CIS Hardened Image Level 1 on Amazon Linux 2023

In my day-to-day work, the main use cases for Amazon Linux  involve a wide variety of tasks with a common theme of optimization for Amazon Cloud. Since recently updating my project, I have been using it for automation to monitor CPU utilizations and hosting backend services including REST APIs and web applications on EC2  instances, running production microservices that integrate with services including Amazon ECS  and AWS Lambda , and as the defaulting operating system for EC2  instances in a SaaS platform. Additionally, I use Amazon Linux  as base images for Dockerfile, node groups for Amazon EKS  Kubernetes  clusters, and powering CI/CD pipelines acting as Jenkins  agents or building servers, using it with infrastructure as code to spin up consistent environments for development, staging, and production.

The most valuable use case involving my work is the scripting that runs automatically via cron, which is a time-based scheduler on Amazon Linux EC2 instances. The script accomplishes mainly two groups: resource dashboarding and proactive monitoring. In resource dashboarding, I utilize the command line interface, specifically AWS  CLI, to list all running resources including EC2 instances, S3  buckets, Lambda functions, and configurations to implement in the daily dashboard sent to management. Additionally, I check logs and help prevent unexpected storage issues, and these are the activities I have been using in my daily work.

In my organization, Amazon Linux is deployed using a multi-cloud hybrid approach, supporting all four environments we have mentioned. Public cloud is the most common deployment, where I use Amazon Linux directly on Amazon EC2 to scale from small web servers to massive machine learning clusters. I also deploy it on private premises for added security.

I primarily use AWS  for my Amazon Linux deployments.

In my experience, the best features Amazon Linux offers are the resource dashboarding and proactive monitoring systems that I have been utilizing in day-to-day work. Most cases are centered around using a Linux base image for containerizing applications, particularly in production on ECS or by deploying on ECS, and I am deploying my servers in EKS. Currently, I also manage automation scripting and container-based images to find EC2 instances and what servers are running in the background as part of my day-to-day activities using Amazon Linux.

Since using Amazon Linux, I have noticed a positive impact on my organization as it has become an industry standard for AWS native development. The benefits include much better resource isolation and more accurate monitoring for memory, CPU, and input-output. It makes running Docker  or Kubernetes  yield more predictable container performance with fewer out-of-memory kills that are hard to diagnose. Using Amazon Linux smooths the application running on Docker  and Kubernetes, making it very efficient for deploying applications on cloud platforms including Amazon, Azure , and GCP.

I see definite areas where Amazon Linux could improve because it is not a one-size-fits-all solution. The single biggest pain point for long-time users is the lack of direct in-place upgrades from Amazon Linux to AL2, as moving to a new version requires launching new instances and manually migrating applications instead of simply running a command similar to some DNF system update. A migration tool that could handle the heavy lifting and configurations would save thousands of engineering hours. I have noticed that since 2023 does not support EPEL directly, AWS has introduced supplementary packages for Amazon Linux, which has been an adjustment.

I chose eight out of ten because, while there are many positives, some issues arise at the end of the line for Amazon Linux. I have faced some challenges when deploying clusters in AWS, particularly with some recent updates that have changed since version twenty-three, leading me to believe there is room for improvement.

Amazon Linux is stable and more flexible, allowing easy scalability at no cost. It is designed by the same engineers who created the underlying hardware, EC2, as well as the orchestration services, ECS and EKS, effectively removing many traditional bottlenecks associated with scaling large fleets.

In terms of container scalability, I find it to have deterministic reliability, no broken scale-outs, and it boosts speed and safety in container orchestrations with dynamic scaling. It provides resource control and consistency, contributing to Amazon Linux's reputation for stability.

The customer support for Amazon Linux is good, as they quickly guide me through issues whenever I contact them, resolving problems within a short time.

Before switching to Amazon Linux two thousand twenty-three, I typically used Amazon Linux two, Ubuntu , CentOS , and Red Hat. The end of life for those older distributions was a primary reason for switching, as security updates for Amazon Linux are ending in June two thousand twenty-six. Amazon Linux two thousand twenty-three provides modern features such as cgroup v2 and systemd-timers that older versions lack, and while Ubuntu  is good for development, it is not tuned for AWS hardware out of the box. Amazon Linux two thousand twenty-three offers better performance under Graviton  chips and significantly faster operations.

My experience with pricing, setup costs, and licensing for Amazon Linux is very straightforward and completely free. I simply select it from the quick start tab when launching an EC2 instance with no additional cost or complex licensing terms to manage. The operating system is free, and I only pay for infrastructure, such as approximately zero cost for a T3 small instance, where the EC2 instances charge about zero point zero two one per hour.

I see that return on investment is usually measured in efficiency gains rather than in a simple monetary form. Since the operating system itself is free and by using Amazon Linux two thousand twenty-three, many organizations have been qualifying this transaction through a mix of cloud-based operations.

Since switching to Amazon Linux, I have seen improvements clearly shown in infrastructure metrics. Some wins commonly seen after switching, particularly when moving from general-purpose distributions such as Ubuntu, include approximately twenty to forty percent better price-performance ratio. The outcomes combine massive savings of over one million in under a year by migrating workloads to Graviton-based instances running Amazon Linux, as AL two thousand twenty-three is optimized for ARM at the compiler level, allowing applications to run more effectively and function on smaller instances. I have also noted faster deployments, including a forty to sixty percent reduction in AMI size, significantly faster boot times, and a boost in faster auto-scaling to reduce cold start latencies, with zero downtime regarding patching for critical vulnerabilities.

I evaluated several options, including Ubuntu and CentOS . As previously mentioned, Ubuntu is great for development but not optimized for AWS, and CentOS's move to a streamed model is less stable for production. Many organizations moved to Amazon Linux for a more flexible long-term support cycle.

The biggest advantage I find in using Amazon Linux is the ability to determine updates throughout the version repositories. In older versions, I ran a yum update, but now I can pin different packages based on commands I run. This advantage allows me to test updates in a staging environment and be one hundred percent certain that the exact same packages will be applied in production, eliminating issues where something worked on one machine or worked yesterday. It is also beneficial as it boosts faster boot times, supports Amazon Graviton  ARM processors, and optimizes the operating system for those processors. Moreover, it efficiently uses fewer resources including CPU and RAM, allowing my applications to run on smaller, cheaper instance types with secure by default configurations.

I recommend Amazon Linux for its free use, stable performance, faster control, and scalability, making it suitable for everyone.

To clarify, I did not purchase Amazon Linux through the AWS Marketplace  because it is directly provided by AWS at no additional cost, so a purchase or subscription is not required. Unlike many other enterprise Linux distributions, such as Red Hat Enterprise Linux  that require a paid subscription, Amazon Linux is offered by AWS as a free operating system for use on EC2 instances. There is no need to visit the marketplace to buy it.

Overall, I would rate Amazon Linux at an eight out of ten.

Hybrid Cloud

Amazon Web Services (AWS)

My main use case for Amazon Linux  is cloud-optimized application hosting. I use it as a standard OS for Amazon EC2  instances to run web servers, container hosts, and microservices. Because it is tuned for AWS  infrastructure, it is provided at low latency and best performance. During peak traffic, our system automatically launches new EC2  instances running Amazon Linux . These instances come pre-baked with AWS  CLI and security tools, which allows them to integrate with our S3  buckets and RDS  database immediately.

The best features Amazon Linux offers include remote sharing features such as AWS Systems Manager  Session Manager. This allows our remote DevOps team to share secure terminal access to an instance via the browser, which eliminates the need for us to manage SSH keys or open port 22. This makes it much easier and safer for remote collaboration and troubleshooting.

Amazon Linux has significantly improved our security and deployment speed. By using an OS that is secure by default and pre-integrated with AWS tools, our team spends less time on basic configuration and more time on high-value application development. Around 75% of our time has been reduced since the basic hardening concepts are reduced. We do not need to apply all the hardenings to the new VMs that we are creating. By default, the image provided by Amazon has hardening applied, so our 75% of time has been reduced and has been allocated to application development purposes.

Amazon Linux could be improved by providing more third-party software packages. They could expand the repositories for many cutting-edge development tools that are not included in the core release yet. I feel Amazon Linux offers the best balance of modern features and security. Making sure about the kernel live patching is a great game changer that it is already offering. So there is still room for improvement.

I have been using Amazon Linux for about three years as our primary operating system for hosting production workloads and cloud-native applications on AWS.

Amazon Linux is extremely stable. AWS provides long-term support for versions such as Amazon Linux 2, and the newer Amazon Linux 2023 is designed with a predictable release cycle. Since it is purpose-built for the cloud, it lacks the bloat of traditional desktop-focused distributions, which leads to fewer crashes and higher uptime.

Amazon Linux is built for hyperscale because it is highly optimized for the AWS Nitro System and lightweight in nature. We can launch hundreds of instances in an auto-scaling group. It scales effortlessly from the smallest nano instance to high-performance computing clusters.

The customer support for Amazon Linux is providing great help. All the requirements that we give to them are met immediately with their assistance, and they are doing a great job.

We previously used CentOS . We switched to Amazon Linux because we wanted an OS with a more predictable lifecycle and tighter integration with AWS support. Moving to a distribution that is officially maintained by Amazon gave us better peace of mind regarding long-term security patches and performance tuning.

The experience with Amazon Linux pricing, setup cost, and licensing was seamless. The standard Amazon Linux image is provided for free by AWS. We have used the AWS Marketplace  to deploy the CIS hardened versions of Amazon Linux. The licensing is straightforward and billing is consolidated directly into our AWS account, which makes the procurement very easy.

I purchased Amazon Linux through the AWS Marketplace .

The ROI with Amazon Linux is high because there are zero licensing fees. By switching the compute fleet from a paid distribution to Amazon Linux, we have reduced our OS-related overhead cost by 100%. Additionally, optimized performance has allowed us to run the same workloads on slightly smaller instance types, saving us roughly 10% on monthly compute spend.

Before choosing Amazon Linux, CentOS  was the major solution we considered, but we finally  ended up choosing Amazon Linux.

My advice for others looking into using Amazon Linux is to embrace Amazon Linux 2023 for all new projects. It offers the best balance of modern features and security. The live kernel patching is a great feature that Amazon Linux offers for people who are going to use the system securely without having a scheduled maintenance window for reboots.

Amazon Linux is truly a performance-first choice for anyone operating in the cloud. It turns the operating system from a management burden into a strategic advantage, providing a high-security environment without the premium price tag of other enterprise Linux distributions. I would rate this product a 9 out of 10.

Public Cloud

Amazon Web Services (AWS)

Amazon Linux  is used for hosting back-end applications created in Node.js, databases, and DevOps purposes. Microservices, such as Docker  services, are deployed on Amazon Linux .

Amazon Linux is used with EC2 , the AWS  EC2  service, which is the primary service for deploying back-end services. A microservice architecture is implemented using EC2 instances for deploying particular services in Amazon.

Amazon Linux is also used for RDBMS  and SQL databases deployed in Amazon for database purposes.

Amazon S3  bucket is used for storing resumes of candidates because the application is a hiring platform, requiring resume file storage for retrieval and pre-signed URL generation. Whenever resumes need to be stored, an S3  bucket is used. CloudWatch is used to monitor the changes occurring during application deployment in EC2 instances.

Amazon Linux offers multiple services such as EC2, S3 bucket, EKS, and CloudWatch, which are valuable for application requirements.

A specific example of how Amazon Linux has positively impacted the organization involves storing images and resumes with quick and faster retrieval. Although other options were checked, S3 was the quickest option because it provided 99.9% availability and very reliable performance. Resumes are stored in an S3 bucket in the respective file, and pre-signed URLs are fetched and stored in the SQL database tables. Whenever a resume is needed, the S3 URL is used directly to fetch the resume.

Amazon Linux and S3 services, including live trail functionality, provide better visibility of changes being deployed to particular services. When a service is deployed, the ability to check if it is failing and at what point it is failing is crucial. After deployment, live trails can be checked and logs put in the code can be viewed in the live trail. The EC2 instance is very effective because it can be scaled according to application needs. With currently over 10,000 users, scalability becomes important if growth reaches over 1 lakh users. Amazon Linux provides very good scalability.

Amazon Linux could be improved in the user interface part, as it is quite complicated for new users. Compared to Ubuntu  or CentOS , Amazon Linux has a smaller community, resulting in fewer available tutorials. Additionally, there is less flexibility outside of AWS  services. Amazon Linux is best optimized for AWS but is not ideal for local development or multi-cloud environments.

Amazon Linux has been used for two years throughout my career.

Amazon Linux is quite stable and very reliable for the type of application in use.

Amazon Linux is very scalable. The organization has grown from 10,000 users to 1 lakh users, and the service provided is very reliable and highly scalable.

Customer support is great, though it has not been needed because the service is working quite well and has not required customer support assistance.

Previously, Linux on Amazon or Ubuntu  was used, but Ubuntu was not very beginner-friendly and the setup was more difficult. Amazon Linux was chosen due to its advantages over Ubuntu.

Deployment is faster and visibility is achieved very quickly, making it more reliable overall.

Amazon Linux setup is somewhat challenging initially, but once familiarity with the system is gained, it works very well for applications. For full-stack web-based applications or mobile applications, Amazon Linux provides very good support for back-end and front-end deployments and the entire CI/CD process. The service can be utilized directly without extensive preliminary work.

Amazon Linux is deployed independently; since it runs on AWS infrastructure, separate deployment is not necessary as it is publicly available.

Pricing is very good. The setup could be more beginner-friendly, and regarding licensing, there is limited knowledge, but it is free to use. Payment is only required for the EC2 instance and for data transfer or storage. Setup on AWS EC2 is very quick, typically within minutes, making it cost-effective and easy to deploy.

No other options have been searched for or considered except for Amazon Linux.

Amazon Linux and S3 services, including live trail functionality, provide better visibility of changes being deployed to particular services. When a service is deployed, the ability to check if it is failing and at what point it is failing is important. After deployment, live trails can be checked and logs put in the code can be viewed in the live trail. The EC2 instance is very effective because it can be scaled according to application needs. With currently over 10,000 users, scalability becomes significant if growth reaches over 1 lakh users. Amazon Linux is highly scalable and very reliable, making it an excellent choice overall. This review has been rated 9 out of 10.

Public Cloud

Amazon Web Services (AWS)

My main use case for Amazon Linux  is to host my company's applications, internal applications, and automations.

For example, I host my own application called IriusRisk on Amazon Linux . I also deploy internal applications such as GoCD , which is a CI/CD solution, and I deploy agents that report information to my SIEM .

The best features Amazon Linux offers include how easy it is to deploy; I can launch a new EC2  instance from an AWS  Amazon Linux image, and it helps significantly with maintenance since I do not have to maintain the image itself as it is already provided by AWS .

The easy deployment and managed images have helped my team by making it completely transparent for my engineers; we do not need to generate the images, we do not have to maintain the packages, and we only have to consume Amazon Linux images to always get the latest version.

Amazon Linux has positively impacted my organization by providing a great solution for hosting all of my applications, and it has helped my team focus only on the development of my applications since we do not have to worry about maintaining any base image.

Specific outcomes that show how Amazon Linux has helped my team include fewer issues since we do not have to worry about my own images or keep track of package versioning, which already comes within AWS Amazon Linux and translates into more performance since the images are already built; I cannot provide a metric since we have already used this image, and we have never had to build my own images.

Amazon Linux can be improved by providing security updates more frequently.

I have been using Amazon Linux for eight years.

Amazon Linux is stable.

The scalability of Amazon Linux is really good since I can consume it every time I need.

I have never had to use customer support for Amazon Linux, but I have used AWS customer support service, and it is really helpful with a very short response time.

Positive

I did not previously use a different solution.

I do not have any specific ROI metrics since I have always used Amazon Linux for deploying my products, but I know that I have some other images that I build myself, and I know that building them, maintaining them, and deploying them is much less effective than deploying an Amazon Linux image because I have to maintain them and keep an eye on the packages used to ensure they are up to date and do not have any security issues.

My experience with pricing, setup cost, and licensing is that it is very easy and straightforward; I just fill a form and my instance is already running if using the image, and as for the pricing, it is included within the AWS cloud usage, so no extra fees are added by Amazon Linux.

Before choosing Amazon Linux, I did not evaluate other options.

I would rate Amazon Linux a 10 out of 10.

I chose a 10 because it helps speed up deployments, it is really scalable, and it saves me a lot of headaches.

I do not purchase Amazon Linux through the AWS Marketplace ; I use AWS Amazon Linux from within the EC2  application and do not have to buy it in the marketplace.

My advice to others looking into using Amazon Linux is to use it, and you will find new use cases for it; it will help you significantly in shipping faster.

My overall review rating for Amazon Linux is 10.

Public Cloud

Amazon Web Services (AWS)