Amazon Web Services’s BottleRocket Linux is a minimalist operating system, designed for running nothing except Docker containers. It’s open-source, and focused on performance and security, and is going to be the default for Elastic Container Service going forward.
BottleRocket Only Runs Containers
BottleRocket is highly focused on just being a platform for running Docker containers, similarly to lightweight hypervisors like Hyper-V, VMWare, or Proxmox. Except instead of running other operating systems, BottleRocket runs Docker containers.
Cutting out a lot of stuff that isn’t necessary allows BottleRocket to be lightweight and performant. This reduces usage costs, for both Amazon and the consumer. Also, having fewer packages installed leads to better security, as it decreases the potential attack surface.
Besides being lightweight, BottleRocket is designed to be very secure. Security is a big focus, especially considering containers aren’t running on separate operating systems and are instead separated using Linux namespaces and other containerization techniques.
Updates to BottleRocket are deployed in a single step, as one big update. This makes updates a lot easier compared to general purpose distributions like AWS Linux and Ubuntu, which usually update package by package. OS updates can also be rolled back in the same way, in the event that something breaks. It also offers Kernel Live Patching by default, which allows for continuous updates to low-level code without stopping the server and the containers running on it.
Amazon has written a large part of the distribution in Rust, a new programming language that’s very secure compared to languages with manual memory management, like C++, while offering similar performance using a novel system of ownership. This allows for the power and flexibility of memory-safe garbage collected languages like C#, while retaining all the speed of lower-level code.
BottleRocket Is Open Source
AWS is making BottleRocket generally available as an AMI for containers deployed on Elastic Container Service and Elastic Kubernetes Service, replacing distributions like Amazon Linux 2.
BottleRocket is entirely open source, released under Apache 2.0 and MIT licenses, leaving customers free to modify it to support their own orchestration technologies or third-party code. Considering AWS’s recent efforts into expanding their hybrid cloud offerings, the open source approach makes sense.