HAQM ECS-optimized HAQM Linux AMI End-of-Life

Update April 16, 2021 – The HAQM ECS-optimized HAQM Linux AMI ended its standard support on April 15, 2021 and has entered a maintenance support phase.

Since its launch in 2015, the HAQM ECS-optimized HAQM Linux AMI has helped a number of customers build containerized Linux-based applications on HAQM Elastic Compute Cloud (EC2). The AMI has enabled customers to get their containerized applications up and running by bundling the HAQM ECS Container Agent, Docker daemon, and Docker runtime dependencies with the latest HAQM Linux OS version. To bring enhance security, stability, and productivity, we introduced the HAQM ECS-optimized HAQM Linux 2 AMI in October 2018. This enabled HAQM ECS customers to harness the stability and security benefits of the HAQM Linux 2 OS with no extra effort.

On December 31, 2020, the HAQM Linux AMI ended its standard support and entered a new maintenance support phase. During this maintenance support period:

• The HAQM Linux AMI will only receive critical and important security updates for a reduced set of packages.
• It will no longer be guaranteed to support new EC2 platform capabilities, or new AWS features.

As a result, on April 15, 2021, the HAQM ECS-optimized HAQM Linux AMI will be ending its standard support phase and will enter a maintenance support phase. In the maintenance support phase, HAQM ECS will continue providing critical and important security updates for a reduced list of packages. During this period, HAQM ECS will no longer add support for new EC2 instance types, new services and features, and new packages to the HAQM ECS-optimized HAQM Linux AMI. Instead, this AMI will receive updates only for critical and important security fixes that apply to a reduced set of packages. The maintenance support period will end on June 30, 2023.

HAQM ECS customers who are currently using the HAQM ECS-optimized HAQM Linux AMI should migrate to the HAQM ECS-optimized HAQM Linux 2 AMI. Since the same HAQM ECS container agent version and Docker daemon version are packaged with both these AMIs, the only differences between the two AMIs come from the underlying OS version. In most cases, you should be able to simply deploy an application that you are currently running on an instance using the HAQM ECS-optimized HAQM Linux AMI to an instance that is using the HAQM ECS-Optimized HAQM Linux 2 AMI.

You can refer to this blog post for guidance on how to refresh the container instances in your active HAQM ECS cluster with instances built from a newly released AMI using EC2 Auto Scaling Groups. For customers who do not use EC2 Auto Scaling Groups, the process remains the same but will need to be performed manually. To ensure that this happens in a safe manner we recommend adding AL2 instances to your ECS cluster, and then migrating traffic off AL1 instances slowly by setting the ECS instance state to DRAINING. This will gracefully terminate running HAQM ECS Tasks on the instance and HAQM ECS will automatically replace these Tasks to available capacity in the cluster. After all Tasks on the AL1 instance have been terminated, you can terminate the instance. Once you are comfortable that your application is behaving normally on the new instance, you can then repeat this process for other instances in your cluster.

While most customers do not face any issues during this migration, the following differences between the HAQM ECS-optimized HAQM Linux and HAQM ECS Optimized HAQM Linux 2 AMI are worth noting:

• HAQM Linux 2 uses ‘systemd’ for its service management while HAQM Linux uses ‘init.d’. Systemd has a more robust model for service dependencies and service start ordering. Hence, in the HAQM ECS-optimized HAQM Linux 2 the Docker and HAQM ECS services both depend on the user data script running before they can be started or restarted. This means that you cannot do systemctl restart docker or systemctl restart ecs in user data.
  • One potential workaround is to use the --no-block flag. ie, systemctl start ecs --no-block
  • This also means that HAQM Linux 2 user data scripts should not attempt to wait for HAQM ECS or Docker services to start before exiting, as this condition will never satisfy.
  • Since the HAQM ECS service starts after user data, the user data script also cannot wait for the instance to join the HAQM ECS cluster before exiting. The instance will never join the cluster until after the user data script exits.
• Docker on the HAQM ECS-optimized HAQM Linux 2 AMI utilizes the overlay2 storage driver, while the HAQM ECS-optimized HAQM Linux AMI uses the deprecated devicemapper driver. Migrating from the HAQM Linux to HAQM Linux 2 AMI will yield an I/O performance improvement for most workloads.

You can find more technical details on support for the HAQM Linux AMI here. We will continue to update this post as we hear more from customers.