Amazon Web Services have published a public preview of Bottlerocket a new Linux based distribution that is targeted to running containers on virtual machines or bare metal machines. Bottlerocket includes only the essential software to run containers, which improves resource utilization and reduces the attack surface compared to general-purpose Linux distributions. It supports Docker image and images that conform to the Open Container Initiative (OCI) image format.
Bottlerocket is using two identically setup disk partitions. The file system is primarily read-only and is integrity-checked at boot time. When Bottlerocket ist updated, the currently inactive partition gets the update. Then the partition table is changed to swap the active and inactive partitions. If the boot fails it automatically rolls back to the former partition.
Bottlerocket and related tools can be found on GitHub.