Running Flatcar Container Linux on EC2

The current AMIs for all Flatcar Container Linux channels and EC2 regions are listed below and updated frequently. Using CloudFormation is the easiest way to launch a cluster, but it is also possible to follow the manual steps at the end of the article. Questions can be directed to the Flatcar Container Linux IRC channel or user mailing list.

Release retention time

After publishing, releases will remain available as public AMIs on AWS for 9 months. AMIs older than 9 months will be un-published in regular garbage collection sweeps. Please note that this will not impact existing AWS instances that use those releases. However, deploying new instances (e.g. in autoscaling groups pinned to a specific AMI) will not be possible after the AMI was un-published.

Choosing a channel

Flatcar Container Linux is designed to be updated automatically with different schedules per channel. You can disable this feature, although we don't recommend it. Read the release notes for specific features and bug fixes.

The Alpha channel closely tracks master and is released frequently. The newest versions of system libraries and utilities will be available for testing. The current version is Flatcar Container Linux 2632.0.0.

View as json feed: amd64 arm64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-03f4611389cae4e6e Launch Stack
HVM (arm64) ami-0d6611b502c246a82 Launch Stack
ap-northeast-1 HVM (amd64) ami-06c651c5bd672f48d Launch Stack
HVM (arm64) ami-0ec434e0a90f02705 Launch Stack
ap-northeast-2 HVM (amd64) ami-0c8a914d3e3b1bf19 Launch Stack
HVM (arm64) ami-03aa132a77f818eb0 Launch Stack
ap-south-1 HVM (amd64) ami-06a8bf4ace00723bd Launch Stack
HVM (arm64) ami-0a076e9413e47da00 Launch Stack
ap-southeast-1 HVM (amd64) ami-035d9bce7fad8cce2 Launch Stack
HVM (arm64) ami-0fde64ca4e5f23ea6 Launch Stack
ap-southeast-2 HVM (amd64) ami-0827b5b6057188ff3 Launch Stack
HVM (arm64) ami-05f224a1004640b5c Launch Stack
ca-central-1 HVM (amd64) ami-084d51eb1b5cab1b8 Launch Stack
HVM (arm64) ami-0e67d9523e8ffefc7 Launch Stack
eu-central-1 HVM (amd64) ami-0c3c4771cd25d6a26 Launch Stack
HVM (arm64) ami-0c1794a8aea20c5e8 Launch Stack
eu-north-1 HVM (amd64) ami-01a3fae0e736700ef Launch Stack
HVM (arm64) ami-0191146a4896bfa76 Launch Stack
eu-west-1 HVM (amd64) ami-08810dbc93938717a Launch Stack
HVM (arm64) ami-02223cedd60bcd0ce Launch Stack
eu-west-2 HVM (amd64) ami-048dcfa05755b15a9 Launch Stack
HVM (arm64) ami-0cdf5096679953c57 Launch Stack
eu-west-3 HVM (amd64) ami-08c1d635cea3c51d1 Launch Stack
HVM (arm64) ami-0b86d790683468bc9 Launch Stack
me-south-1 HVM (amd64) ami-04fb25c1e628b10ad Launch Stack
HVM (arm64) ami-0901b0aa63f1d4e86 Launch Stack
sa-east-1 HVM (amd64) ami-08e2de9da9141d798 Launch Stack
HVM (arm64) ami-0edd7cf2da106fce0 Launch Stack
us-east-1 HVM (amd64) ami-068646faf102a2e8e Launch Stack
HVM (arm64) ami-03bb43bfbf63478c8 Launch Stack
us-east-2 HVM (amd64) ami-0c08e55d35a27ec19 Launch Stack
HVM (arm64) ami-0e02cea8f33a758cf Launch Stack
us-west-1 HVM (amd64) ami-08b09460749ef7540 Launch Stack
HVM (arm64) ami-022191399fd6d77f4 Launch Stack
us-west-2 HVM (amd64) ami-0f787d3e2d5b8bdd6 Launch Stack
HVM (arm64) ami-034f03d80228f6a27 Launch Stack

The Beta channel consists of promoted Alpha releases. The current version is Flatcar Container Linux 2605.4.0.

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-0b016be9cdd7aa7d2 Launch Stack
ap-northeast-1 HVM (amd64) ami-0c87887c7d7754eef Launch Stack
ap-northeast-2 HVM (amd64) ami-01f1a1e0fffa580a1 Launch Stack
ap-south-1 HVM (amd64) ami-0eaf0d384bfa38c69 Launch Stack
ap-southeast-1 HVM (amd64) ami-01445365442aedc1c Launch Stack
ap-southeast-2 HVM (amd64) ami-0ebfc008d39529416 Launch Stack
ca-central-1 HVM (amd64) ami-0861498d92f1dd4a6 Launch Stack
eu-central-1 HVM (amd64) ami-055e4ea559c4ba8c5 Launch Stack
eu-north-1 HVM (amd64) ami-0038e129c10148b85 Launch Stack
eu-west-1 HVM (amd64) ami-03a0268b620e81108 Launch Stack
eu-west-2 HVM (amd64) ami-090d9a70cd0c2a1f3 Launch Stack
eu-west-3 HVM (amd64) ami-0b45f05b336ac428e Launch Stack
me-south-1 HVM (amd64) ami-0cd5d2cfc5e805627 Launch Stack
sa-east-1 HVM (amd64) ami-0c801ba6a56a4eff0 Launch Stack
us-east-1 HVM (amd64) ami-0cd3172c14021f531 Launch Stack
us-east-2 HVM (amd64) ami-0f4d64c76dcc32a79 Launch Stack
us-west-1 HVM (amd64) ami-0791a35a5149dfbc8 Launch Stack
us-west-2 HVM (amd64) ami-0e037b320858b81e9 Launch Stack

The Edge channel includes bleeding-edge features with the newest versions of the Linux kernel, systemd and other core packages. Can be highly unstable. The current version is Flatcar Container Linux 2466.99.0.

EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-0029ed2c00b284a95 Launch Stack
HVM (arm64) ami-0cde7033fa6bcee17 Launch Stack
ap-northeast-1 HVM (amd64) ami-03de4455102b2a92e Launch Stack
HVM (arm64) ami-0a9ea66ee2b271587 Launch Stack
ap-northeast-2 HVM (amd64) ami-0fa29269023d95001 Launch Stack
HVM (arm64) ami-074cb3948a34017a0 Launch Stack
ap-south-1 HVM (amd64) ami-0fb46b600f2aca4e1 Launch Stack
HVM (arm64) ami-0ceaed7c9d0f87d45 Launch Stack
ap-southeast-1 HVM (amd64) ami-0a6b32f389401c177 Launch Stack
HVM (arm64) ami-0518d47f3b8b44d5b Launch Stack
ap-southeast-2 HVM (amd64) ami-0412490cf5c6a15d3 Launch Stack
HVM (arm64) ami-041e3a6cbb758958a Launch Stack
ca-central-1 HVM (amd64) ami-076025e2f28c65607 Launch Stack
HVM (arm64) ami-07fdb592799a132cf Launch Stack
eu-central-1 HVM (amd64) ami-009f30f06e90a2962 Launch Stack
HVM (arm64) ami-05fc26d5d73ca1f6b Launch Stack
eu-north-1 HVM (amd64) ami-093a034857b0e19ae Launch Stack
HVM (arm64) ami-0fd671b8a15ca5e0f Launch Stack
eu-west-1 HVM (amd64) ami-0acd84e3d8e79c595 Launch Stack
HVM (arm64) ami-00fca33bcd7f93826 Launch Stack
eu-west-2 HVM (amd64) ami-0a844c6e6ed7e8591 Launch Stack
HVM (arm64) ami-0ff13ff8623ef93f4 Launch Stack
eu-west-3 HVM (amd64) ami-09bb22740c97e5fb0 Launch Stack
HVM (arm64) ami-02b8b9c099f9868f9 Launch Stack
me-south-1 HVM (amd64) ami-066ef9a0660b99958 Launch Stack
HVM (arm64) ami-0d7a8f9f15c1e5234 Launch Stack
sa-east-1 HVM (amd64) ami-0f1401074345667c6 Launch Stack
HVM (arm64) ami-0de4279896aa46920 Launch Stack
us-east-1 HVM (amd64) ami-0157dca117b3d3e5d Launch Stack
HVM (arm64) ami-0422302ecc961671f Launch Stack
us-east-2 HVM (amd64) ami-06f0a4868bcdfd485 Launch Stack
HVM (arm64) ami-0a2b7312228a58f6c Launch Stack
us-west-1 HVM (amd64) ami-081652cd66d10f632 Launch Stack
HVM (arm64) ami-02bd3609d5a2b957a Launch Stack
us-west-2 HVM (amd64) ami-053930c06131d49ad Launch Stack
HVM (arm64) ami-0d8325578a3100869 Launch Stack

The Stable channel should be used by production clusters. Versions of Flatcar Container Linux are battle-tested within the Beta and Alpha channels before being promoted. The current version is Flatcar Container Linux 2605.5.0.

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
ap-east-1 HVM (amd64) ami-000be1df42017285f Launch Stack
ap-northeast-1 HVM (amd64) ami-0b83e79fd7638154e Launch Stack
ap-northeast-2 HVM (amd64) ami-084bc95aae5b82d3a Launch Stack
ap-south-1 HVM (amd64) ami-0878be91eefcd6b76 Launch Stack
ap-southeast-1 HVM (amd64) ami-0240e92312205a70d Launch Stack
ap-southeast-2 HVM (amd64) ami-077bb3348ba9ceb5f Launch Stack
ca-central-1 HVM (amd64) ami-02f2b90b06ce8e310 Launch Stack
eu-central-1 HVM (amd64) ami-0a4c856d96d3012a5 Launch Stack
eu-north-1 HVM (amd64) ami-0b940dde54096dac8 Launch Stack
eu-west-1 HVM (amd64) ami-0ef157ace1e313660 Launch Stack
eu-west-2 HVM (amd64) ami-0d3168673d7448bbb Launch Stack
eu-west-3 HVM (amd64) ami-031a50d66c880e870 Launch Stack
me-south-1 HVM (amd64) ami-07a4a1cf5913f7364 Launch Stack
sa-east-1 HVM (amd64) ami-000fd50b6bb4162fe Launch Stack
us-east-1 HVM (amd64) ami-0b0b90473c097c55a Launch Stack
us-east-2 HVM (amd64) ami-0af8a4497a35daeab Launch Stack
us-west-1 HVM (amd64) ami-01cd2d1d7d6f8ba8f Launch Stack
us-west-2 HVM (amd64) ami-025490fa95dba89ff Launch Stack

AWS China AMIs maintained by Giant Swarm

The following AMIs are not part of the official Flatcar Container Linux release process and may lag behind (query version).

View as json feed: amd64
EC2 Region AMI Type AMI ID CloudFormation
cn-northwest-1 HVM (amd64) ami-0cacf0b65d427baa3 Launch Stack
cn-north-1 HVM (amd64) ami-04a4240b897b2e912 Launch Stack

CloudFormation will launch a cluster of Flatcar Container Linux machines with a security and autoscaling group.

Container Linux Configs

Flatcar Container Linux allows you to configure machine parameters, configure networking, launch systemd units on startup, and more via Container Linux Configs. These configs are then transpiled into Ignition configs and given to booting machines. Head over to the docs to learn about the supported features.

You can provide a raw Ignition config to Flatcar Container Linux via the Amazon web console or via the EC2 API.

As an example, this Container Linux Config will configure and start etcd:

etcd:
  # All options get passed as command line flags to etcd.
  # Any information inside curly braces comes from the machine at boot time.

  # multi_region and multi_cloud deployments need to use {PUBLIC_IPV4}
  advertise_client_urls:       "http://{PRIVATE_IPV4}:2379"
  initial_advertise_peer_urls: "http://{PRIVATE_IPV4}:2380"
  # listen on both the official ports and the legacy ports
  # legacy ports can be omitted if your application doesn't depend on them
  listen_client_urls:          "http://0.0.0.0:2379"
  listen_peer_urls:            "http://{PRIVATE_IPV4}:2380"
  # generate a new token for each unique cluster from https://discovery.etcd.io/new?size=3
  # specify the initial size of your cluster with ?size=X
  discovery:                   "https://discovery.etcd.io/<token>"

Instance storage

Ephemeral disks and additional EBS volumes attached to instances can be mounted with a .mount unit. Amazon's block storage devices are attached differently depending on the instance type. Here's the Container Linux Config to format and mount the first ephemeral disk, xvdb, on most instance types:

storage:
  filesystems:
    - mount:
        device: /dev/xvdb
        format: ext4
        wipe_filesystem: true

systemd:
  units:
    - name: media-ephemeral.mount
      enable: true
      contents: |
        [Mount]
        What=/dev/xvdb
        Where=/media/ephemeral
        Type=ext4

        [Install]
        RequiredBy=local-fs.target

For more information about mounting storage, Amazon's own documentation is the best source. You can also read about mounting storage on Flatcar Container Linux.

Adding more machines

To add more instances to the cluster, just launch more with the same Container Linux Config, the appropriate security group and the AMI for that region. New instances will join the cluster regardless of region if the security groups are configured correctly.

SSH to your instances

Flatcar Container Linux is set up to be a little more secure than other cloud images. By default, it uses the core user instead of root and doesn't use a password for authentication. You'll need to add an SSH key(s) via the AWS console or add keys/passwords via your Container Linux Config in order to log in.

To connect to an instance after it's created, run:

ssh core@<ip address>

Multiple clusters

If you would like to create multiple clusters you will need to change the "Stack Name". You can find the direct template file on S3.

Manual setup

TL;DR: launch three instances of ami-068646faf102a2e8e (amd64) in us-east-1 with a security group that has open port 22, 2379, 2380, 4001, and 7001 and the same "User Data" of each host. SSH uses the core user and you have etcd and Docker to play with.

Creating the security group

You need open port 2379, 2380, 7001 and 4001 between servers in the etcd cluster. Step by step instructions below.

This step is only needed once

First we need to create a security group to allow Flatcar Container Linux instances to communicate with one another.

  1. Go to the security group page in the EC2 console.
  2. Click "Create Security Group"
    • Name: flatcar-testing
    • Description: Flatcar Container Linux instances
    • VPC: No VPC
    • Click: "Yes, Create"
  3. In the details of the security group, click the Inbound tab
  4. First, create a security group rule for SSH
    • Create a new rule: SSH
    • Source: 0.0.0.0/0
    • Click: "Add Rule"
  5. Add two security group rules for etcd communication
    • Create a new rule: Custom TCP rule
    • Port range: 2379
    • Source: type "flatcar-testing" until your security group auto-completes. Should be something like "sg-8d4feabc"
    • Click: "Add Rule"
    • Repeat this process for port range 2380, 4001 and 7001 as well
  6. Click "Apply Rule Changes"

Launching a test cluster

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-068646faf102a2e8e (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:3
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-0cd3172c14021f531 (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:4
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

We will be launching three instances, with a few parameters in the User Data, and selecting our security group.

  1. Open the quick launch wizard to boot ami-0b0b90473c097c55a (amd64).
  2. On the second page of the wizard, launch 3 servers to test our clustering
    • Number of instances: 3
    • Click "Continue"
  3. Next, we need to specify a discovery URL, which contains a unique token that allows us to find other hosts in our cluster. If you're launching your first machine, generate one at https://discovery.etcd.io/new?size=3, configure the `?size=` to your initial cluster size and add it to the metadata. You should re-use this key for each machine in the cluster.
  4. Use ct to convert the following configuration into an Ignition config, and back in the EC2 dashboard, paste it into the "User Data" field. wzxhzdk:5
    • Paste configuration into "User Data"
    • "Continue"
  5. Storage Configuration
    • "Continue"
  6. Tags
    • "Continue"
  7. Create Key Pair
    • Choose a key of your choice, it will be added in addition to the one in the gist.
    • "Continue"
  8. Choose one or more of your existing Security Groups
    • "flatcar-testing" as above.
    • "Continue"
  9. Launch!

Installation from a VMDK image

One of the possible ways of installation is to import the generated VMDK Flatcar image as a snapshot. The image file will be in https://${CHANNEL}.release.flatcar-linux.net/${ARCH}-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2. Make sure you download the signature (it's available in https://${CHANNEL}.release.flatcar-linux.net/${ARCH}-usr/${VERSION}/flatcar_production_ami_vmdk_image.vmdk.bz2.sig) and check it before proceeding.

$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2
$ wget https://alpha.release.flatcar-linux.net/amd64-usr/current/flatcar_production_ami_vmdk_image.vmdk.bz2.sig
$ gpg --verify flatcar_production_ami_vmdk_image.vmdk.bz2.sig
gpg: assuming signed data in 'flatcar_production_ami_vmdk_image.vmdk.bz2'
gpg: Signature made Thu 15 Mar 2018 10:27:57 AM CET
gpg:                using RSA key A621F1DA96C93C639506832D603443A1D0FC498C
gpg: Good signature from "Flatcar Buildbot (Official Builds) <buildbot@flatcar-linux.org>" [ultimate]

Then, follow the instructions in Importing a Disk as a Snapshot Using VM Import/Export. You'll need to upload the uncompressed vmdk file to S3.

After the snapshot is imported, you can go to "Snapshots" in the EC2 dashboard, and generate an AMI image from it. To make it work, use /dev/sda2 as the "Root device name" and you probably want to select "Hardware-assisted virtualization" as "Virtualization type".

Using Flatcar Container Linux

Now that you have a machine booted it is time to play around. Check out the Flatcar Container Linux Quickstart guide or dig into more specific topics.