Sold by: Center for Internet Security
Deployed on AWS
AWS Free Tier
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
4.4
Overview
The CIS Hardened Image Level 1 on Rocky Linux 9 is a pre-configured image built by the Center for Internet Security (CIS®) for use on Amazon Elastic Compute Cloud (Amazon EC2). It is a pre-configured, security-hardened image that aligns with the robust security recommendations, the CIS Benchmarks, making it easier for organizations to meet regulatory requirements.
Not only is this image pre-hardened to the CIS Benchmarks guidance, but it is also patched monthly in alignment with the updates from the software vendor.
Key Benefits
This image is hardened against the corresponding Level 1 profile which is intended to be practical and prudent, provide a clear security benefit, and not inhibit the utility of the technology beyond acceptable means. No packages are installed on or removed from this image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.
To demonstrate conformance to the CIS Rocky Linux 9 Level 1 Benchmark, industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT® Pro). Each CIS Hardened Image contains the following files:
These reports are located in /home/CIS_Hardened_Reports.
For customized pricing options or private offers, reach out to us at cloudsecurity@cisecurity.org .
To learn more or access the corresponding CIS Benchmark, please visit https://www.cisecurity.org/cis-benchmarks or sign up for a free account on our community platform, CIS WorkBench, https://workbench.cisecurity.org/ .
Highlights
- Hardened according to a Level 1 CIS Benchmark that is developed in a consensus-based process and that is accepted by government, business, industry, and academia.
- Helps with compliance to PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, select NIST publications, and more.
- Pre-configured to align with industry best practices that are developed and supported by CIS, this image has hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux 9
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Dimension | Cost/hour |
|---|---|
t3.medium Recommended | $0.022 |
t3.micro | $0.022 |
t2.micro | $0.02 |
c6in.24xlarge | $0.06 |
c5d.4xlarge | $0.035 |
m6a.24xlarge | $0.06 |
c6a.large | $0.022 |
i3en.3xlarge | $0.03 |
t3a.small | $0.022 |
d2.8xlarge | $0.05 |
Vendor refund policy
Refunds through AWS are not available at this time. You will only be billed for actual time of instance use. As with all CIS security products, our aim is always 100 percent customer/member satisfaction.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
NA
Additional details
Usage instructions
Once the instance is running, connect using SSH. Use "rocky" as the username. Immediately apply latest security updates after launching the instance.
Resources
Support
Vendor support
Questions, feedback, and support accessing CIS-developed AMIs is provided by contacting
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Center for Internet Security
By Canonical Group Limited
By Arara Solutions
Top
25
In Compliance and Auditing
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Security Hardening Standard Compliance
Image hardened according to CIS Benchmarks Level 1 profile developed through consensus-based process and accepted by government, business, industry, and academia.
Regulatory Compliance Support
Supports compliance with PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, and select NIST publications.
Pre-configured Security Controls
Includes hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates aligned with industry best practices.
Automated Compliance Verification
Includes CIS Configuration Assessment Tool (CIS-CAT) Pro HTML reports demonstrating conformance to CIS Rocky Linux 9 Level 1 Benchmark with baseline and post-hardening assessment documentation.
Regular Security Updates
Patched monthly in alignment with software vendor updates to maintain alignment with latest security standards.
FIPS Certification
FIPS 140-2 certified kernel and cryptographic modules included out of the box with ongoing security updates
Extended Security Coverage
Security patches available for over 23,000 open source packages in the Ubuntu Universe repository with 10 years of support through Expanded Security Maintenance
Compliance Hardening Profiles
CIS and DISA-STIG hardening profiles accessible through Ubuntu Security Guide tooling for guided compliance configuration
Cryptographic Module Updates
FIPS-certified cryptographic components with continuous security updates maintained throughout the support lifecycle
Long-term Support
10-year security coverage period for the operating system and included packages
Operating System Hardening
Amazon Linux 2 configured with STIG Benchmark High standard for enhanced security posture
Security Standards Compliance
Implementation of Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs) for system hardening
EMR Compatibility
Tested and compatible with Amazon Elastic MapReduce (EMR) for distributed computing workloads
Continuous Security Updates
Access to continuous security updates available through new versions of the image
Multi-Application Support
Suitable for deployment across various applications beyond EMR environments
Standard contract
No
No
Customer reviews
Erivieccio Erivieccio
Consistent servers have reduced maintenance time and support reliable automation for web workloads
Reviewed on Feb 16, 2026
Review from a verified AWS customer
What is our primary use case?
I use Rocky Linux for production web servers. It runs Apache with Moodle , for example. I primarily use Rocky Linux for stable, production-ready services. I also use it for containerized workloads and testing automation scripts. My setup includes custom monitoring and optimized security hardening.
What is most valuable?
Stability, long-term support, and compatibility with Red Hat are the top features. I also value its strong community, its package management, and reliability for production workloads.
Long-term support ensures I can run services securely without frequent major upgrades, saving time and reducing risk. Red Hat compatibility lets me use Red Hat tools, packages, and enterprise features seamlessly. The community is very active and responsive, and back-end management is straightforward with standard tools such as DNF and systemd and automated configuration.
Rocky Linux is lightweight and predictable, making it easy to automate deployments and maintain consistency across multiple servers. Its security updates are reliable, and it integrates well with cloud and container environments.
It has improved stability and uptime for our services, simplified maintenance, and reduced costs by avoiding frequent migrations. It also makes automation and deployment more consistent across environments.
Rocky Linux simplifies maintenance because security patches and updates are predictable and rarely break existing setups, so I spend 30-40% less time on server upkeep. Consistency comes from using the same Rocky Linux base across all environments (dev, test, and prod), so deployments work the first time, reducing rollout issues by approximately 25%.
What needs improvement?
One area for improvement is the ecosystem of pre-built third-party packages. Sometimes, I need to build from source. Additionally, documentation for niche use cases could be more detailed. Otherwise, it is very reliable and stable.
One small thing is that Rocky Linux could offer more official guidance or tools for cloud-native setup and container orchestration. It is mostly community-driven, so having a few official examples would save time.
An improvement could be more built-in tools or official support for automated testing and CI/CD pipelines. It is doable with the community, but official samples would make adoption faster.
For how long have I used the solution?
I have used Rocky Linux for approximately six years.
What do I think about the scalability of the solution?
Rocky Linux scales very well, from small virtual machines to large clusters, because it is lightweight, stable, and compatible with Red Hat tools for automation, containers, and orchestration.
How are customer service and support?
The official Rocky Linux project does not offer paid customer support, but the community support is very active and helpful through forums, docs, and chats. For enterprise needs, I can get support through third-party vendors.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
I used CentOS previously. I chose Rocky Linux because CentOS reached end-of-life, and Rocky Linux provides the same Red Hat compatibility with long-term support, making it a stable and reliable replacement.
How was the initial setup?
I recommend starting with Rocky Linux for any production or test environment where stability matters. Take advantage of its Red Hat compatibility, engage with the community for support, and plan automation and deployment using standard tools such as DNF, systemd, and containers.
What was our ROI?
I have seen a clear ROI. Using Rocky Linux reduced server maintenance time by approximately 30-40%, cut licensing costs compared to paid Linux distributions, and lowered deployment issues by 25%. This translates to both time and money saved without needing extra staff.
What's my experience with pricing, setup cost, and licensing?
Rocky Linux has no direct licensing or subscription cost, which makes it very cost-effective. Setup cost is mostly time for initial configuration, but overall, it is low compared to paid enterprise Linux distributions. The lack of a subscription fee saves money while still giving enterprise-grade stability.
Which other solutions did I evaluate?
I evaluated AlmaLinux , Ubuntu , and Oracle Linux but chose Rocky Linux for its strong community support, Red Hat compatibility, and proven stability in production environments.
What other advice do I have?
I give this review a rating of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
reviewer2775468
Has improved security practices and streamlined server hosting in on-premises environments
Reviewed on Nov 07, 2025
Review provided by PeerSpot
What is our primary use case?
My main use case for Rocky Linux is for the Nutanix environment, where we have a data center and everything is hosted there, including all the services and systems. Rocky Linux is the main OS of the Nutanix, which we use for hosting the servers.
In the Nutanix environment, Rocky Linux makes security hardening easier because we have guidelines to follow for those processes as per their advice.
How has it helped my organization?
My organization has seen positive impacts, particularly in security, as it is more secure and scalable. The commands are quite easy to use in the open-source environment, and scaling up or down is simple. Overall, it is more scalable and security-wise, it is good, and after using many commands, I become familiar with them.
What is most valuable?
The best features Rocky Linux offers, in my experience, are its simplicity, which helps us troubleshoot effectively, along with enhanced security features, security hardening capabilities, and the ability to perform regular patches.
My organization has seen positive impacts, particularly in security, as it is more secure and scalable. The commands are quite easy to use in the open-source environment, and scaling up or down is simple. Overall, it is more scalable and security-wise, it is good, and after using many commands, I become familiar with them.
What needs improvement?
I am not an expert on Rocky Linux, but I do not have anything to say regarding improvements; I think it is doing better.
I chose a rating of eight out of ten because Rocky Linux must grow more; it is not as comparable to Red Hat, which is why I took off those two points.
For how long have I used the solution?
I have been using Rocky Linux for a couple of years.
What do I think about the stability of the solution?
Rocky Linux is stable.
What do I think about the scalability of the solution?
The scalability of Rocky Linux is very good.
How are customer service and support?
We take customer support from Nutanix, and I think Nutanix support users are familiar with Rocky Linux, so I find the customer support to be very good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I am not sure what solution we previously used before Rocky Linux, as I am new to the organization. I think they might have used VMware, but those were not on Rocky Linux, and the licensing cost was likely higher, which is why we changed to Rocky Linux in the Nutanix environment.
How was the initial setup?
Rocky Linux is a product of CentOS, and I have experience using CentOS as well. I think CentOS and Rocky Linux are similar to each other, with almost all of the features being similar.
The pricing, setup cost, and licensing for Rocky Linux are favorable because they come bundled with the Nutanix environment, making the costs and licensing cheaper than the VMware environment, which is why we chose the Nutanix environment.
What was our ROI?
I have seen a return on investment, including money saved and time saved.
What's my experience with pricing, setup cost, and licensing?
The pricing, setup cost, and licensing for Rocky Linux are favorable because they come bundled with the Nutanix environment, making the costs and licensing cheaper than the VMware environment, which is why we chose the Nutanix environment.
Which other solutions did I evaluate?
Before choosing Rocky Linux, I evaluated options based on cost.
What other advice do I have?
My advice to others looking into using Rocky Linux is to go ahead and use it. I give Rocky Linux a rating of eight out of ten.
reviewer2772054
Migration from discontinued systems has gone smoothly and supports reliable hosting for government websites
Reviewed on Oct 28, 2025
Review provided by PeerSpot
What is our primary use case?
My main use case for Rocky Linux is web hosting.
I have used Rocky Linux to host Drupal websites for my employer.
I don't have anything else to add about my use case or how I use Rocky Linux.
What is most valuable?
The best feature Rocky Linux offers is compatibility with Red Hat. This compatibility helps me because packages that aren't specifically available to the Rocky Linux repositories are able to be installed as long as the correct binary for the correct corresponding version of Red Hat and Rocky is selected.
Rocky Linux has positively impacted my organization by allowing us to migrate away from CentOS 7 as a result of the end-of-life for that operating system and then the end of CentOS 8, so we were able to move away from it without losing data and without having to rebuild VMs from scratch. The migration process went smoothly, with the main thing that stood out being the exchanging of repository links and the use of purpose-built scripts by our infrastructure and hosting team that took care of the heavy lifting.
What needs improvement?
I don't have specific suggestions on how Rocky Linux can be improved.
I don't want to add more about the needed improvements, even minor things or little annoyances.
For how long have I used the solution?
I have been using Rocky Linux for a couple of years.
What do I think about the stability of the solution?
In my experience, Rocky Linux is stable.
What do I think about the scalability of the solution?
Rocky Linux's scalability is good; it has handled growth or changing needs well considering that it was able to scale up our high availability environments for our web hosting services.
How are customer service and support?
I haven't needed to reach out for help regarding customer support for Rocky Linux.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I previously used CentOS, and the reason for the change to Rocky Linux was because of the end-of-life of CentOS 7 and 8 since those distributions were being discontinued and we needed a platform to move to that wasn't going to cost us an arm and a leg for licensing.
What was our ROI?
I have seen a return on investment since there was definitely money saved at the time due to the lack of need for licensing since Rocky is available openly.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing has been that there was no cost associated with licensing for Rocky at the time because it was available openly and freely.
Which other solutions did I evaluate?
Before choosing Rocky Linux, we evaluated one other option, which was AlmaLinux , and we chose to go with Rocky instead.
What other advice do I have?
My advice for others looking into using Rocky Linux is to be sure to look at tutorials on how to get started if they are new users to the Red Hat RPMs or if they are unfamiliar with Linux as a whole.
I think it's been a great operating system to use both professionally and personally, and I've been able to adapt Rocky Linux into my WSL environment on my personal computer running Windows 11 and WSL Rocky.
I found out about the interview through LinkedIn.
On a scale of 1-10, I rate Rocky Linux a 10.
Bakang Khunou
Has reduced privilege escalation and improved patching efficiency through automation
Reviewed on Oct 13, 2025
Review provided by PeerSpot
What is our primary use case?
My main use case for Rocky Linux is the user-friendly commands and being able to work much easier on the RHEL supported flavor as compared to other flavors whereby you have to ask for escalation when you want to install something or change file permissions or anything of that sort.
A specific example of how Rocky Linux has made things easier for me is that it has streamlined processes by not requiring privilege escalation all the time. Once I'm logged in as root, I don't have to escalate using sudo, which makes things much easier, especially since it's not a security risk when proper restrictions are set up in the perimeter with SSH and firewall rules and jump host, making it much smoother.
What is most valuable?
The best features Rocky Linux offers include not having to escalate privileges all the time, and it is binary compatible with RHEL systems, which means long-term support, making it much more predictable when it comes to updates. It also has a strong focus on enterprise workloads.
Binary compatibility and long-term support features have made things simpler because you can easily integrate the two systems with your Red Hat kernel. The long-term predictable updates make it a clear choice because I know that whatever I'm implementing now is guaranteed to receive updates in the long term.
Rocky Linux has positively impacted my organization by making things simpler, especially with not having to escalate privileges all the time using sudo as compared to Ubuntu flavors.
I've experienced less downtime in terms of having to focus on updates, which improves the security posture. Rocky Linux is compatible with automation tools, including Ansible , whereby we can deploy the infrastructure using code. It easily integrates with other containers and automation tools, making it easier to push updates, particularly security updates, and upgrade packages.
What needs improvement?
At the moment, I don't see much improvement that can be made to Rocky Linux. We work in IT and security is the main factor that we focus on, so perhaps more security control rules could be implemented. However, so far, I don't see much room for improvement.
For how long have I used the solution?
I have been using Rocky Linux for three to four years.
What do I think about the stability of the solution?
Rocky Linux is stable.
What do I think about the scalability of the solution?
In terms of scalability, you need to have automation tools.
How are customer service and support?
The customer support for Rocky Linux is good, as it offers long-term support.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
I haven't necessarily switched. I used Ubuntu before, and we still use Ubuntu even in this current company along with Rocky Linux.
How was the initial setup?
It is not difficult to deploy Rocky Linux in my organization which is set up on a private cloud.
What about the implementation team?
I never worked on the implementation or pricing part, but I know that Rocky Linux is free, and I can download it and deploy it in whatever environment I have, whether it be H3C, VMware, or Hyper-V . I am not involved in costs.
What was our ROI?
Regarding return on investment in terms of time saved with automation, I wouldn't know about money saved as I am not in the finance department.
What's my experience with pricing, setup cost, and licensing?
I never worked on the pricing part, but I know that Rocky Linux is free, and I can download it and deploy it in whatever environment I have, whether it be H3C, VMware, or Hyper-V . I am not involved in costs.
Which other solutions did I evaluate?
Before choosing Rocky Linux, I didn't evaluate other options.
What other advice do I have?
My advice to others looking into using Rocky Linux is they should go for it. There isn't much difference compared to other flavors, and it is much closer to RHEL systems, so whatever commands you would use in your Red Hat, you would use in Rocky Linux. I rate Rocky Linux 8 out of 10.
reviewer2764758
Have built a secure server cluster environment and reduced vulnerabilities over time
Reviewed on Oct 11, 2025
Review provided by PeerSpot
What is our primary use case?
For the last two years, I have been using Rocky Linux for our project. I do all the things: installations of Rocky Linux , coding in Rocky Linux, and using Rocky Linux as a platform.
We use Rocky Linux as a base OS for our project, and on top of Rocky Linux OS, we are building our project. We have chosen Rocky Linux because it supports long-term support.
We are using Rocky Linux for one of our projects in CommScope, using it as a base OS, and on top of that, we are installing many RPMs and making it customized. We are adding numerous security patches, as Rocky Linux continuously provides security updates and patches, which is one of the best benefits we are getting. We are also using Rocky Linux for high availability purposes, with approximately 11 to 12 server clusters.
What is most valuable?
We are using Rocky Linux because it has strong security, compatibility with RHEL , and enterprise-grade stability, which is the main reason for choosing Rocky Linux. The plus point is that they regularly provide security updates and patches, which is very helpful to us.
Rocky Linux offers strong security and enterprise-grade stability as its best features. These are the two main advantages compared to others.
Enterprise-grade stability refers to the fact that it uses the RHEL source code, ensuring compatibility, and is suitable for servers, production environments, and critical applications, built to be a reliable, long-term support OS.
In terms of security, we are getting regular security patches and updates, which is one of the best use cases I've noticed positively impacting Rocky Linux in my organization.
Day by day, the vulnerabilities are decreasing, and as we have implemented good practices, there is less downtime.
What needs improvement?
Currently, I have nothing to say about how Rocky Linux can be improved.
The rolling update for Rocky Linux is very limited and focused on stability, so the software may not always be the latest version, which is something they need to improve.
For how long have I used the solution?
I have been working in my current field for the last two years and eight months.
What do I think about the stability of the solution?
Rocky Linux is stable.
Regarding scalability, Rocky Linux is a very good OS, and we haven't faced any issues currently.
How are customer service and support?
Currently, the customer support for Rocky Linux is not fully developed and is in a growing stage; the customer support is also not very responsive.
How would you rate customer service and support?
Which solution did I use previously and why did I switch?
Previously, we were using CentOS , which reached its end of life, prompting us to switch to Rocky Linux because we found it is an LTS with stability and long-term support.
What's my experience with pricing, setup cost, and licensing?
The pricing for Rocky Linux has no major difference compared to enterprise-level software, which is similar to enterprise-level Linux, so there isn't much difference and it's a good experience with both the older and newer versions compared to CentOS and Rocky Linux.
Which other solutions did I evaluate?
We checked some enterprise-level OSs such as Debian before choosing Rocky Linux, but we found we were more inclined toward Rocky Linux as it gives LTS support and stability, so we moved to Rocky Linux.
What other advice do I have?
If you are looking for a long-term support OS, an LTS, then I recommend choosing Rocky Linux, as they are releasing many patches and updates regarding security.
Rocky Linux is best for someone who wants good scalability, enterprise-grade stability, substantial community engagement, compatibility with RHEL, and strong security. I also feel there is good documentation with Rocky Linux, along with providing long-term support, which makes it better to choose Rocky Linux.
On a scale of one to ten, I rate Rocky Linux a nine out of ten.