploying an accelerated or Arm AMI, review the information in Amazon EKS optimized accelerated Amazon Linux AMIs and Amazon EKS optimized Arm Amazon Linux AMIs.

  • Amazon EKS optimized Amazon Linux 2 contains an optional bootstrap flag to enable the containerd runtime. Kubernetes v1.21 will be the last version with Docker container runtime support. This feature provides you with a clear path to migrate to containerd. Containerd has been widely adopted in the Kubernetes community and is a graduated project with the CNCF. You can test it by adding a node group to a new or existing cluster. See Enable the containerd runtime bootstrap flag. When bootstrapped in Amazon EKS optimized accelerated Amazon Linux AMIs for v1.21, AWS Inferentia workloads are not supported.

Select a link in one of the following tables to view the latest Amazon EKS optimized Amazon Linux AMI ID for a Region and Kubernetes version. You can also retrieve the IDs with an AWS Systems Manager parameter using different tools. For more information, see Retrieving Amazon EKS optimized Amazon Linux AMI IDs.

1.21.2
Kubernetes version 1.21.2
Region x86 x86 accelerated Arm
US East (Ohio) (us-east-2) View AMI ID View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID View AMI ID
1.20.4
Kubernetes version 1.20.4
Region x86 x86 accelerated Arm
US East (Ohio) (us-east-2) View AMI ID View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID View AMI ID
1.19.6
Kubernetes version 1.19.6
Region x86 x86 accelerated Arm
US East (Ohio) (us-east-2) View AMI ID View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID View AMI ID
1.18.9
Kubernetes version 1.18.9
Region x86 x86 accelerated Arm
US East (Ohio) (us-east-2) View AMI ID View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID View AMI ID
1.17.12
Kubernetes version 1.17.12
Region x86 x86 accelerated Arm
US East (Ohio) (us-east-2) View AMI ID View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID View AMI ID
1.16.15
Kubernetes version 1.16.15
Region x86 x86 accelerated Arm
US East (Ohio) (us-east-2) View AMI ID View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID View AMI ID
Important

These AMIs require the latest AWS CloudFormation node template. You can't use these AMIs with a previous version of the node template; they will fail to join your cluster. Be sure to update any existing AWS CloudFormation node stacks with the latest template (URL shown below) before you attempt to use these AMIs.

https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-10-29/amazon-eks-nodegroup.yaml

The AWS CloudFormation node template launches your nodes with Amazon EC2 user data that triggers a specialized bootstrap script. This script allows your nodes to discover and connect to your cluster's control plane automatically. For more information, see Launching self-managed Amazon Linux nodes.

Enable the containerd runtime bootstrap flag

The Amazon EKS optimized Amazon Linux 2 AMI contains an optional bootstrap flag to enable the containerd runtime. This feature provides you with a clear path to migrate to containerd.

You can enable the boostrap flag by creating one of the following types of node groups.

  • Self-managed – Create the node group using the instructions in Launching self-managed Amazon Linux nodes. Specify an Amazon EKS optimized AMI and the following text for the BootstrapArguments parameter.

    --container-runtime containerd
  • Managed – If you use eksctl, create a file named my-nodegroup.yaml with the following contents. Replace the <example values> with your own values.

    apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: <my-cluster> region: <us-west-2> managedNodeGroups: - name: <my-nodegroup> ami: <eks-optimized-AMI-ID> overrideBootstrapCommand: | #!/bin/bash /etc/eks/bootstrap.sh <my-cluster> --container-runtime containerd

    Run the following command to create the node group.

    eksctl create nodegroup -f my-nodegroup.yaml --version 1.21

    If you prefer to use a different tool to create your managed node group, then you must deploy the node group using a launch template. In your launch template, specify an Amazon EKS optimized AMI ID, then deploy the node group using a launch template and provide the following user data. This user data passes arguments into the bootstrap.sh file. For more information about the bootstrap file, see bootstrap.sh on GitHub.

    /etc/eks/bootstrap.sh <my-cluster> \ --container-runtime containerd

Amazon EKS optimized accelerated Amazon Linux AMIs

The Amazon EKS optimized accelerated Amazon Linux AMI is built on top of the standard Amazon EKS optimized Amazon Linux AMI, and is configured to serve as an optional image for Amazon EKS nodes to support GPU and Inferentia based workloads.

In addition to the standard Amazon EKS optimized AMI configuration, the accelerated AMI includes the following:

  • NVIDIA drivers

  • The nvidia-container-runtime (as the default runtime)

  • AWS Neuron container runtime

Note
  • The Amazon EKS optimized accelerated AMI only supports GPU and Inferentia based instance types. Be sure to specify these instance types in your node AWS CloudFormation template. By using the Amazon EKS optimized accelerated AMI, you agree to NVIDIA's user license agreement (EULA).

  • The Amazon EKS optimized accelerated AMI was previously referred to as the Amazon EKS optimized AMI with GPU support.

  • Previous versions of the Amazon EKS optimized accelerated AMI installed the nvidia-docker repository. The repository is no longer included in Amazon EKS AMI version v20200529 and later.

To enable GPU based workloads

The following procedure describes how to run a workload on a GPU based instance with the Amazon EKS optimized accelerated AMI. For more information about using Inferentia based workloads, see Machine learning inference using AWS Inferentia.

  1. After your GPU nodes join your cluster, you must apply the NVIDIA device plugin for Kubernetes as a DaemonSet on your cluster with the following command.

    kubectl apply -f https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/v0.9.0/nvidia-device-plugin.yml
  2. You can verify that your nodes have allocatable GPUs with the following command:

    kubectl get nodes "-o=custom-columns=NAME:.metadata.name,GPU:.status.allocatable.nvidia\.com/gpu"

To deploy a pod to test that your GPU nodes are configured properly

  1. Create a file named nvidia-smi.yaml with the following contents. This manifest launches a Cuda container that runs nvidia-smi on a node.

    apiVersion: v1 kind: Pod metadata: name: nvidia-smi spec: restartPolicy: OnFailure containers: - name: nvidia-smi image: nvidia/cuda:9.2-devel args: - "nvidia-smi" resources: limits: nvidia.com/gpu: 1
  2. Apply the manifest with the following command:

    kubectl apply -f nvidia-smi.yaml
  3. After the pod has finished running, view its logs with the following command:

    kubectl logs nvidia-smi

    Output:

    Mon Aug 6 20:23:31 2018 +-----------------------------------------------------------------------------+ | NVIDIA-SMI 396.26 Driver Version: 396.26 | |-------------------------------+----------------------+----------------------+ | GPU Name Persistence-M| Bus-Id Disp.A | Volatile Uncorr. ECC | | Fan Temp Perf Pwr:Usage/Cap| Memory-Usage | GPU-Util Compute M. | |===============================+======================+======================| | 0 Tesla V100-SXM2... On | 00000000:00:1C.0 Off | 0 | | N/A 46C P0 47W / 300W | 0MiB / 16160MiB | 0% Default | +-------------------------------+----------------------+----------------------+ +-----------------------------------------------------------------------------+ | Processes: GPU Memory | | GPU PID Type Process name Usage | |=============================================================================| | No running processes found | +-----------------------------------------------------------------------------+

Amazon EKS optimized Arm Amazon Linux AMIs

Important

You can't use the Arm AMI in your region. Use the x86 AMI instead.

Arm instances deliver significant cost savings for scale-out and Arm-based applications such as web servers, containerized microservices, caching fleets, and distributed data stores. When adding Arm nodes to your cluster, review the following considerations.

Considerations

  • If your cluster was deployed before August 17, 2020, then you must do a one-time upgrade of critical cluster add-on manifests so that Kubernetes can pull the correct image for each hardware architecture in use in your cluster. For more information about updating cluster add-ons, see To update the Kubernetes version for your Amazon EKS cluster . If you deployed your cluster on or after August 17, 2020, then your coredns, kube-proxy, and Amazon VPC CNI Plugin for Kubernetes add-ons are already multi-architecture capable.

  • Applications deployed to Arm nodes must be compiled for Arm.

  • You can't use the Amazon FSx for Lustre CSI driver with Arm.

  • If you have any DaemonSets deployed in an existing cluster, or you want to deploy them to a new cluster that you also want to deploy Arm nodes in, then verify that your DaemonSet can run on all hardware architectures in your cluster.

  • You can run Arm node groups and x86 node groups in the same cluster. If you do, consider deploying multi-architecture container images to a container repository such as Amazon Elastic Container Registry and then adding node selectors to your manifests so that Kubernetes knows what hardware architecture a pod can be deployed to. For more information, see Pushing a multi-architecture image in the Amazon ECR User Guide and the Introducing multi-architecture container images for Amazon ECR blog post.