AWS: Why We Support Sustainable Open Source
At AWS, builders often ask how we support the open source projects and communities that our services are built upon. They want to know because the long-term viability of their business applications also depends on open source projects.
Similarly, many IT leaders make purchase decisions based on their cloud provider’s open source leadership. In short, open source matters to anyone operating in the cloud. We all need to know that the projects we build with, and that our applications run on, will be healthy and sustainable over the long term.
AWS contributes significantly to a large number of projects. Some well-known examples include Apache Airflow, Apache Cassandra, Apache Flink, Apache Hudi, Apache Kafka, Apache Lucene, Containerd, Java, Kubernetes, OpenTelemetry, PostgreSQL, Project Jupyter, Redis and Rust.
It’s equally important to understand why we invest and engage in open source communities. The “why” is what drives our commitment to contributing and explains our strategy and approach to the communities and projects we contribute to.
There are three main reasons we invest so heavily: Open source is important to us, our customers and the world. These are the three pillars of open source at AWS, which we will explain in more depth in this post. But first and foremost, it starts with one important principle that unites them all: sustainable open source.
Sustainability Is Our Guiding Principle
We’re here supporting and contributing to open source communities for the long haul. And we’re going to continue making substantial investments and will increase our investments in open source in coming years.
Sustainable open source projects have the resources necessary to maintain healthy code and healthy communities. Bug fixes happen regularly and quickly to keep code performant and secure. A healthy community attracts a diverse group of contributors who actively make improvements and work openly to make decisions and communicate changes.
Most importantly, the work is spread among multiple maintainers so there isn’t a single point of failure. New contributors are sought and can build expertise and standing in the project to keep the community vibrant and innovative.
Healthy, sustainable communities require ongoing investment in terms of money, time and effort. Our open source investments include employing dedicated developers and maintainers to work on upstream projects, contributing features and bug fixes, and fine-tuning the performance of open source projects to run on the cloud. We also provide money and cloud credits to open source foundations, and sponsor events and other community initiatives.
For example, last May we announced $10 million in funding over three years for the Open Source Security Foundation (OpenSSF). In November we also pledged $3 million in cloud credits and dedicated engineering resources to the Cloud Native Computing Foundation (CNCF) to fund the infrastructure that runs the Kubernetes project.
In December we committed our entire patent portfolio to the Open Invention Network’s body of patents to reduce the risk of patent aggression for companies that innovate with open source.
By investing in open source, we are helping to ensure that the projects we build on, that our customers build on and rely on and that the world depends on, remain secure and reliable for the long term. Let me explain in more detail why each of these three pillars is important to AWS.
Open Source Is Important to AWS
First, open source is important to our business and the builders who work on our tools and services. AWS would not be what it is today without open source. We build and innovate on top of open source for our internal tooling as well as services such as EC2 (built on Linux, Xen and Apache Tomcat), Amazon Sagemaker (using Apache Spark), and AWS Lambda (built on open source language runtimes including Java, Go and Node.js).
We are not unique in this respect; across industries, companies report that between 20% and 85% of their vertical software stacks consist of open source, according to the Linux Foundation’s “2022 Guide to Enterprise Open Source” report.
We also offer managed open source services such as Amazon Relational Database Service (MariaDB, MySQL and PostgreSQL), Amazon Elastic Kubernetes Services (Amazon EKS), Amazon OpenSearch Service and Amazon Managed Service for Kafka (MSK). Managed open source services make it easier for customers to set up and operate open source projects on AWS.
AWS has a long history of benefiting from open source and investing in open source. We believe that open source produces better software faster, and we are proud to participate.
We employ dedicated upstream teams now for the Rust programming language, Jupyter notebooks and Apache Kafka, for example. We have engineers whose sole focus every day is to wake up and improve the open source project and the ecosystem around it.
Even more exciting is that a lot of teams are starting to build up dedicated open source responsibilities so they can spend their working days contributing upstream.
By working closely upstream, contributing bug fixes and participating in technical discussions, our engineers become intimately familiar with the projects we build on. This in turn makes us better engineers, produces better tools and products, and ultimately helps our customers.
AWS Customers Rely on Open Source
Second, open source is important to our customers. The reality is our customers are repeatedly choosing open source to run their workloads, whether that’s open source databases, AI/ML platforms or many other services. That means we also have to invest to make sure that those workloads run incredibly well for our customers.
Bottlerocket is a great example. Built on top of the Linux kernel, it’s a stripped-down container runtime environment. Bottlerocket has memory safety controls through Rust tooling that help minimize the attack surface. We built it first for ourselves, but it was also very useful to our customers, so we released it as open source. Our customers have since used it in innovative ways that we hadn’t envisioned.
The innovation doesn’t have to come from AWS, either. Sometimes the best idea comes from one of our customers, and we work with them to make those improvements. We do so in public, where not only does that customer benefit, but everybody in that environment too.
We deliver improvements to open source projects for folks who are not yet our customers. When we contribute upstream, we’re also doing well by AWS because we’re delivering innovation to our customers and the broader open source community. We want AWS to be the best place for customers to run open source workloads in the cloud.
The World Depends on Open Source
Third, open source is important to the world. We have a responsibility to advocate for not just what’s allowing us to innovate, but what’s core to the continued development of technology and the internet. Open source gives us tremendous opportunity to get involved and leverage some of the strengths and resources of AWS to improve the entire environment in which we’re operating.
Supply chain security is one area of incredible importance where AWS is investing dollars and engineering resources. At AWS, security is job zero. We’ve signaled this level of importance through our commitment to OpenSSF and the number of teams inside AWS security that are focused on securing the open source software supply chain.
Our engineers and researchers are dedicated to figuring out how we can move faster to identify and patch vulnerabilities and build tooling to drive more value not just for ourselves, but for our customers and the rest of the internet.
In many ways, we have traversed so far in cloud computing and open source technologies. And yet, we still see so much opportunity for innovation and contribution. Join us on this journey, wherever it matters most to you.
Our open source teams want to hear from you and we encourage you to get involved in our projects or partner with us to improve the long-term sustainability of the technologies we all build our lives and businesses on.