This product is considered a repackaged software product by AWS as this product was created from the vendor's base image.

CIS Amazon EKS-Optimized Amazon Linux 2 Level 2 Hardened Image is a pre-configured image built by the Center for Internet Security (CIS) for use on Amazon Elastic Compute Cloud (Amazon EC2) and optimized for use with Amazon Elastic Container Service for Kubernetes (Amazon EKS). It is built to offer an image secured to industry-recognized security guidance running on Amazon EC2 and to serve as the base, secure image for Amazon EKS worker nodes.

This image of Amazon EKS-Optimized Amazon Linux 2 Level 2 is pre-hardened to CIS Benchmarks guidance and patched monthly. This image is hardened against the corresponding Level 2 profile which is intended for environments or use cases where security is paramount, acts as a defense in depth measure, and may negatively inhibit the utility or performance of the technology. No packages are installed on or removed from this image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.

To demonstrate conformance to the CIS Amazon Linux 2 Level 2 Benchmark, industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT Pro). Each CIS Hardened Image contains the following files:

Base_CIS-CAT_Report.html - this provides a report of CIS-CAT Pro run against the instance before any change is made by CIS (e.g., software updates, CIS hardening)

basevm.txt - this provides a list of the packages resident on the instance prior to any change being made by CIS (e.g., software updates, CIS hardening)

CIS-CAT_Report.html - this provides a report of CIS-CAT Pro run against the instance after the corresponding CIS Benchmark was applied to the image.

Exceptions.txt - this provides a list of recommendations that are not applied because configuration of those recommendations may inhibit use of this image in this CSP, require environment-specific expertise, or hinder integration of this image with CSP services or extensions.

afterhardening.txt - this provides a list of packages resident on the instance after the corresponding CIS Benchmark was applied to the image.

These reports are located in /home/CIS_Hardened_Reports.

To speak with us about additional pricing options and private offers, please contact us at cloudsecurity@cisecurity.org.

To learn more or access the corresponding CIS Benchmark, please visit CIS Benchmarks™ (https://www.cisecurity.org/cis-benchmarks) or sign up for a free account on our community platform, CIS WorkBench, CIS WorkBench (https://workbench.cisecurity.org/).