Login

Register

Login

Register

AWS Makes Bottlerocket AMI Generally Available. What Does It Mean? | #linux | #linuxsecurity | #cybersecurity | #infosecurity | #hacker



Amazon Web Services has recently announced the general availability of the Amazon ECS optimised Bottlerocket Amazon Machine Image (AMI) on all commercial AWS platforms. Bottlerocket is an open-source OS based on Linux, which is purpose-built to run containers. Bottlerocket includes only the software needed to run a container. It comes with a single step update mechanism that enables user to improve security posture and reduce maintenance required for Amazon ECS clusters. With the new release, users can also automate OS updates for Bottlerocket, improve application availability, and reduce disruptions.

Last year, Amazon had announced the general availability of Bottlerocket purpose-built to run containers.

Bottlerocket software

Bottlerocket’s root filesystem is read-only and is backed by dm-verity. It comes with Security-Enhanced Linux (SELinux) policies for additional isolation. Users can use AWS CloudFormation template, Bottlerocket ECS Updater for automatic rolling of OS updates for Amazon EC2 instances running Bottlerocket in users’ clusters.

Credit: Amazon

Bottlerocket’s main components include:

  • An admin container for advanced troubleshooting and debugging
  • Managing and orchestrating updates by integrations with container orchestrators such as the Amazon EKS platform.
  • A single step atomic update mechanism to apply and roll back OS updates.
  • Minimal operating system that includes Linux Kernel and systems software containerised as a container routine

The prerequisites for using Bottlerocket are– an AWS CLI with appropriate credentials; default VPC in a region of choice( user can use the VPC of your account); a key pair in user’s account to ensure remote access.

See Also


Following are the advantages of using Bottlerocket:

  • Improved security: It helps in enhancing safety and reducing moisture overhead from a user’s Amazon ECS clusters. All root files are marked as read-only and cannot be directly modified by userspace processes. The platform checks the integrity of exchanged containers by using a cryptographic digest. It uses dm-verity for its root filesystem image. Any anomaly or corruption can restart the whole process. Modifications are, however, made through APIs.
  • Simplified operational tasks/automated operating system updates: Updates in the platform are applied and rolled back in an atomic manner. AWS claims the process is as simple as updating your phone. This is achieved by two mechanisms in the updation process–two partition sets that use an active/passive flip to swap OS images and a declarative API with modelled settings for runtime configuration.
  • The software only includes the primary software required to run containers. This approach helps the consumers significantly reduce the attack surface and impact of vulnerabilities.
  • The software is open-sourced and universally available, making it subject to universal development, thus enabling customers, partners, and all interested parties to suggest code changes in its design and dataset.
  • The platform is also entirely supported by Amazon Web Services, which provides excellent support to its users like Amazon EC2, Amazon EKR, Amazon EKS, etc. It ensures that its users have the help they require at an arm’s length.

Wrapping up

While Bottlerocket is not the first operating system touted to most efficiently run containers, experts believe that it is going to see rapid growth.

Bottlerocket’s competitors include Red Hat owned CoreOS, Talos, and RancherOS. What makes it a cut above the rest is its tight integration with the native services in AWS, one of the leading public cloud providers, apart from its upgrading and security offerings. Bottlerocket can hook on to native AWS managed container services–EKS and ECS.


Join Our Telegram Group. Be part of an engaging online community. Join Here.

Subscribe to our Newsletter

Get the latest updates and relevant offers by sharing your email.

Meenal Sharma

I am a journalism undergrad who loves playing basketball and writing about finance and technology. I believe in the power of words.

Original Source link





Original Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


Ads

NATIONAL CYBER SECURITY RADIO

Ads

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW