Bottlerocket のアイコン

Bottlerocket Specialized2020年〜

A Linux-based open-source OS purpose-built for running containers

About 2 min read

What It Does

Bottlerocket is a Linux-based operating system designed specifically as a container host OS. Unlike general-purpose Linux distributions, it includes only the minimal components needed to run containers, resulting in a smaller attack surface and faster boot times. OS updates are applied atomically (all at once), and failed updates are automatically rolled back.

Use Cases

Used as the worker node OS for EKS and ECS, serving as the execution platform for security-focused container workloads. It is adopted by financial institutions, healthcare organizations, and other environments with strict security requirements, as well as for simplifying OS management in large-scale microservices environments.

Everyday Analogy

Think of it like a work truck loaded with only specialized tools. If a general-purpose OS is a van packed with everything, Bottlerocket is a pickup truck carrying only the tools needed to run containers. With no unnecessary cargo, it runs lighter and faster, and there is less to steal, making it more secure.

What Is Bottlerocket?

Bottlerocket is a container-purpose Linux-based OS developed by AWS. General-purpose operating systems like Amazon Linux or Ubuntu include many components such as package managers and shell environments, but Bottlerocket consists of only a container runtime and minimal system components. SSH login is disabled by default, and configuration changes are made through an API. This design dramatically reduces the security attack surface.

Security and Updates

Bottlerocket's filesystem is mostly read-only, reducing the risk of OS file tampering at runtime. OS updates replace the entire image atomically rather than updating individual packages, preventing inconsistent states during updates. If an update fails, it automatically rolls back to the previous version. SELinux is also enabled, strengthening isolation between containers. For technical background on security and updates, reference books on Amazon are a useful resource.

Integration with EKS and ECS

Bottlerocket can be used as the worker node OS for both EKS and ECS. For EKS, simply select Bottlerocket as the AMI for your managed node group to get started. ECS also provides Bottlerocket-compatible AMIs. For troubleshooting, you can access nodes using AWS Systems Manager Session Manager. Bottlerocket is published as an open-source project on GitHub, and you can create custom builds.

Things to Watch Out For

  • Bottlerocket itself is free and open-source, but standard EC2 instance charges apply for the instances it runs on
  • Unlike general-purpose operating systems, there is no package manager, so you cannot install software directly on the OS. Everything runs as containers by design
  • Since SSH is disabled by default, Systems Manager Session Manager is recommended for troubleshooting
共有するXB!

Related Services

Amazon EKS iconAmazon EKSA managed service for easily building and operating Kubernetes clusters on AWSAmazon ECS iconAmazon ECSA container orchestration service for easily running and managing containerized applicationsAWS Fargate iconAWS FargateA serverless compute engine for running containers without managing serversAmazon ECR iconAmazon ECRA fully managed registry for securely storing, managing, and distributing Docker container imagesAWS Systems Manager iconAWS Systems ManagerAn operations management service for centrally managing AWS resources and on-premises servers

Related Articles

Container-Optimized OS - Strengthening Container Host Security and Operations with BottlerocketLearn how to optimize container hosts with AWS Bottlerocket. Covers the minimal OS design, automatic updates, immutable infrastructure, and integration with ECS/EKS.

More in This Category

AWS App Runner iconAWS App Runner PopularA fully managed service for deploying and running containerized web applications and APIsAmazon ECR iconAmazon ECR PopularA fully managed registry for securely storing, managing, and distributing Docker container imagesAmazon ECS iconAmazon ECS PopularA container orchestration service for easily running and managing containerized applicationsAmazon EKS iconAmazon EKS PopularA managed service for easily building and operating Kubernetes clusters on AWSAWS Fargate iconAWS Fargate PopularA serverless compute engine for running containers without managing servers

Similar Articles and Services

Container-Optimized OS - Strengthening Container Host Security and Operations with BottlerocketLearn how to optimize container hosts with AWS Bottlerocket. Covers the minimal OS design, automatic updates, immutable infrastructure, and integration with ECS/EKS.BottlerocketA Linux-based OS purpose-built for running containers, delivering security and operational efficiency with a minimal footprintAWS Open Source Contributions - The Strategic Significance of Bottlerocket, Firecracker, Cedar, and OpenSearchThis article explains the technical features of open source projects led by AWS, including Bottlerocket, Firecracker, Cedar, and OpenSearch, and examines the uniqueness of AWS's OSS strategy.EC2 Image BuilderA service that automates the creation, testing, and distribution of custom AMIsAutomating AMI Pipelines with EC2 Image Builder - Building and Testing Golden ImagesAutomate your golden AMI build pipeline from component creation and security hardening tests to multi-account distribution with EC2 Image Builder.