Sold by: Center for Internet Security
Deployed on AWS
AWS Free Tier
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
4.4
Overview
The CIS Hardened STIG Image on Red Hat Enterprise Linux 8 is a pre-configured image built by the Center for Internet Security (CIS®) for use on Amazon Elastic Compute Cloud (Amazon EC2). It is a pre-configured, security-hardened image that aligns with the robust security recommendations, the CIS Benchmarks, making it easier for organizations to meet regulatory requirements. Not only is this image pre-hardened to the CIS Benchmarks guidance, but it is also patched monthly in alignment with the updates from the software vendor. Key Benefits
Highlights
- Hardened according to a Level 2 CIS Benchmark that is developed in a consensus-based process and that is accepted by government, business, industry, and academia.
- Helps with compliance to PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, select NIST publications, and more.
- Pre-configured to align with industry best practices that are developed and supported by CIS, this image has hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
Rhel 8
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Dimension | Cost/hour |
|---|---|
t3.medium Recommended | $0.022 |
t3.micro | $0.022 |
t2.micro | $0.02 |
c3.8xlarge | $0.05 |
g6e.2xlarge | $0.026 |
r7iz.2xlarge | $0.026 |
x2idn.16xlarge | $0.06 |
m3.medium | $0.02 |
m6id.metal | $0.06 |
u-18tb1.metal | $0.06 |
Vendor refund policy
Refunds through AWS are not available at this time. You will only be billed for actual time of instance use. As with all CIS security products, our aim is always 100 percent customer/member satisfaction.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
NA
Additional details
Usage instructions
Once the instance is running, connect using SSH. Use "ec2-user" as the username. Immediately apply latest security updates after launching the instance via the command "yum upgrade".
Resources
Support
Vendor support
Questions, feedback, and support accessing CIS-developed AMIs is provided by contacting
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Center for Internet Security
By Canonical Group Limited
By Arara Solutions
Top
25
In Compliance and Auditing
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Security Hardening
Pre-configured image hardened according to CIS Benchmarks with Level 2 security recommendations
Compliance Configuration
Aligns with industry security standards including PCI DSS, FedRAMP, DoD Cloud Computing SRG, and NIST publications
Configuration Assessment
Includes CIS-CAT Pro reports documenting security configuration before and after hardening process
System Integrity
Implements hardened account policies, local policies, firewall configurations, and administrative templates
Patch Management
Monthly software updates aligned with vendor patch release cycles to maintain security standards
Cryptographic Compliance
FIPS 140-2 certified kernel and cryptographic modules with out-of-the-box compliance
Security Patch Coverage
Comprehensive security updates for over 23,000 open source packages across Ubuntu Universe repository
Compliance Hardening
Integrated hardening profiles from CIS and DISA-STIG security implementation guidelines
Kernel Security
FIPS-certified kernel with ongoing security updates for cryptographic components
Security Tooling
Ubuntu Security Guide (USG) for automated compliance and security configuration management
Security Hardening
"Configured with Security Technical Implementation Guides (STIG) Benchmark High to enhance system security posture"
Operating System Compatibility
"Optimized Amazon Linux 2 distribution configured for compatibility with Amazon Elastic MapReduce (EMR)"
Compliance Standard
"Meets Defense Information System Agency (DISA) configuration standards for system hardening"
Security Configuration
"Implements advanced security settings to improve overall system protection"
Platform Optimization
"Pre-configured Linux image with specialized security and performance configurations"
Standard contract
No
No
Customer reviews
Alfredo Barba
Using robust security and detailed documentation has improved our enterprise operations
Reviewed on Dec 23, 2025
Review from a verified AWS customer
What is our primary use case?
I use Red Hat Enterprise Linux (RHEL) , and we have a couple of customers using OpenShift, the Kubernetes platform based on Red Hat, and also Red Hat Virtualization. My first contact with the Linux platform was with Red Hat.
What is most valuable?
The best features of Red Hat Enterprise Linux (RHEL) are its stability and the RPM, Red Hat Package Manager, which is perfect. They also deliver Satellite, a platform for updates. It is a very robust, excellent platform.
For me, and for every Linux distribution, the most important security feature in Red Hat Enterprise Linux (RHEL) is SELinux. Security is often misunderstood by others. SELinux is very important because it provides security for the kernel. Many people disable SELinux, but it is the most important and most misunderstood feature. People do not understand it. The updates and SELinux are very important to me. SELinux is very good, but it is complex, and I have seen many administrators disable it because instead of helping them, it causes trouble. For example, securing my NGINX configuration is a pain. It is a very good security option, but I would say it is excellent only if one is an expert.
Red Hat Enterprise Linux (RHEL) documentation is very good and very complete. Regardless of my opinion about the IBM acquisition, the documentation is excellent.
What needs improvement?
IBM committed two major mistakes with Red Hat. The first was destroying the CentOS project, which was a fork of Red Hat. The second was limiting the use of free options and restricting hardware to support Red Hat on just some limited hardware. One can use the system for free, but the statement is not entirely true because it is limited to a couple of virtual processors and I do not remember if it was 24 or 16 GB of RAM. If one goes beyond that configuration, one has to pay, and IBM is IBM. Many companies were in trouble because from one day to the next, IBM said they would no longer support CentOS and told them to move to another distribution. People had to migrate, and for that reason, there are Rocky Linux , AlmaLinux , and other Linux distributions that are trying to rise and taking advantage of that situation. Red Hat Enterprise Linux (RHEL) is just for corporate companies with money to waste on licensing.
Red Hat Enterprise Linux (RHEL) is very expensive. In the case of our customers, the couple of customers with OpenShift, they have enough money to license Red Hat. They bundle Red Hat with virtualization and OpenShift packages. However, it is not suitable for an SMB company. It is not payable or affordable. For me, it is very expensive.
For how long have I used the solution?
I use Red Hat Enterprise Linux (RHEL) a lot, though I do not remember the exact frequency.
How are customer service and support?
I have worked with Red Hat support, and it is very good because they have very good engineers. In Latin America, during my time, the support in Spanish was mostly provided by engineers from Argentina. In Colombia, I have worked with a couple of engineers from Colombia, and they were very good. I have not worked with support in English for Red Hat, only in Spanish with those engineers.
How would you rate customer service and support?
Positive
What other advice do I have?
My first Red Hat Enterprise Linux (RHEL) certification, Red Hat Certified Engineer, was for version 6, which was approximately 12 to 15 years ago.
I have tried Red Hat Enterprise Linux (RHEL) Image Builder and System Roles, and it is pretty good.
I would rate the support at an eight out of ten. My overall rating for this product is ten out of ten.
Costica Florea
Hybrid cloud platform has simplified internal banking apps while supporting regulated environments
Reviewed on Dec 11, 2025
Review from a verified AWS customer
What is our primary use case?
The main use cases for Red Hat Enterprise Linux (RHEL) at the bank involve internal applications, as we do a lot of internal applications not exposed to clients.
What is most valuable?
From my perspective, the best features of Red Hat Enterprise Linux (RHEL) lie in its ease of use, especially compared to AIX, which has a lot of functionalities requiring extensive learning. It was easy for me to shift from AIX to Red Hat Enterprise Linux (RHEL).
Red Hat Enterprise Linux (RHEL) helps manage our hybrid cloud environment, but being a bank, we are highly regulated internally, so there is limited direct involvement with the cloud environment in Royal Bank cloud, which is Azure .
What needs improvement?
One area I see for improvement in Red Hat Enterprise Linux (RHEL) is in the documentation. I encountered some scarcity when looking for information regarding structure, commands, and administrative tasks.
For how long have I used the solution?
I have dealt with Red Hat Enterprise Linux (RHEL) for around 10 years, even when it was not part of IBM.
What do I think about the scalability of the solution?
My opinion of Red Hat Enterprise Linux (RHEL)'s scalability is that it was very easy.
How are customer service and support?
I would rate Red Hat's customer service or technical support as a 10, as my experience with all IBM products, including Red Hat Enterprise Linux (RHEL), has been very satisfactory all the time.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup of Red Hat Enterprise Linux (RHEL) is straightforward compared to AIX, which is more convoluted.
What other advice do I have?
I have experience with platforms like Linux, and I am also working deeply with MongoDB and Node.js, tools that I use constantly every single day.
I am familiar with Red Hat Enterprise Linux (RHEL), and here in RBC, we are a big IBM shop, currently using JBoss and Red Hat Enterprise Linux (RHEL) as part of our environment.
Red Hat Enterprise Linux (RHEL) is used for both cloud-based solutions and on-premises.
From a business value perspective, the business folks do not notice much difference between Red Hat Enterprise Linux (RHEL) and other distributions, as long as their application functions well, they are satisfied.
We utilize two cloud providers for Red Hat Enterprise Linux (RHEL) solutions, mainly Azure and also Amazon. I cannot answer how Red Hat Enterprise Linux (RHEL) was purchased, but I know we have it on both Amazon and Azure.
I would rate Red Hat Enterprise Linux (RHEL) a nine, as I find it satisfactory in various aspects.
Juan Barandiaran
Enterprise platform has supported secure consulting services and complex data center operations
Reviewed on Dec 05, 2025
Review from a verified AWS customer
What is our primary use case?
My principal focus in using Red Hat Enterprise Linux (RHEL) currently is as an integrator in Linux, where I have many services in consulting, deployment, installation, and troubleshooting in Linux. I have a recovery system, deployment clusters, databases, and work in any environment in data centers. At this moment, I am a senior consultant in the data center in open source.
What is most valuable?
The best features of Red Hat Enterprise Linux (RHEL) depend on the client because the client can decide to use RHEL, not me. The principal thing is the support for the clients because many clients are corporate and have a need for enterprise support. It's the principal focus and is different from using Ubuntu or Debian or any other Linux.
Other good things about Red Hat Enterprise Linux (RHEL) include the focus on system patching, upgrades, and security. The security advisories and authorization are very strong in Red Hat, and that is the principal focus—security.
I manage Red Hat Enterprise Linux (RHEL) by provisioning patching, new deployments, automation, and anything else needed.
I am satisfied with the management experience of Red Hat Enterprise Linux (RHEL) and find it satisfactory for this purpose.
What needs improvement?
I would rate customer service or tech support with Red Hat Enterprise Linux (RHEL) a seven, no more.
I give it a seven because of the time it takes for responding to problems; it takes too long.
For management, it is medium; it is not easy, it is a medium level.
I see a medium ROI with Red Hat Enterprise Linux (RHEL) because it has a high price. OpenShift may provide better ROI, but OpenShift is very high.
The initial setup of Red Hat Enterprise Linux (RHEL) is complex.
On a scale of one to ten, I rate it a five—medium complex.
A very expensive time is needed for deploying clouds with Red Hat Enterprise Linux (RHEL).
It takes a lot of time.
In many cases, Red Hat Enterprise Linux (RHEL) does not help me save time because the principal problem is that in AWS , Red Hat Linux is not the natural Linux for deployment; the default deployment in Amazon is Amazon Linux , not Red Hat Linux.
In many cases, it does not depend on direct Red Hat support for saving time.
My thoughts on the knowledge base with Red Hat Enterprise Linux (RHEL) are that it is good but it does not have it all because I have the medium and plus; it needs more knowledge base.
For how long have I used the solution?
I have been using this for 20 years.
What do I think about the scalability of the solution?
Red Hat Enterprise Linux (RHEL) has high scalability; it is high for horizontal scalability in any environment, and there are many solutions for scalability.
How are customer service and support?
I would rate customer service or tech support with Red Hat Enterprise Linux (RHEL) a seven, no more.
I give it a seven because of the time it takes for responding to problems; it takes too long.
How was the initial setup?
The initial setup of Red Hat Enterprise Linux (RHEL) is complex.
On a scale of one to ten, I rate it a five—medium complex.
What was our ROI?
I see a medium ROI with Red Hat Enterprise Linux (RHEL) because it has a high price. OpenShift may provide better ROI, but OpenShift is very high.
Red Hat Enterprise Linux (RHEL) is less expensive than OpenShift, which is very expensive.
What other advice do I have?
I am a reseller and a partner with Red Hat.
I am involved with Red Hat.
I use Red Hat Enterprise Linux (RHEL) for my labs, so I am a reseller, partner, and user. I would rate this review overall as an eight.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
reviewer2783742
Improved cloud backups and security have transformed how our team builds and manages servers
Reviewed on Dec 02, 2025
Review from a verified AWS customer
What is our primary use case?
Red Hat Enterprise Linux (RHEL) is used primarily to build AWS servers. A specific example of how RHEL is used to build AWS servers involves purchasing licenses from third-party vendors like REL and also from AWS. Once an AMI is obtained from the Marketplace, the AMI is customized by injecting all organization standards.
After internal tools have been built on the AMI, that AMI is used to build AWS servers.
How has it helped my organization?
Red Hat Enterprise Linux (RHEL) has positively impacted the organization by helping track everything, such as how many users have access to the server, which is easy to monitor. RHEL also offers better options for downloading repositories easily, and the ability to stripe the EBS volumes has allowed for pulling more IOPS and throughput.
The impact on the team and organization has been significant, as it has helped improve application performance and backup performance. Since AWS backend is used for backups, RHEL striping has proven very useful.
By using RHEL striping, throughput and IOPS have increased, which reduced the backup completion time from fifteen to sixteen hours to just fifteen to sixteen minutes. The main reason is the backend and the striping implemented for EC2 instances.
What is most valuable?
Red Hat Enterprise Linux (RHEL) offers several valuable features, including being secure and standard, and making whatever commands are executed easier to manage. When security and standardization are considered, no other person can access those RHEL servers.
Another good aspect is that whatever is downloaded comes from the repository, and every command is tracked, including the person who entered the command. Tracking on RHEL AMIs and OS standardization is very effective.
Red Hat Enterprise Linux (RHEL) helps mitigate downtime and lower risks by using the Pacemaker role for high availability. The primary and secondary systems are managed by the Pacemaker role, which helps reduce downtime for applications.
What needs improvement?
Red Hat Enterprise Linux (RHEL) could be improved by including a better app stream module experience or simply phasing out modules in favor of straightforward version repos. Red Hat could also integrate more common tools directly or integrate EPEL more seamlessly. Additionally, enabling AI-based operational tuning for kernel parameters, file system parameters, and network stack optimization could enhance the experience.
Regarding needed improvements, simplifying the subscription and licensing would help reduce complexity in subscription management. Clear visibility of consumption and unused subscriptions and compliance is also important.
For how long have I used the solution?
Seven years of experience have been accumulated in the current field.
What do I think about the stability of the solution?
Red Hat Enterprise Linux (RHEL) is stable.
What do I think about the scalability of the solution?
Red Hat Enterprise Linux (RHEL) offers great scalability and supports very large memory.
How are customer service and support?
The customer support received is good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Red Hat Enterprise Linux (RHEL) has been the only solution used, and no switch from any other solution has occurred.
In comparing the business value of RHEL to other Linux distributions, no other Linux distributions have been used; only Red Hat Enterprise Linux (RHEL) has been utilized.
How was the initial setup?
Red Hat Enterprise Linux (RHEL) systems are managed with a dedicated cloud support team that handles provisioning and monthly patching. Additionally, focus is placed on security hardening and optimizing it with cloud-init, instance tuning, and subscription activation.
What about the implementation team?
Image Builder has been used, but the AMIs are not built personally. A dedicated support team handles the building of the AMIs.
What was our ROI?
A return on investment has been seen, as it has saved a tremendous amount of time.
Red Hat Enterprise Linux (RHEL) helps save time; for example, the Pacemaker role facilitates faster task completion, and it optimizes backup processes.
What's my experience with pricing, setup cost, and licensing?
Regarding pricing, setup cost, and licensing, the pricing is good; however, licensing is a bit confusing.
What other advice do I have?
My advice for others looking into using Red Hat Enterprise Linux (RHEL) is to be aware that subscriptions can be challenging to manage. When a server reboots, the subscription goes to open, which can lead to others consuming the subscription, creating a challenge regarding the subscription and licensing part.
Security requirements were a significant consideration in choosing RHEL in the cloud because it is not open source and is highly secure.
Red Hat Enterprise Linux (RHEL) is assessed as having a better knowledge base offered through its tuning capabilities. By better tuning, the documentation is referred to, which helps in day-to-day work.
Red Hat Enterprise Linux (RHEL) entitlement management can be confusing, as converting systems between subscription modes is not straightforward.
I would rate this review a nine out of ten.
Sandeep J.
Enhanced Security with Complex Setup
Reviewed on Nov 26, 2025
Review provided by G2
What do you like best about the product?
I appreciate the strong security features of CIS Red Hat Enterprise Linux, particularly how it revokes all access to non-root users. This significantly enhances the security by ensuring that unauthorized personnel cannot execute commands that could compromise the system. I also value the partition-level security it provides, such as setting 'noexec' and 'nosuid' options in the 'fstab' file for temporary partitions. This feature effectively prevents the automatic execution of programs, adding an additional layer of security to protect sensitive data. Moreover, the restrictions set for '/etc/fstab' are particularly beneficial for temporary partitions, which are often targeted by applications looking to execute programs. By disallowing execution on these partitions, it minimizes security risks and protects our telecom customers' environments more efficiently.
What do you dislike about the product?
I find handling the PAM authentication and audit services in CIS Red Hat Enterprise Linux to be quite confusing. While PAM is essential for Linux password restrictions, the complexity involved makes it cumbersome, and managing the necessary controls could be streamlined if handled separately. Additionally, the initial setup of the system is challenging due to numerous restrictions that must be kept in mind. This adds another layer of complexity, requiring careful application of changes or modifications, which reduces the overall user-friendliness.
What problems is the product solving and how is that benefiting you?
I use CIS Red Hat Enterprise Linux to enhance security, adding extra layers such as revoking access for non-root users and setting noexec nosuid on tmp partitions to prevent unauthorized execution.