Posted On: Jan 17, 2023

Now customers can use EC2 Image Builder to create custom Amazon Machine Images (AMIs) that are hardened using Center for Internet Security (CIS) Benchmarks. EC2 Image Builder hosts CIS Benchmarks Level 1 for Amazon Linux 2, Red Hat Enterprise Linux (RHEL) 7, Microsoft Windows Server 2019, and Microsoft Windows Server 2022. You no longer have to manage your own custom scripts for CIS Level 1 hardening of images with these operating systems. With this feature, you can also choose to automatically update AMIs to the latest version of the CIS standards as they become available.

To add security hardening, you simply subscribe to the required CIS AMI in the AWS Marketplace from the EC2 Image Builder Console and use that CIS AMI as your base AMI for the image customization process. Your AWS Marketplace AMI subscription for the CIS AMI will unlock access to the CIS hardening components in EC2 Image Builder. You can use these components to security harden your AMIs to the recommended CIS Benchmarks, and can view CloudWatch build logs for the hardening process in EC2 Image Builder.

This feature is available in all AWS Regions, including the AWS GovCloud (US) Regions, but excluding AWS China regions (Beijing, operated by Sinnet), and China (Ningxia, operated by NWCD). Get started on this feature from the EC2 Image Builder Console, CLI, API, CloudFormation, or CDK, and learn more about the service in the EC2 Image Builder documentation. You can find specific information about CIS and compliance features in EC2 Image Builder on the feature documentation page. Also, learn more about upcoming EC2 Image Builder features on our public roadmap.