Listing Thumbnail

    Enterprise Ubuntu 24.04 LTS (CIS , PCI-Ready, with Threat Defense Tools)

     Info
    Deployed on AWS
    Free Trial
    Achieve compliance and secure your business critical applications with this Enterprise Ready Ubuntu 24.04 LTS AMI, fully hardened to CIS Level 1 benchmark and architected to be PCI 4.0 DSS Ready. This image goes beyond baseline compliance by including a pre-configured threat detection suite, featuring ClamAV, rkhunter, and AIDE for comprehensive protection. All hardening actions are documented in detailed reports, providing a complete audit trail that can be seamlessly integrated with AWS Security Hub and validated by Amazon Inspector for continuous monitoring.

    Overview

    Open image

    Go beyond the baseline with a production-ready, CIS Level 1 hardened Ubuntu 24.04 LTS AMI, architected for enterprises that demand security, compliance, and provability. While standard hardened images meet the benchmark, this AMI delivers a complete, audit-ready solution out-of-the-box, saving your security and DevOps teams hundreds of hours in configuration, tool deployment, and audit preparation.

    This is more than a hardened OS; it's a secure foundation designed for your business-critical applications on AWS. We provide a fully automated and transparent hardening process, complete with a comprehensive suite of pre-configured security tools and detailed reports that offer an unparalleled audit trail of all actions taken.

    Key Differentiators: Go Beyond Baseline Hardening

    Built-in Threat Defense Suite: Unlike other images, this AMI includes a pre-configured suite of industry-standard security tools, providing active threat detection from the moment you launch. This includes ClamAV for anti-malware, rkhunter and chkrootkit for rootkit scanning, and AIDE for file integrity monitoring (a key requirement for PCI 4.0 DSS).

    Unmatched Transparency with Audit-Ready Reporting: Every instance launched from this AMI includes the /home/ubuntu/SiXCraft_Hardened_Reports directory. This folder provides a complete, human-readable audit trail of the hardening process, including pre- and post-hardening package lists, a detailed log of every command executed, and a list of SUID/SGID files for your review drastically simplifying evidence gathering for auditors.

    Ready for Cloud-Native Monitoring: This AMI is built for modern cloud operations. It comes with the AWS Systems Manager and CloudWatch agents pre-configured to seamlessly send your hardening logs and security alerts to AWS Security Hub and can be validated by Amazon Inspector, enabling continuous compliance monitoring in a centralized security dashboard.

    Key Benefits for Your Organization

    Accelerate Compliance & Audits: Achieve a 99% CIS compliance score out-of-the-box and provide auditors with the detailed reports they need, reducing audit preparation time from weeks to minutes. The pre-hardened state and included tools directly support requirements for PCI 4.0 DSS, HIPAA, SOC 2, and other major frameworks.

    Reduce Your Attack Surface: The combination of CIS Level 1 hardening and the integrated Threat Defense Suite actively protects your instances from common vulnerabilities, malware, and unauthorized changes, minimizing your security risk.

    Faster, More Secure Deployments: Launch secure, production-ready servers in minutes. By providing a pre-configured, fully tested foundation, you empower your development teams to build and deploy applications faster without compromising on security.

    Improve Operational Efficiency: Eliminate hundreds of hours of manual hardening and security tool configuration. This AMI provides a consistent, automated, and verifiable security baseline across all your environments, from development to production.

    Included Reports and Files

    To demonstrate full transparency and assist with your compliance documentation, each AMI includes the following files in /home/ubuntu/SiXCraft_Hardened_Reports:

    1. basevm.txt & basevm-snaps.txt: A complete list of all packages and snaps present on the base OS before hardening.

    2. afterhardening.txt & afterhardening-snaps.txt: A complete list of packages and snaps after the hardening script has been applied.

    3. main.log: A detailed, time-stamped log of every action and command executed by the hardening script.

    4. summary_report.txt: A high-level summary of the hardening process, including the final compliance score.

    5. suid_sgid_review_list.txt: A generated list of executables with special permissions for your manual review and justification.

    6. Exceptions.txt: A template for you to document any necessary exceptions for your specific environment.

    Highlights

    • Go Beyond Compliance with an Audit-Ready Foundation: This AMI is hardened to 99% CIS Level 1 compliance and includes detailed, pre-generated reports, providing a complete audit trail of all hardening actions to drastically simplify your PCI 4.0 DSS, HIPAA, and SOC 2 evidence gathering.
    • Integrated Threat Defense Suite Included: Move beyond a simple hardened OS with a built-in, pre-configured security suite, including ClamAV (anti-malware), rkhunter (rootkit detection), and AIDE (file integrity monitoring), for active threat detection from the moment you launch.
    • Built for Secure Cloud Operations: This enterprise-ready image is designed for modern cloud environments, featuring pre-configured agents to seamlessly integrate with AWS Security Hub and Amazon Inspector for continuous, centralized compliance monitoring.

    Details

    Delivery method

    Delivery option
    Enterprise Ubuntu 24.04 LTS (with Threat Defense Tools)- Cloudformation
    64-bit (Arm) Amazon Machine Image (AMI)

    Latest version

    Operating system
    Ubuntu 24.04

    Deployed on AWS

    Unlock automation with AI agent solutions

    Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
    AI Agents

    Features and programs

    Financing for AWS Marketplace purchases

    AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
    Financing for AWS Marketplace purchases

    Pricing

    Free trial

    Try this product free for 31 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.

    Enterprise Ubuntu 24.04 LTS (CIS , PCI-Ready, with Threat Defense Tools)

     Info
    Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time.
    Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator  to estimate your infrastructure costs.

    Usage costs (276)

     Info
    • ...
    Dimension
    Cost/hour
    t4g.medium
    Recommended
    $0.02
    m6g.4xlarge
    $0.16
    c8gn.medium
    $0.02
    c6gn.8xlarge
    $0.16
    m8g.medium
    $0.02
    c6gn.large
    $0.04
    r8gd.metal-24xl
    $0.64
    c6gd.16xlarge
    $0.32
    m7g.medium
    $0.02
    m7g.4xlarge
    $0.16

    Vendor refund policy

    Your satisfaction is our priority. This refund policy applies only to the software fees for our AMI; we do not offer refunds for AWS infrastructure costs. All refund requests are reviewed on a case-by-case basis. To request a refund, please contact our support team with your AWS Account ID and a detailed description of the issue.

    Contact: info@sixcraft.co 

    How can we make this page better?

    We'd like to hear your feedback and ideas on how to improve this page.
    We'd like to hear your feedback and ideas on how to improve this page.

    Legal

    Vendor terms and conditions

    Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

    Content disclaimer

    Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

    Usage information

     Info

    Delivery details

    64-bit (Arm) Amazon Machine Image (AMI)

    Amazon Machine Image (AMI)

    An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.

    Version release notes

    Version: v2025.08.26 Release Date: August 26, 2025

    Initial Release: The Audit Ready, Enterprise Secure Ubuntu 24.04 LTS

    This is the inaugural release of the Enterprise Secure Ubuntu 24.04 LTS by Six Craft Group. This Amazon Machine Image (AMI) is designed from the ground up to provide a secure, compliant, and production ready foundation for business critical applications on AWS.

    This version focuses on three core principles: deep security hardening, unparalleled transparency through reporting, and a builtin suite of threat defense tools to go beyond baseline compliance.

    Key Features & Improvements:

    CIS Level 1 Hardening: The AMI is fully hardened to be 99% compliant with the CIS Ubuntu Linux 24.04 LTS Benchmark. All remediations for partitioning, user accounts, network parameters, and file permissions have been applied. Audit Ready Reporting Suite: Every instance includes the /home/ubuntu/SiXCraft_Hardened_Reports directory, containing a complete audit trail of the hardening process. This includes pre and post hardening package lists, a detailed command log, and a final compliance summary to drastically simplify evidence gathering for PCI 4.0 DSS, HIPAA, and SOC 2 audits. Integrated Threat Defense Suite: This version comes preconfigured with a suite of industry standard security tools for active threat detection: AIDE for File Integrity Monitoring (FIM). ClamAV for anti malware scanning. rkhunter and chkrootkit for rootkit detection. Automated Filesystem Partitioning: All required CIS partitions (/tmp, /var, /var/log, /var/log/audit, /home) are automatically created, formatted, and mounted at launch, ensuring a secure and compliant disk layout. Cloud Native Integration: The AMI is built for modern cloud operations, with the AWS Systems Manager and CloudWatch agents pre configured to seamlessly send security and compliance logs to your AWS environment for centralized monitoring.

    Known Issues & Important Notes:

    The hardening process generates a list of remaining SUID/SGID executables that are necessary for system operation (e.g., sudo, passwd). As per CIS guidelines, it is recommended that you review this list (located in the reports directory) and formally document your acceptance in the provided Exceptions.txt file.

    Additional details

    Usage instructions

    Usage Instructions

    This delivery option makes it easy to deploy a hardened Ubuntu 24.04 LTS instance using AWS CloudFormation. After subscribing, select the CloudFormation template delivery option, choose your region, and launch the stack directly from the AWS Console.

    When prompted, provide a few key parameters:

    Instance Name & Type -Tag your server and choose an ARM64 type such as t4g.medium, m6g.large, or c6g.large.

    Key Pair - Select an existing EC2 key pair for SSH access.

    Networking - Choose the VPC, subnets, and security groups for deployment. Security groups must allow SSH (22) from the trusted CIDR you provide.

    Notification Email - Enter the email address where Inspector findings will be sent (confirmation required).

    Volumes - Adjust disk sizes for /, /tmp, /var, /var/log, /var/log/audit, and /home.

    Once launched, CloudFormation provisions the hardened EC2 instance, IAM role, Inspector integration, and SNS alerts automatically. Connect via SSH with your key pair and review audit reports in /home/ubuntu/SiXCraft_Hardened_Reports, which include compliance summaries and exceptions documentation.

    Amazon Inspector is pre-integrated for continuous scans, and CloudWatch + Systems Manager are enabled for secure monitoring and management. Within minutes, you will have a CIS-hardened, PCI-ready Ubuntu environment running securely in your AWS account.

    Support

    Vendor support

    AWS infrastructure support

    AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.

    Similar products

    Customer reviews

    Ratings and reviews

     Info
    5
    1 ratings
    5 star
    4 star
    3 star
    2 star
    1 star
    100%
    0%
    0%
    0%
    0%
    1 AWS reviews
    reviewer2752956

    Transforms multi-week server setups into secure, minutes-long deployments with peace of mind

    Reviewed on Aug 27, 2025
    Review from a verified AWS customer

    What is our primary use case?

    Our primary use case is rapidly deploying a secure and compliant foundation for our business-critical applications, especially those that need to adhere to PCI/DSS standards. This product is an absolute game changer. What used to take our security and DevOps teams weeks of manual hardening, scripting, and validation is now accomplished in minutes with a single click.

    The environment deploys perfectly hardened to CIS benchmarks, and the integrated threat defense tools provide immediate peace of mind. This is not just a hardened AMI; it is a complete, production-ready solution that has saved us countless engineering hours. I highly recommend it for any organization that takes security seriously.

    How has it helped my organization?

    This product has fundamentally improved our organization's security posture and agility. Before, deploying a compliant, production-ready server was a multi-week bottleneck that consumed hundreds of hours from our senior security and DevOps engineers. Now, with this turnkey CloudFormation  template, we deploy a fully hardened, PCI-ready environment in minutes. This has slashed our application time to market and, more importantly, freed our security team to focus on application-level threats instead of repetitive, manual OS hardening. It is one of the best investments we have made in our cloud infrastructure.

    What is most valuable?

    The two most valuable features for us are the one-click CloudFormation  deployment and the pre-configured threat defense suite. The CloudFormation template is brilliant; it has saved our team hundreds of hours, turning a complex, multi-week hardening process into a reliable, minutes-long deployment. The real peace of mind comes from the integrated tools such as ClamAV and rkhunter, which provide active threat detection out of the box. It is this combination of effortless, compliant deployment and proactive, built-in security that makes this an essential part of our cloud infrastructure.

    What needs improvement?

    Looking ahead, the feature I would be most excited for in a future release would be a variant of this AMI specifically hardened and optimized for EKS worker nodes. Being able to extend this same level of turnkey CIS compliance and threat detection to our containerized workloads would be a massive win. Additionally, deeper integration with services such as AWS  Security Lake would be fantastic for centralizing logs.

    For how long have I used the solution?

    I have used this solution for 1 year.

    Which solution did I use previously and why did I switch?

    We previously used the standard, unhardened Ubuntu  LTS AMIs directly from Canonical. While they are a great starting point, the reason we switched is simple: time and confidence. Our old workflow involved a multi-week security hardening process for every new project. Our DevOps and security teams would spend countless hours manually implementing CIS controls, running validation scripts, and documenting everything for our PCI audits.

    It was a massive operational bottleneck. We switched to this product because it turns that entire weeks-long process into a 10-minute, one-click deployment. We now get a fully hardened, audit-ready environment out of the box. This has not only accelerated our project timelines but has also given us much greater confidence in our security posture from day one.

    What's my experience with pricing, setup cost, and licensing?

    The pricing can be improved.

    Which other solutions did I evaluate?

    We did not evaluate other alternative solutions.

    What other advice do I have?

    I have no additional advice to offer.

    Which deployment model are you using for this solution?

    Public Cloud

    If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

    View all reviews