Bottlerocket doesn't include a package manager, and its software can only be run as containers. Updates to Bottlerocket are both applied and can be rolled back in a single step, which reduces the likelihood of update errors.

The primary mechanism to manage Bottlerocket hosts is with a container scheduler. Unlike Amazon Linux, logging into individual Bottlerocket instances is intended to be an infrequent operation for advanced debugging and troubleshooting purposes only.

aws-ecs-2

aws-ecs-2-nvidia

aws-ecs-1

aws-ecs-1-nvidia

For more information about theaws-ecs-1-nvidia variant, seeAnnouncing NVIDIA GPU support for Bottlerocket on Amazon ECS.

Bottlerocket supports Amazon EC2 instances withx86_64 andarm64 processors. The Bottlerocket AMI isn't recommended for use with Amazon EC2 instances with an Inferentia chip.

Bottlerocket images don't include an SSH server or a shell. However, you can use out-of-band management tools to gain SSH administrator access and perform bootstrapping.

For more information, see these sections in thebottlerocket README.md on GitHub:

By default, Bottlerocket has acontrol container that's enabled. This container runs theAWS Systems Manager agent that you can use to run commands or start shell sessions on Amazon EC2 Bottlerocket instances. For more information, seeSetting up Session Manager in theAWS Systems Manager User Guide.

Bottlerocket is optimized for container workloads and has a focus on security. Bottlerocket doesn't include a package manager and is immutable.

For information about the security features and guidance, seeSecurity Features andSecurity Guidance on GitHub.

Theawsvpc network mode is supported for Bottlerocket AMI version1.1.0 or later.

App Mesh in a task definition is supported for Bottlerocket AMI version1.15.0 or later.

TheinitProcessEnabled task definition parameter is supported for Bottlerocket AMI version1.19.0 or later.

The Bottlerocket AMIs also don't support the following services and features: