Python Script for Staying Secure with the Latest CIS AMIs
You already know that CIS Hardened Images help you save time and money on hardware purchasing, software licensing, and maintenance. CIS has now made it easy for you to verify that you’re using the latest released Amazon Machine Image (AMI) for a particular CIS Benchmark.
Why Hardened Images are Updated
The CIS AMIs on AWS are updated for a number of reasons including updates to the corresponding CIS Benchmark, release of security patches, and bug fixes. CIS takes cybersecurity seriously and makes these updates so the images used by your organization are hardened to the most recent security standards.
A version number is assigned to each revision of the CIS Hardened Image. It corresponds with the related CIS Benchmark and indicates minor updates.
Python Script to Discover Latest AMI
CIS has created a proof-of-concept Python script that uses the AWS API to discover the latest CIS AMI offered in the AWS Marketplace for a named benchmark. If you’re using CIS AMIs, we encourage you to use either this script or something like it, so you can be assured you're always using the latest released AMI for that particular benchmark line.
This is a proof-of-concept. Please contact CIA via our support portal to express interest in future enhancements or share your feedback. With enough interest, CIS will consider creating a GitHub repository for future enhancements.