EC2 Image Builder
The CIS Hardened Images are virtual machine (VM) images that are pre-hardened to the vendor-agnostic security recommendations of the CIS Benchmarks. Your organization has unique security requirements in every cloud service it uses, including the Amazon Web Services (AWS) Cloud.
By using select CIS Hardened Images available in the AWS Marketplace, you gain access to remediation scripts against Level 1 CIS Benchmarks in Amazon Elastic Compute Cloud (EC2) Image Builder.
The CIS hardening components apply the CIS Benchmarks Level 1 guidance on CIS Hardened Images through the EC2 Image Builder pipeline. While the CIS Hardened Images are secured to the CIS Benchmarks guidance out-of-the-box, these CIS hardening components allow you to reapply the CIS Benchmarks Level 1 guidance at the end of the pipeline.
EC2 Image Builder is available for the following CIS Benchmarks:
- CIS Amazon Linux 2 Level 1 Benchmark
- CIS Microsoft Windows Server 2019 Level 1 Benchmark
- CIS Microsoft Windows Server 2022 Level 1 Benchmark
- CIS Red Hat Enterprise Linux 7 Level 1 Benchmark
Building a golden image can be challenging. You start with a CIS Hardened Image that's configured to the Level 1 security recommendations of the corresponding CIS Benchmark. But when you add agents, services, and/or configuration changes that you need to meet your organization's needs, you change the state of the image. You don't know if it still conforms to the Level 1 guidelines of the CIS Benchmark, so you need a way of reapplying those security settings.
CIS hardening components help you do this by giving you more options for building a golden image. Available as Bash shell scripts for Linux and Group Policy Objects (GPOs) for Windows, our components are available directly in EC2 Image Builder, a free service which helps AWS customers easily build images and integrate services into the pipeline.