Bottlerocket: AWS's attempt to give container innovation a boost

In August this year, AWS released its own open-source Linux distro “Bottlerocket” which is purpose-built to run containers on virtual machines or bare metal hosts. At first, it looks as if it’s just another bare-bones Linux OS that goes along the lines of Red Hat Enterprise Linux CoreOS, RancherOS, or Flatcar Container Linux. But in reality, Bottlerocket has a few qualities that set it apart.

The most obvious feature is that it’s integrated into AWS, which means the latter will be pushing it to make Bottlerocket a default OS in containers for those using Amazon Elastic Container Service (ECS) or Amazon Elastic Kubernetes Service (EKS).

To further enhance security, Amazon has written large parts of the distribution in Rust with some assembly language. Rust has helped Bottlerocket to ensure thread safety and prevent memory-related errors such as buffer overflows, that could potentially lead to security vulnerabilities. Rust, as mentioned in the example, was designed in part to build secure software easier.

Bottlerocket’s built-in security hardening helps simplify security compliance. Further, it also has a transactional update mechanism that enables the use of container orchestrators to automate OS updates and decrease operational costs. It also has a security-enhanced Linux in enforcing mode, which provides added security by isolating the container and its cluster's underlying operating system.

AWS has made it easy to update the OS by offering pretested updates that are applied in one step. With single-step updates, Bottlerocket has significantly reduced the complexity of updating the system which in turn reduces the update failures drastically and also increases container uptime. These updates can also be rolled back easily to a known good state in a similar fashion.

At present, Bottlerocket is available to users of ECS and EKS and is offered in all regions where AWS is available. It’s given at no extra cost other than the cost of the computing resources used. AWS has made Bottlerocket open source and is available on Github with the code being covered under Apache 2.0 and MIT licenses, with the Linux kernel remaining under its original licensing.

The reason why AWS has made the software open source is to help AWS’s efforts to be included in the type of cloud-neutral multi-cloud infrastructures that are being championed by vendors such as RedHat, Rancher, VMware, and others.

The key to success here will be whether vendors decide to take up the software for distribution, and it’s exactly what AWS aims to achieve through Apache and MIT licenses which would allow proprietary vendors to release their own versions of Bottlerocket.

Interested in implementing Bottlerocket? But worried about how-to? Reach out to us.

HashRoot offers AWS Managed Services which enables customers to achieve their IT needs by constantly innovating and upgrading their infrastructure with new technologies such as Bottlerocket. We’ve worked with organizations of different scales and have delivered their IT needs through strategic planning, implementation, and consistent delivery.

Do you have an infrastructure, be it AWS, Azure, or otherwise, that requires innovative planning and zero downtime with 24/7 monitoring? All of this, while being cost-effective?

HashRoot strives to deliver beyond.

Fahad M

Things To Consider Before Migrating to Cloud

Migrating to the Cloud: Why Move from On-premise to Cloud?

Confidential Computing: Safeguard your most valuable data

Modular Data Centers: Cloud in a box?