Leaving Amazon Linux 2: AL2023 or Enterprise Linux?

Amazon Linux 2 reaches end of life on June 30, 2026. Most teams running AL2 will look at AL2023 as the natural successor and for some workloads, it is. The right next platform depends on why you were on AL2 in the first place, and that question is worth examining before committing to any path.

What AL2 actually was, and why it matters for migration

The common assumption about Amazon Linux 2 is that it was CentOS 7 with AWS packaging on top. AL2 went further than CentOS 7 in some areas. It provided newer kernels, amazon-linux-extras shipping PHP 8.1, MariaDB 10.5, and NGINX well ahead of anything CentOS offered, and deeper AWS toolchain integration. In others it fell short: not everything in the CentOS 7 package catalog made it in. Amazon deliberately built it for AWS workloads, not to the Enterprise Linux binary compatibility standard, and that distinction determines your migration options.

Teams that relied on that AL2-specific layer depended on extras packages at versions no RHEL downstream would have shipped, kernel configurations tuned for AL2, and AWS toolchain integration from the ground up. That stack does not automatically port to any successor.

AL2023 is not a RHEL downstream, and that distinction determines fit

Amazon built AL2023 on Fedora. It is its own distribution with its own binary compatibility profile, package ecosystem, and release cadence. None of which follow the RHEL downstream model.

AL2023 ships on a major-plus-quarterly cadence. The current major release launched in March 2023, with AL2023.7 the most recent quarterly update. The next major release is expected in 2027 at the earliest. Support runs through June 2029.

AL2023 also introduced repository pinning: each instance is pinned to the package versions available when the AMI was built, and accessing newer packages means explicitly pointing to a newer version lock. For teams managing thousands of instances with strict reproducibility requirements, it delivers real operational value. For teams that prefer a standard patch-and-update workflow, pinning introduces an additional step.

Learn more about RLC Pro or RLC Pro Hardened

The teams AL2023 is right for

AL2023 is the right successor for teams whose primary requirement is staying on the AWS-managed OS path with the lowest migration friction. Workloads running on the AL2 base package set without heavy reliance on amazon-linux-extras and without Enterprise Linux binary compatibility dependencies.

For EKS clusters upgrading to Kubernetes 1.33 or later, AL2023 is the required node OS. In this case, the migration decision is already made. If EKS is the primary driver of your migration, AL2023 is the correct target regardless of the other criteria in this post.

Amazon maintains AL2023, continues security updates, and keeps it integrated with the AWS toolchain. Teams that want Amazon to own their OS have a supported path forward.

The teams that should look elsewhere

Many AL2 users were there for reasons AL2023 does not address.

Teams that need a longer support window. AL2023 support ends June 2029. Migration to it today means scheduling your next OS migration in three years. RLC Pro on Rocky Linux 9 carries security maintenance through May 2032.

Teams with Enterprise Linux binary compatibility requirements. AL2023 is not a RHEL downstream. Existing tooling, software certifications, and third-party vendor support built around RHEL compatibility do not carry over. Teams running software certified on RHEL derivatives need to verify support status before committing to AL2023.

Teams that needed AL2's newer kernel alongside enterprise stability. AL2 delivered kernel 5.10 with commercial accountability from Amazon. RLC Pro matches that on Rocky Linux 9 with a modern kernel, long-term support, and adds committed CVE timelines and indemnification.

RLC Pro keeps you on the release cadence with commercial accountability

Rocky Linux 9 is freely available as a community project. RLC Pro is the commercial subscription on top: committed CVE timelines, FIPS 140-3 validation, and IP indemnification, available on the AWS Marketplace.

Rocky Linux 9.6 LTS ships with security backports through December 2029; teams can move to later 9.x point releases at any time.

For workloads with hardening or compliance requirements, RLC Pro Hardened adds kernel-level intrusion detection via LKRG, cryptographically validated packages with an SBOM, and prioritized patching for critical CVEs ahead of standard release cycles.

Your dependency inventory determines your migration risk

Whichever platform you are evaluating, the migration decision is only as good as the dependency inventory underneath it. The workloads that fail in testing fail for the same reasons: packages from amazon-linux-extras that have no equivalent in the target OS, Python version assumptions baked into automation, custom kernel modules that need recompilation.

Run this on your AL2 instance before committing to any migration target:

amazon-linux-extras list | grep enabled

CIQ's free migration toolkit at portal.ciq.dev/migrate2rlc runs this inventory and automatically classifies findings. The gaps in that list determine your migration timeline and risk. Pick your target OS after you know what's in it.

If you have already chosen RLC Pro, the 60-day plan covering the dependency audit, playbook adaptation, and blue/green cutover is in our migration guide. If you are still evaluating, CIQ's team can work through your workload profile with you.

AL2 EOL date (June 30, 2026) confirmed per AWS Amazon Linux 2 FAQs. AL2023 Fedora base confirmed per AWS AL2023 documentation. AL2023 no new major version in 2025 or 2026 confirmed per AWS AL2023 release cadence documentation. AL2023 support end date (June 2029) confirmed per Amazon Linux 2023 FAQs. Rocky Linux 9 support lifecycle (through May 2032) confirmed per Rocky Linux release documentation. RLC Pro Hardened availability on AWS Marketplace confirmed at aws.amazon.com/marketplace.