**Help improve this page**
To contribute to this user guide, choose the **Edit this page on GitHub** link that is located in the right pane of every page.
# Guide to EKS AL2 & AL2-Accelerated AMIs transition features
**Warning**
Amazon EKS stopped publishing EKS-optimized Amazon Linux 2 (AL2) AMIs on November 26, 2025. AL2023 and Bottlerocket based AMIs for Amazon EKS are available for all supported Kubernetes versions including 1.33 and higher.
AWS will end support for EKS AL2-optimized and AL2-accelerated AMIs, effective November 26, 2025. While you can continue using EKS AL2 AMIs after the end-of-support (EOS) date (November 26, 2025), EKS will no longer release any new Kubernetes versions or updates to AL2 AMIs, including minor releases, patches, and bug fixes after this date. We recommend upgrading to Amazon Linux 2023 (AL2023) or Bottlerocket AMIs:
+ AL2023 enables a secure-by-default approach with preconfigured security policies, SELinux in permissive mode, IMDSv2-only mode enabled by default, optimized boot times, and improved package management for enhanced security and performance, well-suited for infrastructure requiring significant customizations like direct OS-level access or extensive node changes. To learn more, see [AL2023 FAQs](https://aws.amazon.com/linux/amazon-linux-2023/faqs/) or view our detailed migration guidance at [Upgrade from Amazon Linux 2 to Amazon Linux 2023](al2023.md).
+ Bottlerocket enables enhanced security, faster boot times, and a smaller attack surface for improved efficiency with its purpose-built, container-optimized design, well-suited for container-native approaches with minimal node customizations. To learn more, see [Bottlerocket FAQs](https://aws.amazon.com/bottlerocket/faqs/) or view our detailed migration guidance at [Create nodes with optimized Bottlerocket AMIs](eks-optimized-ami-bottlerocket.md).
Alternatively, you can [Build a custom EKS-optimized Amazon Linux AMI](eks-ami-build-scripts.md) until the EOS date (November 26, 2025). Additionally, you can build a custom AMI with an Amazon Linux 2 base instance until the Amazon Linux 2 EOS date (June 30, 2026).
## Migration and support FAQs
### How do I migrate from my AL2 to an AL2023 AMI?
We recommend creating and implementing a migration plan that includes thorough application workload testing and documented rollback procedures, then following the step-by-step instructions in the [Upgrade from Amazon Linux 2 to Amazon Linux 2023](https://docs.aws.amazon.com/eks/latest/userguide/al2023.html) in EKS official documentation.
### Can I build a custom AL2 AMI past the EKS end-of-support (EOS) date for EKS optimized AL2 AMIs?
While we recommend moving to officially supported and published EKS optimized AMIs for AL2023 or Bottlerocket, you can build custom EKS AL2-optimized and AL2-accelerated AMIs until the AL2 AMI EOS date (November 26, 2025). Alternatively, you can build a custom AMI with an Amazon Linux 2 base instance until the Amazon Linux 2 EOS date (June 30, 2026). For step-by-step instructions to build a custom EKS AL2-optimized and AL2-accelerated AMI, see [Build a custom Amazon Linux AMI](https://docs.aws.amazon.com/eks/latest/userguide/eks-ami-build-scripts.html) in EKS official documentation.
### Does the EKS Kubernetes version support policy apply to Amazon Linux distributions?
No. The EOS date for EKS AL2-optimized and AL2-accelerated AMIs is independent of the standard and extended support timelines for Kubernetes versions by EKS. You need to migrate to AL2023 or Bottlerocket even if you are using EKS extended support.
### How does the shift from cgroupv1 to cgroupv2 affect my migration?
The [Kubernetes community](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/4569-cgroup-v1-maintenance-mode/README.md) moved `cgroupv1` support (used by AL2) into maintenance mode, meaning no new features will be added and only critical security and major bug fixes will be provided. To adopt `cgroupv2` in Kubernetes, you need to ensure compatibility across the OS, kernel, container runtime, and Kubernetes components. This requires a Linux distribution that enables `cgroupv2` by default, such as AL2023, Bottlerocket, Red Hat Enterprise Linux (RHEL) 9\$1, Ubuntu 22.04\$1, or Debian 11\$1. These distributions ship with kernel versions ≥5.8, which is the minimum requirement for `cgroupv2` support in Kubernetes. To learn more, see [About cgroup v2](https://kubernetes.io/docs/concepts/architecture/cgroups/).
### What do I do if I need Neuron in my custom AL2 AMI?
You cannot run your full Neuron-powered applications natively on an AL2-based AMIs. To leverage AWS Neuron on an AL2 AMI, you must containerize you applications using a Neuron-supported container with a non-AL2 Linux distribution (e.g., Ubuntu 22.04, Amazon Linux 2023, etc.) and then deploy those containers on an AL2-based AMI that has the Neuron Driver (`aws-neuronx-dkms`) installed.
### Should I switch to a bare Amazon Linux 2 base instance after the EKS AL2 AMI EOS date (November 26, 2025)?
Switching to a bare Amazon Linux 2 base instance lacks the specific optimizations, container runtime configurations, and customizations provided by the official EKS AL2-optimized and AL2-accelerated AMIs. Instead, if you must continue using an AL2-based solution, we recommend building a custom AMI using the EKS AMI recipes at [Build a custom EKS-optimized Amazon Linux AMI](eks-ami-build-scripts.md) or [Amazon EKS AMI Build Specification](https://github.com/awslabs/amazon-eks-ami). This ensures compatibility with your existing workloads and includes AL2 kernel updates until the Amazon Linux 2 EOS date (June 30, 2026).
### When building a custom AL2 AMI using the EKS AMI GitHub repository after the EKS AL2 AMI EOS date (November 26, 2025), what support is available for packages from repositories like amzn2-core and amzn2extra-docker?
The EKS AMI recipe at [Amazon EKS AMI Build Specification](https://github.com/awslabs/amazon-eks-ami) pulls packages via YUM from standard Amazon Linux 2 software such as [amzn2-core](https://docs.aws.amazon.com/linux/al2/ug/managing-software.html) and [amzn2extra-docker](https://docs.aws.amazon.com/linux/al2/ug/managing-software.html). After the EKS AL2 AMI EOS date (November 26, 2025), this software will continue to be supported until the broader Amazon Linux 2 EOS date (June 30, 2026). Note that support is limited to kernel updates during this period, meaning you will need to manually manage and apply other package updates, security patches, and any non-kernel dependencies to maintain security and compatibility.
### Why might Java applications using older versions of JDK8 on Amazon EKS with AL2023 experience Out of Memory (OOM) exceptions and pod restarts, and how can this be resolved?
When running on Amazon EKS nodes with AL2023, Java applications relying on JDK 8 versions prior to `jdk8u372` can cause OOM exceptions and pod restarts because the JVM is not compatible with `cgroupv2`. This issue arises specifically from the JVM’s inability to detect container memory limits using `cgroupv2`, the default in Amazon Linux 2023. As a result, it bases heap allocation on the node’s total memory rather than the pod’s defined limit. This stems from `cgroupv2` changing the storage location for memory limit data, causing older Java versions to misread available memory and assume node-level resources. A few possible options include:
+ **Upgrade JDK version**: Upgrading to `jdk8u372` or later, or to a newer JDK version with full `cgroupv2` support, can resolve this issue. For a list of compatible Java versions that fully support `cgroupv2`, see [About cgroup v2](https://kubernetes.io/docs/concepts/architecture/cgroups/).
+ **Build a custom AMI**: If you must continue using an AL2-based solution, you can build a custom AL2-based AMI (until November 26, 2025) using [Build a custom EKS-optimized Amazon Linux AMI](eks-ami-build-scripts.md) or [Amazon EKS AMI Build Specification](https://github.com/awslabs/amazon-eks-ami). For example, you can build an AL2-based v1.33 AMI (until November 26, 2025). Amazon EKS will provide AL2-based AMIs until the EKS AL2 EOS date (November 26, 2025). After the EOS date (November 26, 2025), you will need to build your own AMI.
+ **Enable cgroupv1**: If you must continue using `cgroupv1`, you can enable `cgroupv1` on an EKS AL2023 AMI. To enable, run `sudo grubby --update-kernel=ALL --args="systemd.unified_cgroup_hierarchy=0"` and reboot the system (e.g., EC2 instance or node running Amazon Linux 2023). This will modify the boot parameters for the system (e.g., by adding the kernel parameter 'systemd.unified\$1cgroup\$1hierarchy=0' to the GRUB configuration, which instructs systemd to use the legacy `cgroupv1` hierarchy) and enable `cgroupv1`. Note that when you run this grubby command, you are reconfiguring the kernel to launch with `cgroupv1` enabled and `cgroupv2` disabled. Only one of these cgroup versions is used for active resource management on a node. This is not the same as running `cgroupv2` with backwards compatibility for the `cgroupv1` API.
**Warning**
We do not recommend the continued use of `cgroupv1`. Instead, we recommend migrating to `cgroupv2`. The Kubernetes community moved `cgroupv1` support (used by AL2) into maintenance mode, meaning no new features or updates will be added and only critical security and major bug fixes will be provided. The full removal of `cgroupv1` support is expected in a future release, though a specific date for this full removal has not yet been announced. If you experience issues with `cgroupv1`, AWS will be unable to provide support and recommend that you upgrade to `cgroupv2`.
## Compatibility and versions
### Supported Kubernetes versions for AL2 AMIs
Kubernetes version 1.32 is the last version for which Amazon EKS will release AL2 (Amazon Linux 2) AMIs. For [supported](https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html) Kubernetes versions up to 1.32, EKS will continue to release AL2 AMIs (AL2\$1ARM\$164, AL2\$1x86\$164) and AL2-accelerated AMIs (AL2\$1x86\$164\$1GPU) until November 26, 2025. After this date, EKS will stop releasing AL2-optimized and AL2-accelerated AMIs for all Kubernetes versions. Note that the EOS date for EKS AL2-optimized and AL2-accelerated AMIs is independent of the standard and extended support timelines for Kubernetes versions by EKS.
### Supported drivers and Linux kernel versions comparison for AL2, AL2023, and Bottlerocket AMIs
| Component | EKS AL2 AMI | EKS AL2023 AMI | EKS Bottlerocket AMI |
| --- | --- | --- | --- |
| Base OS Compatibility | RHEL7/CentOS 7 | Fedora/CentOS 9 | N/A |
| [CUDA user mode driver](https://docs.nvidia.com/deploy/cuda-compatibility/why-cuda-compatibility.html#why-cuda-compatibility) | 12.x | 12.x,13.x | 12.x,13.x |
| NVIDIA GPU Driver | R570 | R580 | R570, R580 |
| AWS Neuron Driver | 2.20\$1 | 2.20\$1 | 2.20\$1 |
| Linux Kernel | 5.10 | 6.1, 6.12 | 6.1, 6.12 |
For more information on NVIDIA driver and CUDA compatibility, see the [NVIDIA documentation](https://docs.nvidia.com/datacenter/tesla/drivers/index.html#supported-drivers-and-cuda-toolkit-versions).
### AWS Neuron compatibility with AL2 AMIs
Starting from [AWS Neuron release 2.20](https://awsdocs-neuron.readthedocs-hosted.com/en/latest/release-notes/prev/rn.html#neuron-2-20-0-whatsnew), the Neuron Runtime (`aws-neuronx-runtime-lib`) used by EKS AL-based AMIs no longer supports Amazon Linux 2 (AL2). The Neuron Driver (`aws-neuronx-dkms`) is now the only AWS Neuron package that supports Amazon Linux 2. This means you cannot run your Neuron-powered applications natively on an AL2-based AMI. To setup Neuron on AL2023 AMIs, see the [AWS Neuron Setup](https://awsdocs-neuron.readthedocs-hosted.com/en/latest/general/setup/index.html#setup-guide-index) guide.
### Kubernetes compatibility with AL2 AMIs
The Kubernetes community has moved `cgroupv1` support (used by AL2) to maintenance mode. This means no new features will be added, and only critical security and major bug fixes will be provided. Any Kubernetes features relying on cgroupv2, such as MemoryQoS and enhanced resource isolation, are unavailable on AL2. Furthermore, Amazon EKS Kubernetes version 1.32 was the last version to support AL2 AMIs. To maintain compatibility with the latest Kubernetes versions, we recommend migrating to AL2023 or Bottlerocket, which enable `cgroupv2` by default.
### Linux version compatibility with AL2 AMIs
Amazon Linux 2 (AL2) is supported by AWS until its end-of-support (EOS) date on June 30, 2026. However, as AL2 has aged, support from the broader Linux community for new applications and functionality has become more limited. AL2 AMIs are based on [Linux kernel 5.10](https://docs.aws.amazon.com/linux/al2/ug/kernel.html), while AL2023 uses [Linux kernel 6.1](https://docs.aws.amazon.com/linux/al2023/ug/compare-with-al2-kernel.html). Unlike AL2023, AL2 has limited support from the broader Linux community. This means many upstream Linux packages and tools need to be backported to work with AL2’s older kernel version, some modern Linux features and security improvements aren’t available due to the older kernel, many open source projects have deprecated or limited support for older kernel versions like 5.10.
### Deprecated packages not included in AL2023
A few of the most common packages that are not included or which changed in AL2023, include:
+ Some [source binary packages in Amazon Linux 2](https://docs.aws.amazon.com/linux/al2023/release-notes/removed-AL2023.6-AL2.html) are no longer available in Amazon Linux 2023
+ Changes in how Amazon Linux supports different versions of packages (e.g., [amazon-linux-extras system](https://repost.aws/questions/QUWGU3VFJMRSGf6MDPWn4tLg/how-to-resolve-amazon-linux-extras-in-al2023)) in AL2023
+ [Extra Packages for Enterprise Linux (EPEL)](https://docs.aws.amazon.com/linux/al2023/ug/epel.html) are not supported in AL2023
+ [32-bit applications](https://docs.aws.amazon.com/linux/al2023/ug/deprecated-al2.html#deprecated-32bit-rpms) are not supported in AL2023
To learn more, see [Comparing AL2 and AL2023](https://docs.aws.amazon.com/linux/al2023/ug/compare-with-al2.html).
### FIPS validation comparison across AL2, AL2023, and Bottlerocket
Amazon Linux 2 (AL2), Amazon Linux 2023 (AL2023), and Bottlerocket provide support for Federal Information Processing Standards (FIPS) compliance.
+ AL2 is certified under FIPS 140-2 and AL2023 is certified under FIPS 140-3. To enable FIPS mode on AL2023, install the necessary packages on your Amazon EC2 instance and follow the configuration steps using the instructions in [Enable FIPS Mode on AL2023](https://docs.aws.amazon.com/linux/al2023/ug/fips-mode.html). To learn more, see [AL2023 FAQs](https://aws.amazon.com/linux/amazon-linux-2023/faqs).
+ Bottlerocket provides purpose-built variants specifically for FIPS which constrain the kernel and userspace components to the use of cryptographic modules that have been submitted to the FIPS 140-3 Cryptographic Module Validation Program.
### EKS AMI driver and versions changelog
For a complete list of all EKS AMI components and their versions, see [Amazon EKS AMI Release Notes](https://github.com/awslabs/amazon-eks-ami/releases) on GitHub.