CIS Hardened Image Level 2 on Amazon Linux 2023

My main use case for Amazon Linux  was running production workloads, primarily using it to host backend services for the company and web applications on EC2  instances while helping DevOps with several tasks, one related to QA, as a QA Analyst and QA Engineer.

I hosted a production REST API backend on EC2  using Amazon Linux  which handled user authentication and core transactions for a customer-facing web application, and it scaled reliably using AWS Auto Scaling  and load balancing.

Using Amazon Linux delivered ROI in several practical ways, notably eliminating OS licensing costs, saving thousands of dollars per year compared to licensed enterprise Linux options, and reducing operational effort with an estimated 25 to 30% reduction in OS-related operational work due to AWS-native defaults and predictable updates.

Amazon Linux fit very naturally into our automation and security practices, regularly used with infrastructure as code and automated provisioning, which made it easy to spin up consistent environments across development, staging, and production, aligning closely with AWS  best practices.

The strongest features of Amazon Linux are its tight AWS  integration, security, and long-term stability, with one of the biggest advantages being how well it integrates with AWS services out of the box.

The tight AWS integration of Amazon Linux made my day-to-day operations much simpler and more reliable, as IAM  roles work seamlessly at the OS level, eliminating the need to manage static AWS credentials on instances, which improved security and reduced configuration effort when deploying new EC2 instances or scaling automatically.

Another feature I found very useful in Amazon Linux is its predictable and well-curated package ecosystem, with stable and tested repositories for AWS environments reducing dependency issues and making system updates safer in production, along with smooth integration with automation and containerized workloads.

While Amazon Linux worked very well overall for us, there could be a few areas for improvement. For instance, the package ecosystem compared to more community-driven distributions like Ubuntu , where some packages can lag slightly behind in terms of versions, occasionally requiring extra effort when newer language runtimes or tools were needed.

I have been working in my field as a manual tester and then moved into automated testing for seven years in total, performing and executing test cases on some freelance platforms.

Amazon Linux is very stable, especially for long-running production workloads on AWS, having been able to run it on production EC2 instances for extended periods with minimal issues.

Amazon Linux scales very well, especially when used in AWS-native environments, working seamlessly with AWS Auto Scaling  and load balancing to scale from a small number of instances to dozens or more during traffic spikes without needing OS-level changes.

Amazon Linux customer support is generally good, understanding that support is structured through AWS support plans and official documentation, relying on AWS for issues directly related to Amazon Linux behavior on EC2, with timely and helpful responses for performance, updates, or AWS integration issues.

Positive

We have not used any other solution before Amazon Linux.

Using Amazon Linux delivered ROI in several practical ways, notably eliminating OS licensing costs, saving thousands of dollars per year compared to licensed enterprise Linux options, and reducing operational effort with an estimated 25 to 30% reduction in OS-related operational work due to AWS-native defaults and predictable updates.

The pricing and licensing model of Amazon Linux is one of its biggest advantages, having no additional licensing cost and no per-core and per-instance OS fees, making cost planning straightforward by only paying for the underlying AWS infrastructure.

Before choosing Amazon Linux, I evaluated a few alternatives, specifically considering Ubuntu  Server, Red Hat Enterprise Linux , and CentOS .

I would advise that if you are planning to run workloads on AWS, Amazon Linux is a strong and practical choice, best suited for AWS-native, cloud-first architectures where tight integration with AWS services, security, and long-term stability matter. I would rate this product an 8 out of 10.

My main use case for Amazon Linux  is mostly deploying servers using NGINX  and application runner, and I use it as a base image in Amazon Linux  itself when I write any Docker  file.

In my current project, investment.in, I use Amazon Linux as a web server as well.

The best features Amazon Linux offers, in my opinion, are the yum command and the packages that are already included, along with other packages that I can easily install in the Linux environment.

These features help me in my daily work by making automation very easy.

Amazon Linux has positively impacted my organization by increasing productivity since automation is easy and fast, allowing me to set up servers easily, thus productivity increases and efficiency improves as soon as possible while deploying my application using Amazon Linux.

For the improvement of Amazon Linux, I think there should be UI features in the future, as Amazon Linux currently has only terminal capabilities without a UI, and I hope to see documentation updates as soon as possible so when documentation expires, I am updating it and referring to it soon.

When using Amazon Linux, I would prefer if any command goes wrong that an auto-command feature would appear there.

I chose eight out of ten because command line improvement is needed along with UI features, and the second thing is that you can use auto-command line features.

I do not think there are any other improvements Amazon Linux needs right now, maybe something related to security, performance, or compatibility.

My advice for others looking into using Amazon Linux is to make sure the command line is easy and that Amazon Linux has more performance than other Linux environments and is more secure than other Linux environments as well.

I have been using Amazon Linux for more than five years, because I started using Amazon Linux in college.

I have more to add about how I use Amazon Linux; using the command, using shell machines, and using the terminals in Amazon Linux could be a great experience.

I would like to add that Amazon Linux is easy to use with the command line and also user-friendly, with no need to download any third-party updates like RPM packages and then install; I just use the command line only to download directly and install directly.

I purchased Amazon Linux through the AWS Marketplace .

I think next time with Amazon Linux, whenever a bad command is returned, it could be auto-generated to create the perfect command, and that is something you can implement.

I give this product a rating of eight out of ten.

We primarily use Amazon Linux  for the deployment of Amazon machine instances. We also use it for loading up our packages for building Docker  images inside it and for many different cases where we usually utilize it.

Recently, we used Amazon Linux to host running web servers using Apache and Nginx, and we were also working on a project for deploying some backend services like Node.js, Python, and Ruby. We hosted some APIs and microservices on these instances. We are using it as the default common operating system for the Amazon EC2  instances, and it helps us in many different ways, especially since our EKS cluster is a self-provisioned cluster, as we are using Amazon Linux instances as the provisioned instances.

The positive impact of Amazon Linux on my organization is significant, as it has improved organizational security by closing known vulnerabilities quickly, reducing the risk of hacking and malware, resulting in fewer security incidents and lower breach risk. Financially, Amazon Linux is cost-effective and prevents costly data breaches and downtimes, saving considerable money and protecting the company's revenue. It also simplifies compliance and audits such as HIPAA, making it easy for us to get audit approvals while ensuring the organization stays legally compliant and increases system stability by fixing bugs and kernel issues.

The best features that Amazon Linux offers, based on my day-to-day activities, are that it is optimized for AWS . It is tuned for EC2  instances, has fast boot times, and works seamlessly with AWS  services including EC2, EBS, S3 , and IAM . It is also free with no licensing cost, does not require a subscription, and is included in AWS usage, making it cost-effective. Amazon Linux 2 offers five years of support, includes a lot of security patches, and has secure defaults. I find it valuable that even the kernel is optimized for efficient memory and CPU management.

In my day-to-day work, the features of Amazon Linux help significantly, especially with system stability and performance. Additionally, the pre-built AMI images in Amazon Linux are easy to create, and creating custom AMIs is straightforward. It is also developer-friendly and cloud DevOps-friendly. The package management is stable, using YUM and AWS-maintained repositories. Security features assist us as a company since security teams detect vulnerabilities, and security issues reported show common vulnerability exposures, providing reports almost through using Trivy  while utilizing the EC2 instance. AWS can analyze those vulnerabilities, implement fixes, and test to ensure the systems remain stable.

Speaking of challenges I faced with Amazon Linux, some other use cases I used it for include building containers that I take and store in my Amazon ECR , and the main challenge I usually faced was vendor lock-in, as the design is mainly for AWS. It has limited optimization and support outside AWS, and for us to migrate loads to another cloud, it requires many changes. The community support is also limited because it is smaller compared to Ubuntu  or Debian , and there are fewer third-party tutorials and troubleshooting guides for Amazon Linux, so we must heavily rely on AWS documentation. It is still a great tool but has a learning curve and cannot really be compared to other Linux distributions.

Although I am a DevOps engineer and do not have specific metrics readily available, I am aware that patch deployment time is notably efficient, as critical patches are usually applied within less than 48 hours from release. For unpatched common vulnerability exposures, the instances of these were near zero for high or critical CVEs. This assures efficiency and reveals that we did not experience many security incidents due to unpatched systems, although I do not have specific figures for that.

Personally, from my own experience with Amazon Linux, I can suggest improving the patch compliance rate by automating patching using the systems manager patch, scheduling automatic patch windows, and enforcing patch baselines to achieve higher compliance and fewer missed systems. Standardizing operating system images by using golden AMIs with the latest images could also help, as new systems are built by default while removing unused software would be beneficial.

Further improvements needed for Amazon Linux include ensuring compatibility beyond AWS, which would be very useful, as well as enhancing GUI support since it is primarily focused on server workloads. A better graphical user interface based on admin tools would be great, and providing more frequent runtime updates for languages such as Python, Node.js, and Java, which currently lag behind in their latest releases, would also be beneficial. Additionally, improving monitoring and reporting features while integrating patch and security dashboards would be useful.

I have been using Amazon Linux  for a year now.

Amazon Linux is really stable. As I highlighted, it has higher reliability and fewer crashes and issues, as well as a better security posture with less risk of security breaches.

Amazon Linux handles scalability well for my needs. Especially when integrated with autoscaling groups on ECS and EKS, it scales effectively, with minimal problems from my experience. Even the cooling down process after scaling out or scaling down does not cause many headaches, and you only pay for what you use, which makes it great.

For customer support, we are on a support plan maintained by AWS. The team I am working with mainly uses the developer plan, while those in production often use the enterprise plan for dedicated support and architectural help. The support primarily covers installation issues, operating system problems, and networking, and while they provide helpful resources such as GitHub  links and blogs for general issues, we often conduct our own research, as our company has experts working with Linux in the infrastructure.

Negative

I have been using Amazon Linux ever since I joined the company; therefore, I have not used a different solution.

Amazon Linux is best suited for EC2 workloads, ECS, EKS containers, and AWS-native applications. You can use it for production workloads because it is stable and secure, and without license fees, you can expect lower costs compared to Red Hat Linux and Windows, providing a great return on investment for cloud-native workloads. If your application requires very new software versions, you may need additional repositories or manual installations, such as Docker  containers using custom images. The ability to patch regularly, apply patches on time, and utilize the patch manager is a key advantage. Amazon Linux offers many use cases and is recommended for microservices, making it great for security purposes by using IAM  roles and security groups properly while integrating with CloudWatch for monitoring.

Compared to Ubuntu  and other Linux distributions, Amazon Linux has worse support, which often leads us to rely heavily on documentation. Additionally, there are fewer third-party tutorials available for Amazon Linux. Furthermore, it still needs improved package availability, as some newer software versions are missing. Amazon Linux has smaller repositories than Ubuntu, so providing more up-to-date packages and expanding official repositories would help. Easier version upgrades and stronger multi-cloud support beyond AWS, reducing vendor lock-in, would enhance its overall effectiveness.

We usually purchase Amazon Linux through the AWS Marketplace .

Since I joined the company, they have been using Amazon Linux, and I would not know what specific options were previously evaluated. However, Amazon Linux was chosen for its faster deployment times, which means less configuration time for the operating systems and quicker time to market. It has lower maintenance costs, requires less admin workload, offers automated patching, and is highly reliable with fewer crashes and issues.

I rate Amazon Linux at seven out of ten on an overall scale.

I usually ran GoLang applications on Amazon Linux . These applications are compiled for any Linux flavor or architecture. I have worked with API backends for VoIP APIs in the CPaaS platforms.

Recently I got a use case where I needed to implement a noise cancellation application for Amazon Linux  as a backend application. This noise canceller specifically used an Intel procedure which is specific to architecture. I faced some challenges with Amazon Linux in this scenario. I had to switch to Ubuntu  for that specific use case.

If you are building something of your own in a language such as GoLang or Python, it is really easy to set it up and just hit the go button. You just need to build your application and you can have a binary which can run on Amazon Linux easily. However, for specific tasks such as the noise reduction case, I have to install a package for a specific instruction which I had never worked with before. That was a new experience. It is really easy to install on Amazon Linux from the package right away, which is a really good thing.

We are scaling up and scaling down in the EKS environments with Amazon Linux only. Amazon Linux really works well for this.

Amazon Linux is really easy to use. Almost all of the packages and all of the third-party applications are available for Amazon Linux. They are just one command away to install them.

For example, if I use any CentOS  based system, Ubuntu  based system, or Debian  based system, I have to keep updating my repository. Sometimes it is really hard to find some Amazon specific packages for those distributions. However, for Amazon Linux, it is really good and really handy that all of the information and all of the packages are available on just a few commands away.

Regarding the update side, I really appreciate the kernel patches for Amazon Linux. They are released straightaway. Whenever something is fixed in the security domain, it gets released pretty soon compared to other distributions for Amazon Linux. In terms of customer compliance with GDPR and similar requirements, it is really good to have that.

I have noticed benefits in my workflow with Amazon Linux. When I used to have a Windows laptop and whenever I needed a Linux instance, I used to spin up one on EC2 . This brought me a lot of helpful things without owning a machine. Even if I am in an environment where I have very low network bandwidth and I have to compile huge images or build a big image, perhaps something related to AI or training a model, it is really easy to just spin up an EC2  instance and build that image there. The network connectivity and all those aspects help in that way.

It is really easy to integrate Amazon Linux with the conventional tools available for all Linux systems.

Amazon Linux has performed really well under heavy workloads.

I feel there can be a lot of extensibility for Amazon Linux, the same way we have for Ubuntu or Debian . That might be a good use case to look forward to.

I would love to get my hands on Amazon Linux on a laptop, if that is possible. Nowadays the machines are really powerful and if you have an operating system like Ubuntu and you love working with Linux, people will easily switch to Amazon Linux because they are running the same thing on their laptops and even in the cloud. That would be really beneficial in that case.

I have been using Amazon Linux since 2020 and it has been five years now. I have been using Amazon Linux to run production applications on EC2 instances and running some POCs, creating test applications around it. I have used Amazon Linux as my secondary computer in the cloud for four years.

Amazon Linux is really good and stable.

It is easy to scale Amazon Linux. If you want scalability and many out of the box features, you can choose Amazon Linux right away.

I have not had any chance to reach out to customer support.

Negative

I have used a couple of Linux distributions before Amazon Linux. I have used Linux Mint, CentOS , Ubuntu, and Debian. I still use them for some software which is recommended for it, but not much.

Amazon Linux was readily available on the AWS  cloud, so it was an easy switch and there were no major setup complications.

I did purchase Amazon Linux a couple of times through the AWS Marketplace . However, these things are majorly managed by the DevOps team.

I saved around 100 to 200 hours of build time when I used to have a slow laptop before I switched to Mac. That was really helpful. I can do other tasks while the build is going on, so it increased productivity as well.

In general, I have saved many hours in my workflow. We are not in the era of generative AI where you have to research, implement, and test everything. Because I used to have a Windows instance, Amazon Linux was my go-to for any of the tasks.

I mostly found Amazon Linux documentation and community support very easily. Nowadays I majorly use Gemini or ChatGPT for my issues, which is really helpful.

Most of the time Amazon Linux meets the need in the security areas with latest patches for everything.

It is mostly for public cloud, specifically public AWS . We use Amazon Linux across all the environments.

It is really good. As I work in an enterprise environment, most of the pricing and other details are handled by other teams, not the backend engineering team. I have never faced any such issues.

I would rate this product an 8 out of 10.

My main use case for Amazon Linux  is deploying our ClickHouse  cluster. ClickHouse  is an OLAP database where we are spanning data across multiple terabytes, and we're using EC2  instances on AWS , which are based on the Linux operating system. We have a cluster of 16 EC2  instances based on Amazon Linux , and using those instances, we are deploying our ClickHouse cluster.

In addition to deploying our ClickHouse cluster, we are also using Amazon Linux for our ClickHouse Keeper, which is for the coordination, and we are using it for our CHProxy, which is the ClickHouse Proxy for user authentication, query limiting, and other functionality.

Amazon Linux provides us a great capability of deploying ClickHouse, as ClickHouse is much more compatible with Linux instances if you're deploying it on-premises, as the support team has advised us. We have specifically utilized Amazon Linux in our use case to deploy ClickHouse, and since we have configs that we need to manually deploy there, we have to work with Linux commands to change our configs. That sort of capability and ease of doing things is being provided by Linux, so we are very happy with Amazon Linux.

Stability is a great point since we rarely face any downtime with Amazon Linux in terms of Linux instances going down. Regarding security, since we have deployed this in the VPC, we need to ensure we have the right protocols opened, and Linux within itself provides us great capability to ensure we have high-level security as well. Amazon Linux integrates well with services like S3  for storing our data, and we are also using Route 53  for our routing services and DNS services for the ClickHouse cluster. It integrates well with AWS  services, and we are also using CloudWatch for the metrics.

Amazon Linux has positively impacted our organization in a couple of ways. There were two ways to deploy a ClickHouse cluster: the first was to go with a cloud solution, and the other one was to go with Amazon Linux. We looked at the cost in both ways, and the cloud version was expensive for us, so we looked at Amazon Linux on-premises and tried to deploy our cluster by doing a certain POC. We found out there was a significant cost difference. It gave us much more control over how we store our data and what we can do with it, so we went with the approach of deploying a cluster on Amazon Linux. That was a positive impact for us in terms of having control over data, keeping it in a secure network of ours only, and it also saved us costs, giving us a full circle moment to save our expenses.

I believe Amazon Linux provides a wide variety of instances in terms of the RAM and storage that you want with the EBS volumes, so nothing can be improved in that regard. It's just that with the start time, when you're initially starting an instance, it takes a certain amount of time to reboot itself and set up the environment, and if that can be improved to instant speed, I think that will be much more helpful.

I gave it an eight because of the instant speed consideration. Since we are working in a real-time manner and need to scale things immediately, the time it takes to boot an instance and then deploy things is preventing me from giving it a perfect rating. That aspect is crucial, as it affects the time required to start up an instance and instantly deploy it.

I have been working in my current field for 4.5 years.

Amazon Linux is stable in my experience, and we did not face any downtime or reliability issues.

In terms of scalability, we find it easy to scale our workloads up or down, with the only drawback being the time it takes to restart or boot an instance. Otherwise, everything else is good.

We have been satisfied with all of this. We had good support from AWS if we faced any issues, and the documentation is really great. We faced no compatibility issues, so I think we are in good standing on that part.

We didn't reach out to customer support because we didn't face any issues, so I would rate the customer support a 10 out of 10.

Positive

Since our whole cloud network is deployed in AWS, we didn't look into other instances. We initially considered using Windows for the instances, but then we switched to Linux since the ClickHouse team informed us that Linux instances would be hugely compatible with the ClickHouse environment.

As a developer, I'm not directly impacted with the cost, but during the meetings I attended, there were discussions of saving up to 30% of cost savings by going with Amazon Linux.

As I mentioned for the cost savings, we saved 30% in terms of the cloud infrastructure. Time saved is significant since we are working with a real-time database, which saves us time compared to going with OLTP. With Amazon Linux coming in, we have also saved time in terms of query execution time, and those are the numbers that I can share.

My advice to others looking into using Amazon Linux is that it's a great piece of technology you can use to deploy your application environment. It works within a great environment of a private network, integrates well with other AWS services, keeps you in a close-knit ecosystem, is highly scalable, and ensures that you have high performance for your application while rarely facing any downtime. I would rate this product an 8 out of 10.