- Newest
- Most votes
- Most comments
The update to Docker version 25.0.3 in Amazon ECS-Optimized AL2 AMIs is not explicitly mandatory, but there are strong recommendations and implications for not updating. Starting from June 12, 2024, Amazon ECS-optimized AMIs based on Amazon Linux will no longer automatically apply all "Critical" and "Important" security updates at instance launch. Instead, users are encouraged to update to new AMI releases as they become available, which will include the latest security patches and Docker versions https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html
The update to Docker version 25.0.3 in Amazon ECS-Optimized AL2 AMIs is not explicitly mandatory, but there are strong recommendations and implications for not updating. Starting from June 12, 2024, Amazon ECS-optimized AMIs based on Amazon Linux will no longer automatically apply all "Critical" and "Important" security updates at instance launch. Instead, users are encouraged to update to new AMI releases as they become available, which will include the latest security patches and Docker versions (Amazon Web Services (AWS) Docs).
If you choose not to update to Docker version 25.0.3 by the specified date, your instances will not benefit from the latest security improvements and bug fixes. Using an unsupported version of Docker could expose your environment to security vulnerabilities, compatibility issues with new versions of the Amazon ECS container agent, and potential operational challenges due to a lack of support for older Docker versions from new software updates and features.
Amazon emphasizes the importance of using the latest AMI versions to ensure software components like Docker and the ECS container agent are up-to-date. This approach helps in maintaining the security and stability of your ECS environments https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html https://docs.aws.amazon.com/AmazonECS/latest/developerguide/agent-update-ecs-ami.html
For environments where updates cannot be applied immediately, Amazon provides mechanisms to manage updates more flexibly. However, consistently running on older Docker versions may not only pose security risks but could also lead to compatibility issues with other software relying on Docker within your infrastructure https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html
To manage these updates, Amazon recommends automating the environment to shift to new AMI versions as they are released, potentially using managed instance draining to minimize disruption during updates https://docs.aws.amazon.com/AmazonECS/latest/developerguide/ecs-optimized_AMI.html This proactive approach can help mitigate risks associated with outdated software versions.
AWS doesn't provide an AMI with docker v25 for Amazon ECS GPU-optimized family. The latest AMI still comes with docker v20. What can we do for such scenario to update docker to v25?
Thanks for the information and links.
I have a similar question to Ajay's - the latest AMI for EB ECS AL2 (HVM) also still comes with Docker v20 (aws-elasticbeanstalk-amzn-2.0.20240521.64bit-eb_ecs_amazon_linux_2-hvm-2024-05-24T09-52).
Is there a timeline for a new AMI being available? If so, how can we test and/or plan for a docker upgrade to v25?
Thank you for your help!
Relevant content
- Accepted Answerasked a year ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
please accept the answer if it was useful