EC2 Image Builder
The CIS Hardened Images are virtual machine (VM) images that are pre-hardened to the vendor-agnostic security recommendations of the CIS Benchmarks. Your organization has unique security requirements in every cloud service it uses, including the Amazon Web Services (AWS) Cloud.
By using select CIS Hardened Images available in the AWS Marketplace, you gain access to remediation scripts against Level 1 CIS Benchmarks in Amazon Elastic Compute Cloud (EC2) Image Builder.
The CIS hardening components apply the CIS Benchmarks Level 1 guidance on CIS Hardened Images through the EC2 Image Builder pipeline. While the CIS Hardened Images are secured to the CIS Benchmarks guidance out-of-the-box, these CIS hardening components allow you to reapply the CIS Benchmarks Level 1 guidance at the end of the pipeline.
EC2 Image Builder is available for the following CIS Benchmarks:
- CIS Amazon Linux 2 Level 1 Benchmark
- CIS Microsoft Windows Server 2019 Level 1 Benchmark
- CIS Microsoft Windows Server 2022 Level 1 Benchmark
- CIS Red Hat Enterprise Linux 7 Level 1 Benchmark
Building a golden image can be challenging. You start with a CIS Hardened Image that's configured to the Level 1 security recommendations of the corresponding CIS Benchmark. But when you add agents, services, and/or configuration changes that you need to meet your organization's needs, you change the state of the image. You don't know if it still conforms to the Level 1 guidelines of the CIS Benchmark, so you need a way of reapplying those security settings.
CIS hardening components help you do this by giving you more options for building a golden image. Available as Bash shell scripts for Linux and Group Policy Objects (GPOs) for Windows, our components are available directly in EC2 Image Builder, a free service which helps AWS customers easily build images and integrate services into the pipeline.
Building a golden image can be challenging. You start with a CIS Hardened Image that's configured to the Level 1 security recommendations of the corresponding CIS Benchmark. But when you add agents, services, and/or configuration changes that you need to meet your organization's needs, you change the state of the image. You don't know if it still conforms to the Level 1 guidelines of the CIS Benchmark, so you need a way of reapplying those security settings.
CIS hardening components help you do this by giving you more options for building a golden image. Available as Bash shell scripts for Linux and Group Policy Objects (GPOs) for Windows, our components are available directly in EC2 Image Builder, a free service which helps AWS customers easily build images and integrate services into the pipeline.
You can enjoy multiple benefits by using our CIS hardening components.
Cloud Native
With our components, you can take a CIS Hardened Image, send it through EC2 Image Builder, add agents, services, and/or configuration changes as you normally would, and ensure your image conforms to Level 1 of the corresponding CIS Benchmark at the end of your pipeline.
Automation
No manual effort here! Our hardening components automate the process of applying CIS security best practices to AWS workloads, thus saving you time and money.
Operations
By using our components in EC2 Image Builder, you're able to leverage the broader AWS ecosystem for optimizing everything you're doing in the cloud.
Security
CIS hardening components deliver more features that are tailored for cloud services, which simplifies the effort you need to invest in upholding your cloud security.
Here's how to get started with our hardening components:
- Start with a supported CIS Hardened Image from AWS Marketplace as your base image.
- Use EC2 Image Builder to customize the CIS Hardened Image, such as by adding applications like build environments, business productivity tools, and databases that you need.
- Execute the CIS hardening component in EC2 Image Builder so that your image once again conforms to the CIS Benchmark Level 1 profile for that OS.
- Run the golden image through the test phase in EC2 Image Builder so that you can confirm it meets your criteria.
- After a successful test, use the golden image across your organization.