Amazon Linux 2 FAQs
Select your cookie preferences
We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.
If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”
Accept Decline Customize
Customize cookie preferences
We use cookies and similar tools (collectively, "cookies") for the following purposes.
Essential
Essential cookies are necessary to provide our site and services and cannot be deactivated. They are usually set in response to your actions on the site, such as setting your privacy preferences, signing in, or filling in forms.
- [x]
Allowed
Performance
Performance cookies provide anonymous statistics about how customers navigate our site so we can improve site experience and performance. Approved third parties may perform analytics on our behalf, but they cannot use the data for their own purposes.
- [x]
Allowed
Functional
Functional cookies help us provide useful site features, remember your preferences, and display relevant content. Approved third parties may set these cookies to provide certain site features. If you do not allow these cookies, then some or all of these services may not function properly.
- [x]
Allowed
Advertising
Advertising cookies may be set through our site by us or our advertising partners and help us deliver relevant marketing content. If you do not allow these cookies, you will experience less relevant advertising.
- [x]
Allowed
Blocking some types of cookies may impact your experience of our sites. You may review and change your choices at any time by selecting Cookie preferences in the footer of this site. We and selected third-parties use cookies or similar technologies as specified in theAWS Cookie Notice.
Cancel Save preferences
Your privacy choices
We and our advertising partners (“we”) may use information we collect from or about you to show you ads on other websites and online services. Under certain laws, this activity is referred to as “cross-context behavioral advertising” or “targeted advertising.”
To opt out of our use of cookies or similar technologies to engage in these activities, select “Opt out of cross-context behavioral ads” and “Save preferences” below. If you clear your browser cookies or visit this site from a different device or browser, you will need to make your selection again. For more information about cookies and how we use them, read ourCookie Notice.
Allow cross-context behavioral ads Opt out of cross-context behavioral ads
To opt out of the use of other identifiers, such as contact information, for these activities, fill out the formhere.
For more information about how AWS handles your information, read theAWS Privacy Notice.
Cancel Save preferences
Unable to save cookie preferences
We will only store essential cookies at this time, because we were unable to save your cookie preferences.
If you want to change your cookie preferences, try again later using the link in the AWS console footer, or contact support if the problem persists.
Dismiss
[](https://aws.amazon.com/?nc2=h_home)
- Filter: All
*
*
- English
- Support
- My account
*
- [](https://aws.amazon.com/?nc2=h_home)
- Discover AWS
- Products
- Solutions
- Pricing
- Resources
- Search
Filter: All
Amazon Linux 2
- Overview
- Features
- FAQs
- Partners
- Compute
- FAQs
Amazon Linux 2 FAQs
- Support for Amazon Linux 2 LTS Candidates and Amazon Linux AMI 5
General Questions
What is Amazon Linux 2?
Amazon Linux 2 is an Amazon Linux operating system that provides modern application environment with the latest enhancements from the Linux community and offers long-term support. In addition to Amazon Machine Images (AMI) and container image formats, Amazon Linux 2 is available as a virtual machine image for on-premises development and testing, enabling you to easily develop, test, and certify your applications right from your local development environment.
When will support for Amazon Linux 2 end?
Amazon Linux 2 end of support date (End of Life, or EOL) will be on 2026-06-30.
Should we wait for the next version after AL2023 to upgrade directly from AL2
Customers need to migrate to Amazon Linux 2023 (AL2023) prior to the AL2’s end of support (EOS) on June 30, 2026 [Refer Q2]. AWS will not launch new Amazon Linux versions in 2025 or 2026. AWS will provide one-year advance notice before launching new OS versions to help you plan your migrations. AL2023 is the latest version of Amazon Linux which offers enhanced security features including FIPS certification, modern package versions, improved performance, and support until June 2029. For best practices on AL2023 Migration, refer here.
What are the differences between Amazon Linux 2 and Amazon Linux 2023?
Please refer to the documentation to learn more about the major differences between these distributions.
What are the benefits of using Amazon Linux 2?
Amazon Linux 2 supports the latest Amazon Elastic Compute Cloud (Amazon EC2) instance features and includes packages that enable easy integration with AWS. It is optimized for use in Amazon EC2 with a latest and tuned Linux kernel version. As a result, many customer workloads perform better on Amazon Linux 2. Amazon Linux 2 is available as on-prem virtual machine images allowing local development and test.
Which workloads or use cases are supported with Amazon Linux 2?
Amazon Linux 2 is suited for a wide variety of virtualized and containerized workloads such as databases, data analytics, line-of-business applications, web and desktop applications, and more in production contexts. It is also available for use on EC2 Bare Metal Instances as both a bare metal OS and a virtualization host.
What are the core components of Amazon Linux 2?
The core components of Amazon Linux 2 are:
1. A Linux kernel tuned for performance on Amazon EC2.
2. A set of core packages including systemd, GCC 7.3, Glibc 2.26, Binutils 2.29.1 that receive Long Term Support (LTS) from AWS.
3. An extras channel for rapidly evolving technologies that are likely to be updated frequently and outside the Long Term Support (LTS) model.
How is Amazon Linux 2 different from Amazon Linux AMI?
The primary differences between Amazon Linux 2 and Amazon Linux AMI are: 1. Amazon Linux 2 is available as virtual machine images for on-premises development and testing.
2. Amazon Linux 2 provides the systemd service and systems manager as opposed to System V init system in Amazon Linux AMI.
3. Amazon Linux 2 comes with an updated Linux kernel, C library, compiler, and tools.
4. Amazon Linux 2 provides the ability to install additional software packages through the extras mechanism.
How can I get started with using Amazon Linux 2 on AWS?
AWS provides an Amazon Machine Image (AMI) for Amazon Linux 2 that you can use to launch an instance from the Amazon EC2 console, AWS SDK, and CLI. Refer to Amazon Linux documentation for more details.
Are there any costs associated with running Amazon Linux 2 in Amazon EC2?
No, there is no additional charge for running Amazon Linux 2. Standard Amazon EC2 and AWS charges apply for running Amazon EC2 instances and other services.
Which Amazon EC2 instance types does Amazon Linux 2 support?
Amazon Linux 2 supports all Amazon EC2 instance types that support HVM AMIs. Amazon Linux 2 does not support older instances that require paravirtualization (PV) functionality.
Does Amazon Linux 2 support 32-bit applications and libraries?
Yes, Amazon Linux 2 supports 32-bit applications and libraries. If you are running on a version of Amazon Linux 2 that was launched before 10/04/2018, you can run “yum upgrade” to get the full 32-bit support.
Does Amazon Linux 2 come with a Graphical User Interface (GUI) desktop?
Yes, the MATE desktop environment is provided as an extra in Amazon Linux 2. Amazon Workspaces provides cloud Amazon Linux 2 based cloud desktops with a GUI. You can learn more here .
Can I view the source code for Amazon Linux 2 components?
Yes. The yumdownloader --source tool in Amazon Linux 2 provides source code access for many components.
Why is Python 2.7 still part of Amazon Linux 2?
We will continue to provide critical security patches for Python 2 as per our LTS commitment for Amazon Linux 2 core packages even though the upstream Python community declared Python 2.7 End Of Life in January 2020.
Should I migrate my code to Python 3 and away from Python 2.7?
We strongly recommend our customers install Python 3 on their Amazon Linux 2 systems and migrate their code and applications to Python 3.
Is Amazon Linux 2 moving away from Python 2.7?
There are no plans to change the default Python interpreter. It is our intention to retain Python 2.7 as the default for the lifetime of Amazon Linux 2. We will backport security fixes to our Python 2.7 packages as needed.
Why does Amazon Linux 2 not switch away from Python 2.7 for the 'yum' package manager, or move to DNF, which is Python 3 based?
During a LTS release of the Operating System, the risk of making fundamental changes to, replacing, or adding another package manager is extremely high. Thus, in planning our Python 3 migration for Amazon Linux, we made the decision to do this across a major release boundary rather than within Amazon Linux 2. This is an approach shared by other RPM based Linux distributions, even ones without LTS commitments.
How is kernel 5.10 different from kernel 4.14?
Kernel 5.10 brings a number of features and performance improvements - including optimizations for Intel Ice Lake processors and Graviton 2 powering the latest generation EC2 instances.
From a security standpoint, customers benefit from WireGuard VPN that helps setup an effective virtual private network with low attack surface and allows encryption with less overhead. Kernel 5.10 also brings a kernel lockdown feature to prevent unauthorized modification of the kernel image and a number of BPF improvements, including the CO-RE (Compile Once - Run Everywhere).
Customers with intensive input-output operations will benefit from better write performance, safer sharing of io_uring rings between processes for faster input-output operations, and support of the new exFAT system for better compatibility with storage devices. With the addition of MultiPath TCP (MPTCP), customers with several network interfaces can combine all available network paths to increase throughput and reduce network failures.
Long Term Support
What is included in the Long Term Support for Amazon Linux 2?
Long-term support for Amazon Linux 2 only applies to core packages and includes:
1) AWS will provide security updates and bug fixes for all packages in core.
2) AWS will maintain user-space Application Binary Interface (ABI) compatibility for the following packages in core:
elfutils-libelf, glibc, glibc-utils, hesiod, krb5-libs, libgcc, libgomp, libstdc++, libtbb.so, libtbbmalloc.so, libtbbmalloc_proxy.so, libusb, libxml2, libxslt, pam, audit-libs, audit-libs-python, bzip2-libs, c-ares, clutter, cups-libs, cyrus-sasl-gssapi, cyrus-sasl-lib, cyrus-sasl-md5, dbus-glib, dbus-libs, elfutils-libs, expat, fuse-libs, glib2, gmp, gnutls, httpd, libICE, libSM, libX11, libXau, libXaw, libXext, libXft, libXi, libXinerama, libXpm, libXrandr, libXrender, libXt, libXtst, libacl, libaio, libatomic, libattr, libblkid, libcap-ng, libdb, libdb-cxx, libgudev1, libhugetlbfs, libnotify, libpfm, libsmbclient, libtalloc, libtdb, libtevent, libusb, libuuid, ncurses-libs, nss, nss-sysinit, numactl, openssl, p11-kit, papi, pcre, perl, perl-Digest-SHA, perl-Time-Piece, perl-libs, popt, python, python-libs, readline, realmd, ruby, scl-utils, sqlite, systemd-libs, systemtap, tcl, tcp_wrappers-libs, xz-libs, and zlib
3) AWS will provide Application Binary Interface (ABI) compatibility for all other packages in core unless providing such compatibility is not possible for reasons beyond AWS’s control.
Does Amazon Linux 2 maintain kernel-space ABI compatibility?
No, Amazon Linux 2 does not maintain kernel-space ABI compatibility. If there is a change in the upstream Linux kernel that breaks ABI stability, then your applications that rely on third-party kernel drivers may require additional modifications.
Does AWS backport security fixes for Amazon Linux 2?
Yes. Amazon routinely takes fixes out of the most recent version of upstream software packages and applies it to the version of the package in Amazon Linux 2. During this process, Amazon isolates the fix from any other changes, ensures that the fixes do not introduce unwanted side effects, and then applies the fixes.
Do the long-term support policies apply to extras topics?
The contents of extras topics are exempt from the Amazon Linux policy on long-term support and binary compatibility. Extras topics provide access to a curated list of rapidly evolving technologies and are likely to be updated frequently. When new versions of packages in extras topics are released, support will be provided only for the most current packages. Over time, these technologies will continue to mature and stabilize and may eventually be added to the Amazon Linux 2 "core" repositories to which the Amazon Linux 2 Long Term Support policies apply.
Will additional Amazon Linux 2 builds be provided after the LTS builds are released?
Yes. New builds will point to the same repositories and include the cumulative set of security and feature updates to prevent the need to apply outstanding updates.
Where can I get updates for Amazon Linux 2?
Updates for Amazon Linux 2 are provided with a pre-configured repository hosted in each AWS region. On the initial launch of a new instance, Amazon Linux attempts to install any user space security updates that are rated critical or important. You can also enable or disable automatic installation of critical and important security patches at the time of instance launch.
How can I automate security patching on Amazon Linux 2 at scale?
AWS Systems Manager Patch Manager works with Amazon Linux 2 to automate the process of patching Amazon Linux 2 instances at scale. Patch Manager can scan for missing patches, or scan and install missing patches to large groups of instances. Systems Manager Patch Manager can also be used to install patches for non-security updates.
What premium support options are available for Amazon Linux 2?
Support for Amazon Linux 2 use on Amazon Web Services (AWS) is included through subscriptions to AWS Support.
AWS Support does not currently cover the on-premises use of Amazon Linux 2. The Amazon Linux 2 forum and Amazon Linux 2 documentation are the primary sources of support for the on-premises use of Amazon Linux 2. You can post questions, report bugs, and feature requests on the Amazon Linux 2 forums.
Support for Amazon Linux 2 LTS Candidates and Amazon Linux AMI
Can I perform a rolling upgrade from Amazon Linux 2 LTS Candidate 2 to the LTS version of Amazon Linux 2?
Yes, a rolling upgrade from Amazon Linux 2 LTS Candidate 2 to Amazon Linux 2 is possible. However, changes in the final LTS build that may cause breakage of your application. We recommend that you test your application on a fresh installation of Amazon Linux 2 first before migrating.
Will AWS support Amazon Linux AMI going forward?
Yes. To facilitate migration to Amazon Linux 2, AWS will provide security updates for the last version of Amazon Linux and container image until December 31, 2020. You can also use all your existing support channels such as AWS Premium Support and Amazon Linux Discussion Forum to continue to submit support requests.
Is Amazon Linux 2 backward compatible with the existing version of Amazon Linux AMI?
Due to the inclusion of components such as systemd in Amazon Linux 2, your applications running on the current version of Amazon Linux may require additional changes to run on Amazon Linux 2.
Can I perform an in-place upgrade from an existing version of Amazon Linux AMI to Amazon Linux 2?
No, an in-place upgrade from the existing Amazon Linux image to Amazon Linux 2 is not supported. We recommend that you test your application on a fresh installation of Amazon Linux 2 first before migrating.
Can I perform a rolling upgrade on instances running Amazon Linux AMI to Amazon Linux 2?
No, your instances running Amazon Linux will not be upgraded to Amazon Linux 2 with rolling upgrade mechanisms. Therefore, there is no disruption to your existing applications. Refer to Amazon Linux documentation and migration tooling for more details.
On-premises Use
Which on-premises virtualization platforms does Amazon Linux 2 run on?
Amazon Linux 2 virtual machine images are currently available for KVM, Microsoft Hyper-V, Oracle VM VirtualBox, and VMware ESXi virtualization platforms for development and testing use. We are pursuing certification for these virtualization platforms.
How can I get started with using Amazon Linux 2 virtual machine image in my local dev environment?
A virtual machine image for each supported hypervisor is available for download. After downloading the image, follow the Amazon Linux documentation to get started.
Are there any costs associated with running Amazon Linux 2 on-premises?
No, there is no additional charge for running Amazon Linux 2 on-premises.
Is an AWS account required for running Amazon Linux 2 on-premises?
No, there is no need for an AWS account to run Amazon Linux 2 on-premises.
What are the minimum systems requirement for running Amazon Linux 2?
At a minimum, Amazon Linux 2 needs a 64-bit virtual machine with 512 MB of memory, 1 virtual CPU, and an emulated BIOS.
Will on-prem VM images of Amazon Linux 2 get security updates from AWS?
Yes, AWS will provide security updates and bug fixes for all packages in core. Additionally, AWS will maintain user-space Application Binary Interface (ABI) compatibility for the following packages in core .
Can I get paid support for on-premises VM images of Amazon Linux 2 from AWS Support?
No, at this time AWS Support does not offer paid support for Amazon Linux 2 VMs running on-premises. Community support through the Amazon Linux 2 forums is the primary source of support for answering questions and resolving issues originating from on-premises use. Amazon Linux 2 documentation provides guidance to get your Amazon Linux 2 virtual machines and containers operational, configuring the OS, and installing applications.
Amazon Linux Security
How does Amazon Linux assess CVEs?
Amazon Linux assesses Common Vulnerabilities and Exposures (CVEs) discovered through their internal process, evaluates the potential risk to their products, and take actions such as issuing a security update or advisory. CVEs are given a Common Vulnerability Scoring System (CVSS) score, which is a standard method for scoring and ranking the severity of vulnerabilities. The primary source for CVE data is the National Vulnerability Database (NVD). Amazon Linux also gathers security intelligence from other sources, such as vendor advisories, and reports from customers and researchers. Learn more >>
Why does a security scanner report an unfixed CVE in an Amazon Linux package when an Amazon Linux Security Advisory claims the CVE to be fixed in that version?
Amazon Linux, like most Linux distributions, routinely backports security fixes to stable package versions vended in its repositories. When these packages are updated with a backport, the Amazon Linux security bulletin for the particular issue will list the specific package version(s) in which the issue is fixed for Amazon Linux. Security scanners that rely on versioning from a project’s authors sometimes won’t pick up that a given CVE fix has been applied in an older version. Customers can refer to Amazon Linux Security Center (ALAS) for updates regarding security issues and fixes.
How does Amazon Linux communicate the severity of a security issue?
Amazon Linux Security communicates security advisories that affect Amazon Linux products on Amazon Linux Security Center (ALAS). Security advisories typically include Advisory ID, severity of the issue, CVE ID, advisory overview, affected packages, and issue correction. CVEs referenced in the advisory will have a CVSS score (we use CVSSv3 scores but CVEs older than 2018 may have a CVSSv2 score) and vector for the affected packages. The score is a decimal value between 0-10, with the higher scores indicating a more severe vulnerability. Amazon Linux aligns with the open framework CVSSv3 calculator score to determine the base metric. The rating is how we communicate the severity of security issues to our customers. Customers can combine these ratings with the key characteristics of their environment for a more appropriate risk assessment.
How can customers stay up-to-date on security advisories from Amazon Linux?
Amazon Linux offers human and machine consumable security advisories, in which customer can subscribe to our RSS feeds or configure scanning tools to parse HTML. Feeds for our products can be found here:
Amazon Linux 1 / Amazon Linux 1 RSS
Amazon Linux 2 / Amazon Linux 2 RSS
Amazon Linux 2023 / Amazon Linux 2023 RSS
AL2 FIPS FAQ
What is FIPS 140-2?
Federal Information Processing Standard (FIPS) 140-2 specified the security requirements for cryptographic modules that protect sensitive information. In September 2020, Cryptographic Module Validation Program (CMVP) moved to FIPS 140-3 and no longer accepts FIPS 140-2 submissions for new validation certificates.
Modules validated as conforming to FIPS 140-2 will continue to be accepted by the Federal agencies of both countries for the protection of sensitive information (United States) or Designated Information (Canada) through September 21, 2026. After that time CMVP will place all FIPS 140-2 validated modules on the historical list.
How do I enable FIPS on Amazon Linux 2?
The instructions of enabling FIPS mode can be found in Enable FIPS Mode.
Is Amazon Linux 2 FIPS validated?
Amazon Linux 2 cryptographic modules (OpenSSL, Libgcrypt, NSS, GnuTLS, Kernel modules) are FIPS 140-2 validated. For more details, please visit CMVP website.
What is AL2 FIPS Status?
**Cryptographic Module Name****Associated Packages****Status****Certification Number****Certification Expiration Date** OpenSSL openssl1.0.2k Historical454810/22/2024 Libgcrypt libgcrypt-1.5 Historical36182/18/2025 NSS nss-softokn-3.36/nss-softokn-freebl-3.36.Historical45654/19/2025 GnuTLS gnutls-3.3 Historical44724/19/2025 Kernel Crypto API kernel-4.14 Active45939/13/2025
How can I be compliant with FIPS on AL2 after October 2024?
AL2 FIPS certifications started to sunset gradually from October, 2024 onwards. It is likely that AL2 FIPS validated modules will be in historical status before AL2023 cryptographic modules complete FIPS validations. The FIPS 140-3 Cryptographic Module Validation Program Management Manual(Section 4.8) defines "Historical" as the following _:Historical – Agencies may make a risk determination on whether to continue using this module based on their own assessment of where and how it is used. For more details, please visit the CMVP webpage_.AWS recommends to migrate to AL2023 or consult your compliance team on the use of AL2 FIPS validated modules in historical status.
On what operating environments was Amazon Linux 2 testing conducted?
AL2 OpenSSL, NSS, Libgcrypt, Kernel and GnuTLS are FIPS 140-2 validated on Intel and Graviton. For more details, please refer to CMVP website.
Amazon Linux Extras
What is Amazon Linux extras?
Extras is a mechanism in Amazon Linux 2 to enable the consumption of new versions of application software on a stable operating system. Extras help alleviate the compromise between the stability of the OS and freshness of available software. For example, now you can install newer versions of MariaDB on a stable operating system supported for five years. Examples of extras include tomcat9, memcached 1.5, Corretto 1.0.0_242, Postgresql 13, MariaDB 10.5, Go 1.9, Redis 6.0, R 4, Rust 1.38.0.
How does Amazon Linux extras work?
Extras provide topics to select software bundles. Each topic contains all the dependencies required for the software to install and function on Amazon Linux 2. For example, Rust is an extras topic in the curated list provided by Amazon. It provides the toolchain and runtimes for Rust, the systems programming language. This topic includes the cmake build system for Rust, cargo - the rust package manager, and the LLVM based compiler toolchain for Rust. The packages associated with each topic are consumed with the well-known yum installation process.
How do I install a software package from Amazon Linux extras repository?
Available packages can be listed with the amazon-linux-extras command in the Amazon Linux 2 shell. Packages from extras can be installed with the “sudo amazon-linux-extras install ” command.
_Example: $ sudo amazon-linux-extras install rust1_
See Amazon Linux documentation for more details on getting started with Amazon Linux Extras.
Will packages in extras be moved to “core” with Long Term Support?
Over time, rapidly evolving technologies in extras will continue to mature and stabilize and may be added to the Amazon Linux 2 "core" to which the Long Term Support policies apply.
ISV Support
Which third-party applications are supported to run on Amazon Linux 2?
Amazon Linux 2 has a rapidly growing community of Independent Software Vendors (ISVs) including Chef, Puppet, Vertica, Trend Micro, Hashicorp, Datadog, Weaveworks, Aqua Security, Tigera, SignalFX, and more.
A complete list of supported ISV applications is available on the Amazon Linux 2 page
To get your application certified with Amazon Linux 2, contact us.
Kernel Live Patching
What is Kernel Live Patching in Amazon Linux 2?
Kernel Live Patching in Amazon Linux 2 is a feature that enables applying security and bug fixes to a running Linux Kernel without the need to reboot. Live patches for the Amazon Linux Kernel are delivered to the existing package repositories for Amazon Linux 2, and can be applied using regular yum commands such as ‘yum update —security’ when the feature has been activated.
What are the use cases for Kernel Live Patching in Amazon Linux 2?
The use cases targeted by Kernel Live Patching in Amazon Linux 2 include:
- Emergency patching to address high-severity security vulnerabilities and data corruption bugs without service downtime.
- Applying OS updates without waiting for long-running tasks to complete, users to log-out, or for scheduled reboot time-slots to apply security updates.
- Expediting roll out of security patches by eliminating rolling reboots required in highly available systems
When does AWS provide kernel live patches?
AWS typically will provide kernel live patches to fix CVEs, which are rated as critical and important by AWS, for the default Amazon Linux 2 Kernel. The Amazon Linux Security Advisory ratings of critical and important generally map to the Common Vulnerability Scoring System (CVSS) score of 7 and higher. Additionally, AWS will also provide kernel live patches for select bug fixes to address system stability issues, and potential data corruption issues. There may be a small number of issues that do not receive kernel live patches despite their severity because of technical limitations. For example, fixes that change assembly code or modify function signatures may not receive kernel live patches. Kernels in Amazon Linux 2 Extras and any third-party software that are not built and served by AWS will not receive kernel live patches.
Are there any charges attached with using Kernel Live Patching in Amazon Linux 2?
We provide kernel live patches for Amazon Linux 2 at no cost.
How do I use Kernel Live Patching in Amazon Linux 2?
Kernel live patches are provided by Amazon and can be consumed with the yum package manager and utilities in Amazon Linux 2 and AWS Systems Manager Patch Manager. Each kernel live patch is provided as an RPM package. Kernel Live Patching is currently disabled by default in Amazon Linux 2. You can use the available yum plugin to enable and disable Kernel Live Patching. You can then use the existing workflows in the yum utility to apply security patches including kernel live patches. In addition, the kpatch command line utility can be used to enumerate, apply and enable/disable kernel live patches.
- ‘sudo yum install -y yum-plugin-kernel-livepatch’ installs the yum plugin for the kernel live patching capability on Amazon Linux.
- ‘sudo yum kernel-livepatch enable -y’ enables the plugin.
- ‘sudo systemctl enable kpatch.service’ enables kpatch service, the kernel live patching infrastructure used in Amazon Linux.
- ‘sudo amazon-linux-extras enable livepatch’ adds the kernel live patch repository endpoints.
- ‘yum check-update kernel’ displays the list of available kernels to update.
- ‘yum updateinfo list’ lists available security updates.
- ‘sudo yum update --security’ installs available patches which includes kernel live patches available as security fixes.
- ‘kpatch list’ to list all loaded kernel live patches.
Does AWS Systems Manager Patch Manager support live patching?
Yes. You can use AWS SSM Patch Manager to automate applying kernel live patches without the need of an immediate reboot when the patch is available as a live patch. Visit the SSM Patch Manager documentation to get started.
Where can I get details on security patches provided via Kernel Live Patching?
AWS publishes details on kernel live patches to fix security vulnerabilities on the Amazon Linux Security Center.
Are there any restrictions to using Kernel Live Patching?
While applying a kernel live patch in Amazon Linux 2, you cannot simultaneously perform hibernation, or use advanced debugging tools such as SystemTap, kprobes, eBPF based tools and access ftrace output files used by the kernel live patching infrastructure.
How do I remediate issues that may occur while applying kernel live patches to Amazon Linux 2?
If you encounter issues with a kernel live patch, disable the patch and inform AWS Support, or Amazon Linux Engineering through an AWS Forums post.
Does Kernel Live Patching in Amazon Linux 2 remove the need for reboots for applying security patches entirely?
Kernel Live Patching in Amazon Linux 2 does not remove the need for OS reboots entirely but provides significant relief from reboots to fix important and critical security issues outside planned maintenance windows. Each Linux Kernel in Amazon Linux 2 will receive live patches roughly for up to 3 months after the release of an Amazon Linux Kernel. After each 3-month duration, the OS needs to be rebooted into the latest Amazon Linux Kernel to continue to receive kernel live patches.
What EC2 instances and on-premises environments is Kernel Live Patching with Amazon Linux 2 supported on?
Kernel Live Patching in Amazon Linux 2 is supported on all x86_64 (AMD/Intel 64 bit) platforms that Amazon Linux 2 is supported on. This includes all HVM EC2 instances, VMware Cloud on AWS, VMware ESXi, VirtualBox, KVM, Hyper-V, and KVM. ARM-based platforms are currently unsupported.
Will AWS continue to provide regular (“non-live”) patches for OS updates that come with kernel live patches?
Yes, AWS will continue to provide regular patches for all OS updates. As a general rule, both regular and kernel live patches will be provided at the same time.
What happens if a reboot is performed on Amazon Linux 2 systems that have been kernel live patched?
By default, when a reboot is performed, kernel live patches are replaced with regular “non-live” patch equivalents. You can also perform reboots without replacing kernel live patches with regular patches. See Amazon Linux 2 Kernel Live Patching documentation for details.
Does Kernel Live Patching affect the ABI compatibility of Amazon Linux 2?
Kernel Live Patching in Amazon Linux 2 does not change the kernel ABI compatibility of Amazon Linux 2.
How can I get premium support for issues that may be encountered while applying kernel live patches?
Business and Enterprise plans for AWS Support includes premium support for all capabilities of Amazon Linux including Kernel Live Patching. AWS only supports kernel live patches provided by AWS and recommends contacting your vendor for issues with third-party kernel live patching solutions. AWS also recommends that you use only one kernel live patching solution on Amazon Linux 2.
How will kernel live patches be indicated in the Amazon Linux Security Center?
A dedicated row in Amazon Linux Security Center listings will appear for each kernel live patch. The entry will have an identification such as “ALASLIVEPATCH-<datestamp>", and the package name will appear as "kernel-livepatch-<kernel-version>".
How long does an Amazon Linux Kernel receive live patches for?
A kernel version will get live patches for roughly 3 months. Amazon Linux will provide kernel live patches for the last 6 kernels released. Please note that Kernel Live Patching will be supported only on the default kernel released in Amazon Linux 2. The next generation Kernel in the Extras will not receive kernel live patches.
To find out whether the current Linux Kernel continue to receive live patches or not, and when that support window ends, use the following yum command:
‘yum kernel-livepatch supported’
What are the supported yum workflows for Kernel Live Patching?
The kernel live patching yum plugin supports all workflows that are normally supported in the yum package management utility. E.g. ‘yum update’, ‘yum update kernel’, ‘yum update —security’, ‘yum update all’.
Are kernel live patches signed?
The kernel live patch RPMs are signed via GPG keys. However, the kernel modules are currently not signed.
Next steps
Learn about Amazon Linux 2
Sign up for a free account Sign up
Start building in the console Sign in
Learn
- Cloud Computing Concepts Hub
- Blogs
Resources
- Training
Developers
Help
- Legal
English
Back to top
Amazon is an equal opportunity employer and does not discriminate on the basis of protected veteran status, disability or other legally protected status.
[](https://twitter.com/awscloud)[](https://www.facebook.com/amazonwebservices)[](https://www.linkedin.com/company/amazon-web-services/)[](https://www.instagram.com/amazonwebservices/)[](https://www.twitch.tv/aws)[](https://www.youtube.com/user/AmazonWebServices/Cloud/)[](https://aws.amazon.com/podcasts/?nc1=f_cc)[](https://pages.awscloud.com/communication-preferences?trk=homepage)
- Privacy
© 2026, Amazon Web Services, Inc. or its affiliates. All rights reserved.