As our recent blog post mentioned, Ubuntu 20.04 LTS (Focal Fossa) is reaching the end of its standard support period. This means the free version will no longer receive security updates.
For AWS users, you have two options: upgrade to a newer LTS version or upgrade to Ubuntu Pro to expand the security maintenance and keep receiving updates until at least 2030. This post covers both options.
⚠Note: If you are running Ubuntu 20.04 LTS on any AWS service other than EC2, EKS, or ECS, please contact AWS Support for upgrade options.
For more details on the Ubuntu LTS support period and release cadence, visit the Ubuntu lifecycle and release cadence page.
Option 1: Upgrade to a new LTS version.
Ubuntu 22.04 LTS (Jammy Jellyfish) and 24.04 LTS (Noble Numbat) are still within their standard support periods. If you want to upgrade, you have two alternatives:
Deploying into a fresh instance
If you can redeploy your workloads on a new server, you can launch a fresh instance of Ubuntu LTS via the AWS marketplace or AWS CLI and start deploying and testing your application. If you use automation, switching to the new AMI should be sufficient.
Perform an in-place upgrade:
Ubuntu includes an in-place upgrade option using the do-release-upgrade command. This script upgrades your existing installation. However, be aware that applications or packages installed from external repositories (i.e., those not included in Ubuntu’s official repositories such as Main and Universe) will not be upgraded automatically and may need to be reinstalled manually.
Learn more about it in our official documentation page.
⚠Note: There is no rollback option once the upgrade process starts. Since this is a cloud instance rather than a physical machine, our recommended approach for cloud migrations is to start fresh.
Option 2: Get another 5 years of maintenance of 20.04 LTS, and more security updates with Ubuntu Pro
If you need more time to plan your upgrade or want to extend the economic life of a project that does not require an immediate upgrade, Ubuntu Pro is a great solution.
Ubuntu Pro is Canonical’s security and compliance subscription for Ubuntu. It provides the same Ubuntu experience with additional services, including:
- esm-infra: Extends LTS release coverage from 5 to 10 years, ensuring continued security fixes for high and critical Common Vulnerabilities and Exposures (CVEs).
- esm-apps: Covers security patching for over 25,000 third-party open source applications available in the Universe repository. This includes commonly used libraries and toolchains like OpenJDK, Python, Php and others.
- Kernel livepatch: Improve your uptime by applying in-memory security patches to your kernel avoiding unplanned restarts.
- Ubuntu Security Guide: for automated and assisted hardening against industry standards such as CIS or DISA-STIG.
If you want to learn more about Ubuntu Pro and how it differs from Ubuntu LTS, please read the official Ubuntu Pro FAQ here.
Current Ubuntu users have multiple paths to enable Ubuntu Pro in their AWS environment: either by deploying a fresh Ubuntu Pro instance or by performing an in-place upgrade.
Deploying into a fresh Ubuntu Pro instance
If you can redeploy, you can launch fresh instances of Ubuntu Pro and start redeploying and testing without affecting the original instance. If you use automation, simply updating your base AMI ID from Ubuntu 20.04 LTS to the Ubuntu Pro 20.04 AMI will ensure a seamless transition, provided your machine has outbound internet access. Read the Ubuntu Pro network requirements.
You can find the Ubuntu Pro AMI IDs in the AWS Marketplace by searching for “Ubuntu Pro 20.04” or via AWS CLI:
If you are using AWS, the following command will give you the latest AMI ID for Ubuntu Pro 20.04:
aws ssm get-parameters --names /aws/service/canonical/ubuntu/pro-server/20.04/stable/current/amd64/hvm/ebs-gp2/ami-id
Perform an in-place upgrade to Ubuntu Pro:
If redeployment is not an option, you can perform an in-place upgrade by attaching an Ubuntu Pro license. There are two ways to upgrade a running instance to Ubuntu Pro:
1. Using AWS License Manager
AWS License Manager enables you to attach a new license to a running instance. This requires your instance to be managed by AWS Systems Manager (SSM) and based on an official Ubuntu LTS image from AWS.
We have a step-by-step guide here: How to upgrade Ubuntu LTS to Ubuntu Pro on AWS using AWS License Manager or you can follow our demonstration video as here:
2. Using Canonical tokens
If AWS License Manager is not an option, you can obtain an Ubuntu Pro token from Canonical while still transacting via AWS Marketplace. Once you receive a token, attach it to your machine with the following command:
sudo pro attach <MY-UBUNTU-PRO-TOKEN>
To obtain Ubuntu Pro tokens, please complete our contact form or email us at aws@canonical.com.
Additional Resources: