Comments (2)
ginglis13
commented on May 23, 2024
Hi @krayzie32, thanks for the issue. The short answer is no, Bottlerocket AMIs and EC2 Image builder / Image Pipeline are not compatible.
The longer answer is due to Bottlerocket's security features. Bottlerocket AMIs do not come equipped with an SSM agent running at the host level; rather, they run the SSM agent through the control container (https://github.com/bottlerocket-os/bottlerocket-control-container). Bottlerocket also ships with an immutable root filesystem, so even if the SSM agent were available at the host level, any changes attempted to the host's rootfs via SSM commands would fail.
ensure that the image complies with our security guidelines
I'd suggest you check out SECURITY_FEATURES.md and SECURITY_GUIDANCE.md to see if Bottlerocket's security posture meets the requirements for your company.
If your company evaluates security based on CIS benchmarks, Bottlerocket comes equipped with tooling to run those benchmarks via the apiclient: check out the docs here if that's relevant to you
from bottlerocket.
krayzie32
commented on May 23, 2024
@ginglis13 Thank you very much for the detailed reply.
from bottlerocket.
Related Issues (20)
- Issue with Bottlerocket image HOT 1
- Missing runtime metrics from cAdvisor HOT 3
- Failed to start ContainerManager err="invalid kernel flag: vm/overcommit_memory, expected value: 1, actual value: 0" HOT 2
- OOTB: Remove conditional compilation from updog
- OOTB: Remove conditional compilation from logdog HOT 1
- Support for system-reserved pid setting HOT 1
- "privileged: true" in pod spec clobbers SELinux options HOT 1
- No metal-k8s-1.29 variant for Bottlerocket
- v1.19.2 💘 Tracking Issue HOT 9
- Github: update workflows to use node.js 20
- Checkpoint/Restart or Live Motion HOT 1
- Support zstd-compressed docker images HOT 8
- Preload images of aws-node, kube-proxy and possible others HOT 5
- add support for configuring audit rules from a bootstrap container
- Provide visibility into Bootstrap Container behaviors - exit status, time, etc? HOT 2
- Scale-in activity delays when admin container is enabled HOT 2
- Create a Delayed Release Process HOT 4
- Option to disable GSP Firmware module for Nvidia GPUs HOT 3
- SSM Node Management to install packages HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bottlerocket.