EC2 Image Builder
Hardening components from the Center for Internet Security (CIS®) give more options for building a golden image. The components are available as Bash shell scripts for Linux and Group Policy Objects (GPOs) for Windows directly in Elastic Compute Cloud (EC2) Image Builder, a free service which helps AWS customers easily build images and integrate services into the pipeline, following purchase through Amazon Web Services (AWS) Marketplace.
Building a golden image can be challenging. You need time and expertise to spin up a virtual machine (VM) image and add the apps/services you need. So much more so if you're working with dozens of components and configuration templates.
CIS offers a variety of ways to harden your cloud environments in a way that meets the vendor-agnostic security recommendations of the CIS Benchmarks®.
In partnership with AWS, CIS offers a component to harden your image to the CIS Benchmark through EC2 Image Builder. By using the CIS Hardened Component available in the AWS Marketplace, you gain access to remediation scripts in EC2 Image Builder against CIS Benchmarks with a Level 1 configuration profile, secure recommendations which support attack surface reduction without hindering your machines' usability or business functionality.
The CIS hardening components apply the CIS Benchmark Level 1 guidance on a selected source image through the EC2 Image Builder pipeline.
EC2 Image Builder hardening components are available for the following CIS Benchmarks:
- CIS Amazon Linux 2023 Benchmark — Level 1
- CIS Microsoft Windows Server 2022 Benchmark — Level 1