AL2023 on Amazon EC2
Use one of the following procedures to launch an Amazon EC2 instance with an AL2023 AMI. You can choose either the standard AMI, or the minimal AMI. For more information about the differences between the standard AMI and the minimal AMI, see Comparing AL2023 standard (default) and minimal AMIs.
Topics
- Launching AL2023 using the Amazon EC2 console
- Launching AL2023 using the SSM parameter and AWS CLI
- Launching the latest AL2023 AMI using AWS CloudFormation
- Launching AL2023 using a specific AMI ID
- AL2023 AMI deprecation and life cycle
- Connecting to AL2023 instances
- Comparing AL2023 standard and minimal AMIs
Launching AL2023 using the Amazon EC2 console
Use the Amazon EC2 console to launch an AL2023 AMI.
Note
For Arm-based instances, AL2023 only supports instance types that use Graviton2 or later processors. AL2023 doesn't support A1 instances.
Use the following steps to launch an Amazon EC2 instance with an AL2023 AMI from the Amazon EC2 console.
To launch an EC2 instance with an AL2023 AMI
-
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/
. -
In the navigation pane, choose AMIs.
-
From the filter drop-down, choose Public images.
-
In the search field, enter
al2023-ami
.Note
Make sure that amazon appears in the Owner alias column.
-
Select an image from the list. Under Source, you can determine whether the AMI is standard or minimal. An AL2023 AMI name can be interpreted by using this format:
'al2023-[ami || ami-minimal]-2023.0.[release build date].[build number]-kernel-[version number]-[arm64 || x86_64]'
-
The following image shows a partial list of AL2023 AMIs.
For more information about launching Amazon EC2 instances, see Get started with Amazon EC2 Linux instances in the Amazon EC2 User Guide.
Launching AL2023 using the SSM parameter and AWS CLI
In the AWS CLI, you can use an AMI's SSM parameter value to launch a new instance of
AL2023. More specifically, use one of the dynamic SSM parameter values from the following
list, and add /aws/service/ami-amazon-linux-latest/
before the SSM parameter
value/. You use this to launch the instance in the AWS CLI.
-
al2023-ami-kernel-default-arm64
for arm64 architecture -
al2023-ami-minimal-kernel-default-arm64
for arm64 architecture (minimal AMI) -
al2023-ami-kernel-default-x86_64
for x86_64 architecture -
al2023-ami-minimal-kernel-default-x86_64
for x86_64 architecture (minimal AMI)
Note
Each of the italic
items is an example parameter. Replace them with your own
information.
$
aws ec2 run-instances \ --image-id \ resolve:ssm:/aws/service/ami-amazon-linux-latest/
al2023-ami-kernel-default-x86_64
\ --instance-typem5.xlarge
\ --regionus-east-1
\ --key-nameaws-key-us-east-1
\ --security-group-idssg-004a7650
The --image-id
flag specifies the SSM parameter value.
The --instance-type
flag specifies the type and size of the instance. This flag must be compatible
with the AMI type that you selected.
The --region
flag specifies the AWS Region where you create your instance.
The --key-name
flag specifies the AWS Region's key that's used to connect to the instance. If you
don't provide a key that exists in the Region where you create the instance, you can't connect to the instance using
SSH.
The --security-group-ids
flag specifies the security group that determines the access permissions
for inbound and outbound network traffic.
Important
The AWS CLI requires that you specify an existing security group that allows access to the instance from your remote machine over port TCP:22. Without a specified security group, your new instance are placed in a default security group. In a default security group, your instance can only connect with the other instances within your VPC.
For more information, see Launching, listing, and terminating Amazon EC2 instances in the AWS Command Line Interface User Guide.
Launching the latest AL2023 AMI using AWS CloudFormation
To launch an AL2023 AMI using AWS CloudFormation, use one of the following templates.
Note
The x86_64
and Arm64
AMIs each require different instance types. For more
information, see Amazon EC2 Instance Types
JSON
template:
{ "Parameters": { "LatestAmiId": { "Type": "AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>", "Default": "/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64" } }, "Resources": { "MyEC2Instance": { "Type": "AWS::EC2::Instance", "Properties": { "InstanceType": "t2.large", "ImageId": { "Ref": "LatestAmiId" } } } } }
YAML
template:
Parameters: LatestAmiId: Type: 'AWS::SSM::Parameter::Value<AWS::EC2::Image::Id>' Default: '/aws/service/ami-amazon-linux-latest/al2023-ami-minimal-kernel-default-x86_64' Resources: Instance: Type: 'AWS::EC2::Instance' Properties: InstanceType: 't2.large' ImageId: !Ref LatestAmiId
Make sure to replace the AMI parameter at the end of the "Default" section, if needed. The following parameter values are available:
-
al2023-ami-kernel-6.1-arm64
for arm64 architecture -
al2023-ami-minimal-kernel-6.1-arm64
for arm64 architecture (minimal AMI) -
al2023-ami-kernel-6.1-x86_64
for x86_64 architecture -
al2023-ami-minimal-kernel-6.1-x86_64
for x86_64 architecture (minimal AMI)
The following are dynamic kernel specifications. The default kernel version automatically changes with each major kernel version update.
-
al2023-ami-kernel-default-arm64
for arm64 architecture -
al2023-ami-minimal-kernel-default-arm64
for arm64 architecture (minimal AMI) -
al2023-ami-kernel-default-x86_64
for x86_64 architecture -
al2023-ami-minimal-kernel-default-x86_64
for x86_64 architecture (minimal AMI)
Launching AL2023 using a specific AMI ID
You can launch a specific AL2023 AMI using the AMI ID. You can determine which AL2023 AMI ID is needed by
looking at the AMI list in the Amazon EC2 console. Or, you can use AWS Systems Manager. If you're using Systems Manager, make sure to
select the AMI alias from those that are listed in the previous section. For more information, see Query for
the latest Amazon Linux AMI IDs using AWS Systems Manager Parameter Store
AL2023 AMI deprecation and life cycle
Each new AL2023 release includes a new AMI. When the AMI is registered, it's marked with a deprecation date. The deprecation date for each AL2023 AMI is 90 days from the time it was released to match the time period that Kernel Live Patching on AL2023 is offered for each individual kernel release.
Note
The 90 day deprecation date refers to an individual AMI and doesn’t refer to the AL2023 Release cadence or product support period.
For more information about AMI deprecation, see Deprecate an AMI in the Amazon EC2 User Guide.
Regularly using an updated AMI to launch an instance ensures that the instance starts with the latest security updates, including an updated kernel. If you launch a previous version of an AMI and apply updates, there is a period of time that the instance doesn't have the latest security updates. To ensure you're using the latest AMI, we recommend that you use SSM parameters.
For more information about using SSM parameters to launch an instance, see: