Listing Thumbnail

    Ubuntu 26.04 LTS (ARM) | Support by Clearscale

     Info
    Sold by: ClearScale 
    Deployed on AWS
    A high-performance, production-ready Ubuntu 26.04 LTS ARM64 base image optimized for AWS Graviton. Pre-hardened to CIS Level 1 benchmarks for immediate compliance, stripped of unnecessary packages and fully supported by Clearscale.
    5

    Overview

    This is a hardened, enterprise-ready operating system image optimized for AWS deployments. Built-in security hardening and ongoing lifecycle maintenance are included for an additional charge.

    Leverage the reliability and security of Ubuntu 26.04 LTS, engineered specifically for AWS environments. This Amazon Machine Image (AMI) delivers a highly secure, stable foundation right out of the box, drastically reducing the time required for initial configuration and manual security patching.

    Core Capabilities:

    • Latest Updates: Ubuntu 26.04 LTS deployed with the most recent security updates applied at build time.
    • CIS Hardening: CIS Level 1 Benchmark configurations applied to guarantee a secure baseline.
    • IMDSv2 Enforced: Strictly enforced metadata service to protect against SSRF vulnerabilities.
    • Seamless Management: Native AWS Systems Manager (SSM) Agent pre-installed for streamlined remote management.
    • Clean OS: Zero unnecessary telemetry agents and absolutely no cross-cloud bloatware.
    • Secure Access: SSH heavily hardened, with root login and password authentication entirely disabled.
    • Graviton Optimized: Compiled and tuned specifically to maximize price-performance on AWS ARM64 Graviton processors.

    Operational Advantages:

    • Rapid Deployment: Spin up fully hardened, compliant instances in minutes rather than hours or days.
    • Reduced Overhead: Eliminates the tedious need for manual OS hardening, patching, and agent installation before deploying workloads.
    • Audit-Ready Infrastructure: Pre-configured to align with strict industry security standards, easing the burden of compliance audits and security reviews.

    Use Cases:

    • Enterprise Workloads: The perfect foundation for deploying and managing mission-critical applications or services at scale.
    • Regulated Environments: Highly recommended for industries requiring strict security baselines, such as finance, healthcare, and public sector.
    • Development and Testing: Provides a secure, highly predictable environment for software engineering teams to iterate and stage safely.

    Accelerate your AWS journey with Ubuntu 26.04 LTS and build your cloud strategies on a secure, optimized infrastructure.

    Highlights

    • CIS Hardened by Default: IMDSv2 enforced, UFW firewall enabled with default-deny, root SSH disabled, X11 forwarding off, and MaxAuthTries reduced to 3.
    • Zero Bloat, Operationally Ready: Carefully stripped of legacy packages, stale kernels, and unnecessary packages like snapd to minimize vulnerabilities. Includes the native AWS Systems Manager (SSM) Agent for seamless remote access without a bastion host.
    • Graviton Optimized: Compiled and built specifically to maximize price-performance on AWS ARM64 processors.

    Details

    Delivery method

    Delivery option
    64-bit (Arm) Amazon Machine Image (AMI)

    Latest version

    Operating system
    Ubuntu 26.04

    Deployed on AWS
    New

    Introducing multi-product solutions

    You can now purchase comprehensive solutions tailored to use cases and industries.

    Multi-product solutions

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Ubuntu 26.04 LTS (ARM) | Support by Clearscale

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (347)

     Info
    • ...
    Dimension
    Cost/hour
    t4g.small
    Recommended
    $0.12
    x2gd.8xlarge
    $1.92
    c8gd.16xlarge
    $3.84
    m8gn.16xlarge
    $3.84
    im4gn.large
    $0.12
    m8gb.metal-24xl
    $3.02
    x2gd.large
    $0.12
    m7g.2xlarge
    $0.48
    c8g.16xlarge
    $3.84
    c7gn.4xlarge
    $0.96

    Vendor refund policy

    Usage is billed by AWS on a pay-as-you-go basis by the hour. The Ubuntu 26.04 LTS (ARM) instance can be stopped or terminated at any time to stop incurring additional software charges. Refunds are not available once launched. To completely avoid future costs, ensure you terminate the instance and cancel your AWS Marketplace subscription.

    How can we make this page better?

    Tell us how we can improve this page, or report an issue with this product.
    Tell us how we can improve this page, or report an issue with this product.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (Arm) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    [Release v16JUN26] ClearImages Ubuntu 26.04 LTS preview build (arm64). CIS-aligned hardening via konstruktoid (Apache-2.0). IMDSv2 enforced, SSM and CloudWatch agents pre-installed, unencrypted gp3 root volume. Compliance evidence pending upstream SSG content for Ubuntu 26.04.

    Additional details

    Usage instructions

    1. Launch via AWS Marketplace 1-Click or EC2 console.
    2. Select t4g.small or larger. Ensure your security group allows inbound SSH (port 22) from your IP.
    3. Connect via SSH: ssh -i your-key.pem ubuntu@<public-ip> Or use SSM Session Manager from the EC2 console (no SSH key required).

    Resources

    Support

    Vendor support

    Email support for this AMI is available through the following: https://clearscale.com/clearimages/support  OR clearimages-support@clearscale.com 

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    5
    5 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    100%
    0%
    0%
    0%
    0%
    5 AWS reviews
    Edward

    Hardened cloud baseline has simplified fleet management and has eliminated configuration drift

    Reviewed on Jun 22, 2026
    Review from a verified AWS customer

    What is our primary use case?

    I run a bunch of stateless REST APIs and web apps in AWS  behind an Application Load Balancer. Everything lives in Auto Scaling Groups (ASGs). I use this AMI as the default base for those instances so they can scale up or down during traffic spikes without me worrying about security drift.

    How has it helped my organization?

    It basically stopped configuration drift for me. Before, different development teams would bake their own slightly different AMIs, which was a nightmare for security audits. Now, I have a single, pre-hardened baseline. When ASGs scale out, I know the new instances are already patched and locked down. It's made my deployments way more predictable and saved my platform team a ton of babysitting time.

    What is most valuable?

    The best part is that it's secure the second it boots. Having root SSH disabled, passwords off, and the firewall set to deny-all by default means I don't have to layer on a massive post-launch hardening script. Another huge plus is the pre-installed AWS Systems Manager  (SSM) agent. I manage the whole fleet via Session Manager now, which allowed me to completely tear down my old bastion hosts and stop managing SSH keys. Also, they actually stripped out snapd and a bunch of other bloatware, which keeps the boot times really fast. This is super critical when my autoscaling groups are trying to spin up instances under heavy load.

    What needs improvement?

    It would be cool to have more detailed changelogs with each new release so I can see exactly what packages got updated without having to boot up a test instance and diff it myself.

    For how long have I used the solution?

    I have been running ClearScale Ubuntu Linux  in production for a little over nine months.

    Which solution did I use previously and why did I switch?

    I used to spin up the stock Canonical Ubuntu  AMIs and run a massive bash script during cloud-init to lock them down. It was slow, fragile, and I had to constantly maintain the script as Ubuntu evolved. I switched to this AMI to get that hardening out-of-the-box, which made my scaling workflows much faster and less prone to failures.

    What's my experience with pricing, setup cost, and licensing?

    The hourly premium is honestly negligible compared to the salary hours I was wasting building, patching, and maintaining my own custom images. If you have a decent-sized fleet, look at the total cost of ownership.

    Which other solutions did I evaluate?

    I considered a few routes: sticking with the standard stock AMI and building a Packer pipeline, upgrading to Ubuntu Pro, or maintaining my own custom golden images. I went with ClearScale Ubuntu because I just didn't want the long-term maintenance burden. I wanted a CIS-aligned baseline but didn't want to build or run the pipelines myself.

    What other advice do I have?

    Just make sure you map out your firewall and port requirements beforehand so your load balancer health checks don't fail on day one. Once you get that launch template dialed in, the image is incredibly solid. It's been a very quiet, set-and-forget baseline for my production environment.

    reviewer2858388

    Built-in security has provided peace of mind and same-day support improves daily operations

    Reviewed on Jun 17, 2026
    Review from a verified AWS customer

    What is our primary use case?

    Boilerplate security comes out of the box, reducing the need for manual setup.

    How has it helped my organization?

    Having additional security brings peace of mind.

    What is most valuable?

    The same-day engineering support has been very valuable.

    What needs improvement?

    I have no complaints so far.

    For how long have I used the solution?

    I have been using the solution for one week.

    Which solution did I use previously and why did I switch?

    I have tried out competitor products but switched here because of better support.

    What's my experience with pricing, setup cost, and licensing?

    The setup cost is cheaper than the market average.

    Which other solutions did I evaluate?

    Alternate solutions were considered.

    What other advice do I have?

    NA

    reviewer2855598

    Standardized hardened images have reduced drift and provide secure, fast autoscaling for web APIs

    Reviewed on Jun 16, 2026
    Review from a verified AWS customer

    What is our primary use case?

    I run a fleet of stateless web and API servers behind an Application Load Balancer in an Auto Scaling Group. ClearScale Ubuntu 26.04 LTS  is our standard base image for those instances, serving customer-facing web traffic and internal REST APIs that need to scale out and in throughout the day.

    How has it helped my organization?

    It gave us one consistent, hardened golden image across the whole fleet, which removed the configuration drift we used to see when each team baked its own AMI. New instances join the load balancer already patched and locked down, so scale-out events no longer introduce inconsistent or unhardened nodes. That consistency has made our deployments more predictable and cut down the time we spend reconciling instance state.

    What is most valuable?

    The biggest value is that the security baseline is already in place when the instance boots. With root SSH disabled, password authentication off, and the firewall defaulting to deny, our app servers start in a known-good state without us layering on a hardening step at launch. The pre-installed AWS Systems Manager  agent is also a standout. We manage the entire fleet through Session Manager, so we no longer run a bastion host or distribute SSH keys to the team. The lean build, with snapd and unused packages removed, keeps boot times short, which matters when an Auto Scaling Group is adding nodes under load.

    What needs improvement?

    Because the firewall ships default-deny, the first launch in a new environment takes a little planning to open the exact ports the app and load balancer health checks need. Clearer documentation of the default rules would smooth that out. I'd also like a slimmer variant aimed specifically at stateless app servers, and more detailed per-version release notes so we can see exactly what changed between builds. Built-in observability hooks out of the box would be a nice addition.

    For how long have I used the solution?

    I have been running ClearScale Ubuntu 26.04 LTS  in production for a little over nine months. Our team has used Ubuntu  in general for more than ten years.

    Which solution did I use previously and why did I switch?

    We previously launched the stock Canonical Ubuntu  AMI and ran our own hardening scripts after boot. We switched to ClearScale's Ubuntu image so the hardening is already baked in and maintained for us, which removed a fragile post-launch step from our scaling workflow.

    What's my experience with pricing, setup cost, and licensing?

    The hourly software charge is small relative to the engineering time we used to spend building and maintaining our own hardened AMI. If you run a fleet of any size, look at the total cost of ownership. The saved maintenance and audit-prep time has been worth it for us.

    Which other solutions did I evaluate?

    We looked at staying on the stock Ubuntu AMI with our own automation, Ubuntu Pro, and maintaining an internally built golden image. We chose the ClearScale hardened image because it gave us the CIS-aligned baseline we wanted without us owning the hardening pipeline.

    What other advice do I have?

    Plan your security group and firewall rules before the first launch so health checks and app ports are open from the start, then bake the image into your launch template. After that one-time setup, it has been a quiet, reliable foundation for our autoscaling fleet.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    reviewer2855640

    Cloud-native deployments have become more efficient and support modern DevOps workflows

    Reviewed on Jun 11, 2026
    Review from a verified AWS customer

    What is our primary use case?

    My primary use case is hosting cloud-native applications, web services, APIs, containerized workloads, and development environments running on public cloud infrastructure.

    How has it helped my organization?

    ClearScale Ubuntu 26.04 LTS  has improved our operational efficiency by providing a stable and familiar Linux platform with long-term support.

    The distribution integrates well with modern cloud services and DevOps tooling, allowing our teams to deploy and manage applications more efficiently.

    What is most valuable?

    The long-term support (LTS) lifecycle provides stability and predictable maintenance.

    There are extensive package repositories and software availability.

    It also offers strong cloud platform integration and automation support. Additionally, there is excellent container and Kubernetes  ecosystem compatibility. Frequent security updates and straightforward package management further enhance its value.

    What needs improvement?

    Enterprise management and compliance tooling could be more comprehensive out of the box.

    Some advanced security and monitoring capabilities still require additional configuration or third-party solutions.

    Enhanced built-in observability and monitoring tools are needed. More integrated security compliance reporting, improved cloud cost optimization recommendations, and additional AI-assisted system administration and troubleshooting features would be beneficial.

    For how long have I used the solution?

    I have been using ClearScale Ubuntu 26.04 LTS  for approximately three months across development, testing, and production environments.

    Which solution did I use previously and why did I switch?

    We previously used CentOS-based systems.

    We switched to Ubuntu  LTS because of its predictable release cycle, broad community support, strong cloud ecosystem, and long-term maintenance commitments.

    What's my experience with pricing, setup cost, and licensing?

    Ubuntu  LTS offers strong value due to its combination of enterprise-grade stability and relatively low operational costs.

    Organizations should evaluate support requirements and infrastructure scale when comparing costs against commercial enterprise Linux distributions.

    Which other solutions did I evaluate?

    We evaluated Red Hat Enterprise Linux , Rocky Linux , AlmaLinux , and Debian  before selecting Ubuntu 26.04 LTS.

    What other advice do I have?

    ClearScale Ubuntu 26.04 LTS is an excellent choice for organizations adopting cloud-native technologies and modern DevOps practices.

    Its ease of use, large ecosystem, and long-term support make it suitable for both growing teams and large-scale enterprise deployments.

    reviewer2855598

    CIS hardening has simplified secure container workloads but AppArmor still blocks Docker by default

    Reviewed on Jun 11, 2026
    Review from a verified AWS customer

    What is our primary use case?

    I am using this for running containerized workloads on AWS  EC2 .

    How has it helped my organization?

    The CIS Level 1 hardening out of the box saves significant time. There is no need to run custom hardening scripts after provisioning. AppArmor profiles, kernel sysctl tuning, and restricted unprivileged user namespaces are all pre-configured, which is exactly what compliance-conscious teams need.

    What is most valuable?

    The pre-applied CIS L1 benchmark is the main selling point. Getting a hardened baseline without manual effort is genuinely useful. The Ubuntu  26.04 LTS base also means I'm on a supported, up-to-date kernel with long-term security patches.

    What needs improvement?

    The CIS L1 AppArmor enforcement breaks Docker  out of the box. Containers fail to start with a permission denied on the containerd task directory. There is no documentation about this. A simple note explaining that Docker  users need to either update the runc AppArmor profile or disable it would save a lot of debugging time. It takes a while to trace the failure back to AppArmor blocking runc writes to /run/containerd/.

    For how long have I used the solution?

    I have been using it for 10 days.

    Which solution did I use previously and why did I switch?

    We were using the standard Ubuntu  24.04 LTS AMI from Canonical and handling hardening ourselves through custom scripts and Ansible  playbooks. We switched to this to reduce provisioning overhead and get a consistent, pre-hardened baseline across instances without maintaining our own hardening pipeline.

    What's my experience with pricing, setup cost, and licensing?

    The pricing is reasonable given that you're essentially paying for the hardening work and support rather than just the OS.

    Which other solutions did I evaluate?

    We looked at the CIS-hardened AMIs from AWS  directly and a couple of other Marketplace offerings. We chose this one because of the Clearscale support backing and the Ubuntu LTS base, which fits better with our existing tooling and team familiarity.

    What other advice do I have?

    If you plan to run Docker, be aware that the CIS L1 AppArmor enforcement will block containers from starting out of the box. The runc AppArmor profile restricts writes to the containerd task directory, which causes container creation to fail silently with a permission error. You'll need to either update the runc AppArmor profile to allow the required paths or disable it and apply a Docker-compatible profile. It would be great if the documentation covered this.

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    Amazon Web Services (AWS)
    View all reviews