EC2 Image Builder

The CIS Hardened Images are virtual machine (VM) images that are pre-hardened to the vendor-agnostic security recommendations of the CIS Benchmarks. Your organization has unique security requirements in every cloud service it uses, including the Amazon Web Services (AWS) Cloud.

By using select CIS Hardened Images available in the AWS Marketplace, you gain access to remediation scripts against Level 1 CIS Benchmarks in Amazon Elastic Compute Cloud (EC2) Image Builder.

The CIS hardening components apply the CIS Benchmarks Level 1 guidance on CIS Hardened Images through the EC2 Image Builder pipeline. While the CIS Hardened Images are secured to the CIS Benchmarks guidance out-of-the-box, these CIS hardening components allow you to reapply the CIS Benchmarks Level 1 guidance at the end of the pipeline.

EC2 Image Builder is available for the following CIS Benchmarks:

  • CIS Amazon Linux 2 Level 1 Benchmark
  • CIS Microsoft Windows Server 2019 Level 1 Benchmark
  • CIS Microsoft Windows Server 2022 Level 1 Benchmark
  • CIS Red Hat Enterprise Linux 7 Level 1 Benchmark

 

Get Started

Building a golden image can be challenging. You start with a CIS Hardened Image that's configured to the Level 1 security recommendations of the corresponding CIS Benchmark. But when you add agents, services, and/or configuration changes that you need to meet your organization's needs, you change the state of the image. You don't know if it still conforms to the Level 1 guidelines of the CIS Benchmark, so you need a way of reapplying those security settings.

CIS hardening components help you do this by giving you more options for building a golden image. Available as Bash shell scripts for Linux and Group Policy Objects (GPOs) for Windows, our components are available directly in EC2 Image Builder, a free service which helps AWS customers easily build images and integrate services into the pipeline.

Overview

Building a golden image can be challenging. You start with a CIS Hardened Image that's configured to the Level 1 security recommendations of the corresponding CIS Benchmark. But when you add agents, services, and/or configuration changes that you need to meet your organization's needs, you change the state of the image. You don't know if it still conforms to the Level 1 guidelines of the CIS Benchmark, so you need a way of reapplying those security settings.

CIS hardening components help you do this by giving you more options for building a golden image. Available as Bash shell scripts for Linux and Group Policy Objects (GPOs) for Windows, our components are available directly in EC2 Image Builder, a free service which helps AWS customers easily build images and integrate services into the pipeline.

Benefits

You can enjoy multiple benefits by using our CIS hardening components.

Cloud Native

With our components, you can take a CIS Hardened Image, send it through EC2 Image Builder, add agents, services, and/or configuration changes as you normally would, and ensure your image conforms to Level 1 of the corresponding CIS Benchmark at the end of your pipeline.

Automation

No manual effort here! Our hardening components automate the process of applying CIS security best practices to AWS workloads, thus saving you time and money. Read our blog to learn more.

Operations

By using our components in EC2 Image Builder, you're able to leverage the broader AWS ecosystem for optimizing everything you're doing in the cloud.

Security

CIS hardening components deliver more features that are tailored for cloud services, which simplifies the effort you need to invest in upholding your cloud security.

How to Access

Here's how to get started with our hardening components:

  1. Start with a supported CIS Hardened Image from AWS Marketplace as your base image.
  2. Use EC2 Image Builder to customize the CIS Hardened Image, such as by adding applications like build environments, business productivity tools, and databases that you need.
  3. Execute the CIS hardening component in EC2 Image Builder so that your image once again conforms to the CIS Benchmark Level 1 profile for that OS.
  4. Run the golden image through the test phase in EC2 Image Builder so that you can confirm it meets your criteria.
  5. After a successful test, use the golden image across your organization.

EC2 Image Builder

Harden across your environments

Our CIS Benchmarks take the guesswork out of hardening your operating systems regardless of whether they're on-premises or in the cloud.

Learn More

Secure configurations ready for the cloud

Pre-configured to the CIS Benchmarks, our CIS Hardened Images spare you from manually hardening your systems. We also patch our Hardened Images regularly so you don't have to.

Explore more benefits

Simplify security in the AWS Cloud

Our CIS Hardened Images for the AWS Cloud save you time and money when securing your AWS-based assets.

Spin one up now

Want more information?

Additional information about the CIS hardening components in EC2 Image Builder is available in our blog post.

Read it now