Python Script for Staying Secure with the Latest CIS AMIs

You already know that CIS Hardened Images help you save time and money on hardware purchasing, software licensing, and maintenance. CIS has now made it easy for you to verify that you’re using the latest released Amazon Machine Image (AMI) for a particular CIS Benchmark.

Arrow Download the CIS AMI version Python script

Why Hardened Images are Updated

The CIS AMIs on AWS are updated for a number of reasons including updates to the corresponding CIS Benchmark, release of security patches, and bug fixes. CIS takes cybersecurity seriously and makes these updates so the images used by your organization are hardened to the most recent security standards.

Want to learn more about the hardening process behind the CIS Hardened Images? Check out the recording of our webinar.



Understanding Versioning

A version number is assigned to each revision of the CIS Hardened Image. It corresponds with the related CIS Benchmark and indicates minor updates.

CIS Benchmark version numbering

Python Script to Discover Latest AMI

CIS has created a proof-of-concept Python script that uses the AWS API to discover the latest CIS AMI offered in the AWS Marketplace for a named benchmark. If you’re using CIS AMIs, we encourage you to use either this script or something like it, so you can be assured you’re always using the latest released AMI for that particular benchmark line.

This is a proof-of-concept. Please contact CIA via our support portal to express interest in future enhancements or share your feedback. With enough interest, CIS will consider creating a GitHub repository for future enhancements.

Arrow Download the CIS AMI version Python script