With the popularity of containers and container-based architecture, it can be hard to keep up with new container technologies and pick out the useful ones from a sea of competition. It’s important to carefully consider technology choices lest one adopt technology they don’t really need for minimal gain, and fail to KISS.

Bottlerocket was released for public preview by Amazon Web Services (AWS) in early March 2020, and for general availability on August 31, 2020. Its purpose is to lower management overhead and costs and improve security, applying many of the principles behind Docker to the instances we run Docker atop of. It does this through locked-down access and bare-minimal software on instances running Bottlerocket, greatly reducing the attack surface.


  • No additional cost. Standard EC2 rates apply.
  • “Atomic updating.” Updates are applied in a single step, rather than by package, with the goal of reducing management overhead and making rollbacks easier.
  • Supports Open Container Initiative Image Format images.
  • Backed by Amazon. A huge company’s support improves Bottlerocket’s odds of not going the way of Container-optimized OS and Container Linux.
  • Open-source.


  • AWS ecosystem focused. Bottlerocket is built by Amazon, for use within AWS, although it should be compatible with and extensible to other cloud computing platforms.
  • No SSH, no shell. Access is intended to be through orchestration tools, e.g., EKS, not directly.
  • Requires containerized architecture, e.g., microservices running in a Kubernetes cluster.
  • Relatively new and immature.

Most of these cons, such as locked-down instance access and container focus, are by design, and not strictly disadvantageous. Given the lack of additional costs, if you’re already ingrained in the AWS ecosystem, there’s no reason not to give it a shot.

Want to learn more about AWS cloud skills and best practices? Explore our upcoming training classes, including AWS Technical Essentials, System Operations on AWS, Developing on AWS, and more.

Updates 1/20/21:

As a clarification to one of the cons, it’s possible to enable shell via an admin container, as detailed in a helpful comment from a representative of Amazon below.

Additionally, the first con was modified to remove any implication that Bottlerocket cannot work with other cloud computing platforms

2 thoughts to “Bottlerocket: An Early Look

  • Greg DeKoenigsberg

    Hi Matthew. Thanks for the write-up!

    Just to clarify about two of your cons.

    First, while it is true that it’s built by the Bottlerocket team at Amazon, it’s not true that we intend for it to be used only within AWS; we built it to be extended to run beyond AWS as well. That’s one of the rationales for making it an open source project.

    Second, SSH is disabled by default, but it is possible to enable SSH via an admin container. You can read more about that here: https://github.com/bottlerocket-os/bottlerocket-admin-container/blob/develop/README.md

    Thanks again for the mention. Hope you have a chance to take it for a spin and share more of your thoughts with us soon.

  • Matthew Taylor

    Thank you for the clarifications; I’ve updated the original post to reflect these.


Leave a comment

Your email address will not be published. Required fields are marked *