Running Flatcar Container Linux on EC2

The current AMIs for all Flatcar Container Linux channels and EC2 regions are listed below and updated frequently. Using CloudFormation is the easiest way to launch a cluster, but it is also possible to follow the manual steps at the end of the article. Questions can be directed to the Flatcar Container Linux IRC channel or user mailing list.

Release retention time

After publishing, releases will remain available as public AMIs on AWS for 9 months. AMIs older than 9 months will be un-published in regular garbage collection sweeps. Please note that this will not impact existing AWS instances that use those releases. However, deploying new instances (e.g. in autoscaling groups pinned to a specific AMI) will not be possible after the AMI was un-published.

Choosing a channel

Flatcar Container Linux is designed to be updated automatically with different schedules per channel. You can disable this feature, although we don't recommend it. Read the release notes for specific features and bug fixes.

The Alpha channel closely tracks master and is released frequently. The newest versions of system libraries and utilities will be available for testing. The current version is Flatcar Container Linux 2513.1.0.

View as json feed: amd64 arm64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-06831ab0dce358f34 Launch Stack
HVM (arm64) ami-0cfce85d6b75902f6 Launch Stack
ap-northeast-1 HVM (amd64) ami-00d5a9bdaf0cfd29a Launch Stack
HVM (arm64) ami-0a997aa8b58fc5fee Launch Stack
ap-northeast-2 HVM (amd64) ami-0826e9de7a12f2445 Launch Stack
HVM (arm64) ami-0ffa026961828388b Launch Stack
ap-south-1 HVM (amd64) ami-06723cd138736d287 Launch Stack
HVM (arm64) ami-012721b16e381572e Launch Stack
ap-southeast-1 HVM (amd64) ami-08a51d5399c4c5af5 Launch Stack
HVM (arm64) ami-0339d7aa1101fe4c0 Launch Stack
ap-southeast-2 HVM (amd64) ami-08e01c49d20f24e67 Launch Stack
HVM (arm64) ami-0e1c24e820b924f2d Launch Stack
ca-central-1 HVM (amd64) ami-0e32461f74d768206 Launch Stack
HVM (arm64) ami-02e7df2728e0a8583 Launch Stack
eu-central-1 HVM (amd64) ami-01a942e2502374a19 Launch Stack
HVM (arm64) ami-06892f140752e3ff9 Launch Stack
eu-north-1 HVM (amd64) ami-06f7e5fd45b5c4143 Launch Stack
HVM (arm64) ami-003169f2bfa0722ab Launch Stack
eu-west-1 HVM (amd64) ami-0528f2d9077277857 Launch Stack
HVM (arm64) ami-09a3f4a7a9b3c83c9 Launch Stack
eu-west-2 HVM (amd64) ami-0497b026f9da1b9da Launch Stack
HVM (arm64) ami-0173357609ad0f8bd Launch Stack
eu-west-3 HVM (amd64) ami-09bab95ffb9ac684e Launch Stack
HVM (arm64) ami-09782762e830cd464 Launch Stack
me-south-1 HVM (amd64) ami-0ec7fd9fefae8ac6d Launch Stack
HVM (arm64) ami-0616328286090919c Launch Stack
sa-east-1 HVM (amd64) ami-0ee1b76a7d62b61a3 Launch Stack
HVM (arm64) ami-0b65c972a1b99233a Launch Stack
us-east-1 HVM (amd64) ami-02f802c7ef690d9d0 Launch Stack
HVM (arm64) ami-0ade436141204c5ef Launch Stack
us-east-2 HVM (amd64) ami-0a424b4855921a815 Launch Stack
HVM (arm64) ami-06b893618aeba13ac Launch Stack
us-west-1 HVM (amd64) ami-0af482915c672682b Launch Stack
HVM (arm64) ami-050ba15144bacf25e Launch Stack
us-west-2 HVM (amd64) ami-0d645a6aa0309d563 Launch Stack
HVM (arm64) ami-078164a48e09b921c Launch Stack

The Beta channel consists of promoted Alpha releases. The current version is Flatcar Container Linux 2512.1.1.

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-000658491971fe82c Launch Stack
ap-northeast-1 HVM (amd64) ami-00e01a8df940e718a Launch Stack
ap-northeast-2 HVM (amd64) ami-0b45a76a804744e5f Launch Stack
ap-south-1 HVM (amd64) ami-063e4c91ce773c5e7 Launch Stack
ap-southeast-1 HVM (amd64) ami-09b6bdafe9c6a8ae4 Launch Stack
ap-southeast-2 HVM (amd64) ami-021d6c1b47a07455b Launch Stack
ca-central-1 HVM (amd64) ami-0a7a3d3296614d934 Launch Stack
eu-central-1 HVM (amd64) ami-064071c71ebb8a21a Launch Stack
eu-north-1 HVM (amd64) ami-0bcfb1fd3547d849c Launch Stack
eu-west-1 HVM (amd64) ami-096e8bb352dbb0153 Launch Stack
eu-west-2 HVM (amd64) ami-076bb458c68e4cf50 Launch Stack
eu-west-3 HVM (amd64) ami-0a3964dc309ed0e40 Launch Stack
me-south-1 HVM (amd64) ami-057d2c4c84c38e0dd Launch Stack
sa-east-1 HVM (amd64) ami-06a5579f8bb266c8a Launch Stack
us-east-1 HVM (amd64) ami-032b773abf79e64d8 Launch Stack
us-east-2 HVM (amd64) ami-047bc12a0d702bc66 Launch Stack
us-west-1 HVM (amd64) ami-09b8c7336fef3352f Launch Stack
us-west-2 HVM (amd64) ami-081dc2150d614e42c Launch Stack

The Edge channel includes bleeding-edge features with the newest versions of the Linux kernel, systemd and other core packages. Can be highly unstable. The current version is Flatcar Container Linux 2466.99.0.

EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-0029ed2c00b284a95 Launch Stack
HVM (arm64) ami-0cde7033fa6bcee17 Launch Stack
ap-northeast-1 HVM (amd64) ami-03de4455102b2a92e Launch Stack
HVM (arm64) ami-0a9ea66ee2b271587 Launch Stack
ap-northeast-2 HVM (amd64) ami-0fa29269023d95001 Launch Stack
HVM (arm64) ami-074cb3948a34017a0 Launch Stack
ap-south-1 HVM (amd64) ami-0fb46b600f2aca4e1 Launch Stack
HVM (arm64) ami-0ceaed7c9d0f87d45 Launch Stack
ap-southeast-1 HVM (amd64) ami-0a6b32f389401c177 Launch Stack
HVM (arm64) ami-0518d47f3b8b44d5b Launch Stack
ap-southeast-2 HVM (amd64) ami-0412490cf5c6a15d3 Launch Stack
HVM (arm64) ami-041e3a6cbb758958a Launch Stack
ca-central-1 HVM (amd64) ami-076025e2f28c65607 Launch Stack
HVM (arm64) ami-07fdb592799a132cf Launch Stack
eu-central-1 HVM (amd64) ami-009f30f06e90a2962 Launch Stack
HVM (arm64) ami-05fc26d5d73ca1f6b Launch Stack
eu-north-1 HVM (amd64) ami-093a034857b0e19ae Launch Stack
HVM (arm64) ami-0fd671b8a15ca5e0f Launch Stack
eu-west-1 HVM (amd64) ami-0acd84e3d8e79c595 Launch Stack
HVM (arm64) ami-00fca33bcd7f93826 Launch Stack
eu-west-2 HVM (amd64) ami-0a844c6e6ed7e8591 Launch Stack
HVM (arm64) ami-0ff13ff8623ef93f4 Launch Stack
eu-west-3 HVM (amd64) ami-09bb22740c97e5fb0 Launch Stack
HVM (arm64) ami-02b8b9c099f9868f9 Launch Stack
me-south-1 HVM (amd64) ami-066ef9a0660b99958 Launch Stack
HVM (arm64) ami-0d7a8f9f15c1e5234 Launch Stack
sa-east-1 HVM (amd64) ami-0f1401074345667c6 Launch Stack
HVM (arm64) ami-0de4279896aa46920 Launch Stack
us-east-1 HVM (amd64) ami-0157dca117b3d3e5d Launch Stack
HVM (arm64) ami-0422302ecc961671f Launch Stack
us-east-2 HVM (amd64) ami-06f0a4868bcdfd485 Launch Stack
HVM (arm64) ami-0a2b7312228a58f6c Launch Stack
us-west-1 HVM (amd64) ami-081652cd66d10f632 Launch Stack
HVM (arm64) ami-02bd3609d5a2b957a Launch Stack
us-west-2 HVM (amd64) ami-053930c06131d49ad Launch Stack
HVM (arm64) ami-0d8325578a3100869 Launch Stack

The Stable channel should be used by production clusters. Versions of Flatcar Container Linux are battle-tested within the Beta and Alpha channels before being promoted. The current version is Flatcar Container Linux 2512.2.1.

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-0c6ce81b14dab9a88 Launch Stack
ap-northeast-1 HVM (amd64) ami-095f21ed1ce4b1950 Launch Stack
ap-northeast-2 HVM (amd64) ami-0d7eacf9d737bc5db Launch Stack
ap-south-1 HVM (amd64) ami-0af9f9860996f7d6b Launch Stack
ap-southeast-1 HVM (amd64) ami-0170beb17a0899c33 Launch Stack
ap-southeast-2 HVM (amd64) ami-0e9e553ab0b54c8d2 Launch Stack
ca-central-1 HVM (amd64) ami-0b529c1051737b2d9 Launch Stack
eu-central-1 HVM (amd64) ami-0cefde98784480dd3 Launch Stack
eu-north-1 HVM (amd64) ami-0e6370d6bd74415a9 Launch Stack
eu-west-1 HVM (amd64) ami-08738afa3d25a1196 Launch Stack
eu-west-2 HVM (amd64) ami-0c353732dda0c25c4 Launch Stack
eu-west-3 HVM (amd64) ami-07416fa4faa74e021 Launch Stack
me-south-1 HVM (amd64) ami-0762545e56fa8d992 Launch Stack
sa-east-1 HVM (amd64) ami-0584c315c8d17a8a8 Launch Stack
us-east-1 HVM (amd64) ami-01a83a3acf30b4638 Launch Stack
us-east-2 HVM (amd64) ami-083c654d2f0469f9e Launch Stack
us-west-1 HVM (amd64) ami-03efdc564552f8ed5 Launch Stack
us-west-2 HVM (amd64) ami-0bb54692374ac10a7 Launch Stack

AWS China AMIs maintained by Giant Swarm

The following AMIs are not part of the official Flatcar Container Linux release process and may lag behind (query version).

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
cn-northwest-1 HVM (amd64) ami-0c6b8814cc7d11a6f Launch Stack
cn-north-1 HVM (amd64) ami-0b9e98c5bc5c0bb3f Launch Stack

CloudFormation will launch a cluster of Flatcar Container Linux machines with a security and autoscaling group.

Container Linux Configs

Flatcar Container Linux allows you to configure machine parameters, configure networking, launch systemd units on startup, and more via Container Linux Configs. These configs are then transpiled into Ignition configs and given to booting machines. Head over to the docs to learn about the supported features.

You can provide a raw Ignition config to Flatcar Container Linux via the Amazon web console or via the EC2 API.

As an example, this Container Linux Config will configure and start etcd:

etcd:
  # All options get passed as command line flags to etcd.
  # Any information inside curly braces comes from the machine at boot time.

  # multi_region and multi_cloud deployments need to use {PUBLIC_IPV4}
  advertise_client_urls:       "http://{PRIVATE_IPV4}:2379"
  initial_advertise_peer_urls: "http://{PRIVATE_IPV4}:2380"
  # listen on both the official ports and the legacy ports
  # legacy ports can be omitted if your application doesn't depend on them
  listen_client_urls:          "http://0.0.0.0:2379"
  listen_peer_urls:            "http://{PRIVATE_IPV4}:2380"
  # generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
  # specify the initial size of your cluster with ?size=X
  discovery:                   "https://discovery.etcd.io/<token>"

Instance storage

Ephemeral disks and additional EBS volumes attached to instances can be mounted with a .mount unit. Amazon's block storage devices are attached differently depending on the instance type. Here's the Container Linux Config to format and mount the first ephemeral disk, xvdb, on most instance types:

storage:
  filesystems:
    - mount:
        device: /dev/xvdb
        format: ext4
        wipe_filesystem: true

systemd:
  units:
    - name: media-ephemeral.mount
      enable: true
      contents: |
        [Mount]
        What=/dev/xvdb
        Where=/media/ephemeral
        Type=ext4

        [Install]
        RequiredBy=local-fs.target

For more information about mounting storage, Amazon's own documentation is the best source. You can also read about mounting storage on Flatcar Container Linux.

Adding more machines

To add more instances to the cluster, just launch more with the same Container Linux Config, the appropriate security group and the AMI for that region. New instances will join the cluster regardless of region if the security groups are configured correctly.

SSH to your instances

Flatcar Container Linux is set up to be a little more secure than other cloud images. By default, it uses the core user instead of root and doesn't use a password for authentication. You'll need to add an SSH key(s) via the AWS console or add keys/passwords via your Container Linux Config in order to log in.

To connect to an instance after it's created, run:

ssh core@<ip address>

Multiple clusters

If you would like to create multiple clusters you will need to change the "Stack Name". You can find the direct template file on S3.

Manual setup

TL;DR: launch three instances of ami-02f802c7ef690d9d0 (amd64) in us-east-1 with a security group that has open port 22, 2379, 2380, 4001, and 7001 and the same "User Data" of each host. SSH uses the core user and you have etcd and Docker to play with.

Creating the security group

You need open port 2379, 2380, 7001 and 4001 between servers in the etcd cluster. Step by step instructions below.

This step is only needed once

First we need to create a security group to allow Flatcar Container Linux instances to communicate with one another.

  1. Go to the security group page in the EC2 console.
  2. Click "Create Security Group"
    • Name: flatcar-testing
    • Description: Flatcar Container Linux instances
    • VPC: No VPC
    • Click: "Yes, Create"
  3. In the details of the security group, click the Inbound tab
  4. First, create a security group rule for SSH
    • Create a new rule: SSH
    • Source: 0.0.0.0/0
    • Click: "Add Rule"
  5. Add two security group rules for etcd communication
    • Create a new rule: Custom TCP rule
    • Port range: 2379
    • Source: type "flatcar-testing" until your security group auto-completes. Should be something like "sg-8d4feabc"
    • Click: "Add Rule"
    • Repeat this process for port range 2380, 4001 and 7001 as well
  6. Click "Apply Rule Changes"

Launching a test cluster

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-02f802c7ef690d9d0 (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:3
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-032b773abf79e64d8 (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:4
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-01a83a3acf30b4638 (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:5
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

Installation from a VMDK image

One of the possible ways of installation is to import the generated VMDK Flatcar image as a snapshot. The image file will be in https://${CHANNEL}.release.flatcar-linux.net/${ARCH}-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2. Make sure you download the signature (it's available in https://${CHANNEL}.release.flatcar-linux.net/${ARCH}-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2.sig) and check it before proceeding.

$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2
$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2.sig
$ gpg --verify flatcar_production_ami_vmdk_image.vmdk.bz2.sig
gpg: assuming signed data in 'flatcar_production_ami_vmdk_image.vmdk.bz2'
gpg: Signature made Thu 15 Mar 2018 10:27:57 AM CET
gpg:                using RSA key A621F1DA96C93C639506832D603443A1D0FC498C
gpg: Good signature from "Flatcar Buildbot (Official Builds) <buildbot@flatcar-linux.org>" [ultimate]

Then, follow the instructions in Importing a Disk as a Snapshot Using VM Import/Export. You'll need to upload the uncompressed vmdk file to S3.

After the snapshot is imported, you can go to "Snapshots" in the EC2 dashboard, and generate an AMI image from it. To make it work, use /dev/sda2 as the "Root device name" and you probably want to select "Hardware-assisted virtualization" as "Virtualization type".

Using Flatcar Container Linux

Now that you have a machine booted it is time to play around. Check out the Flatcar Container Linux Quickstart guide or dig into more specific topics.