Sold by: Center for Internet Security
Deployed on AWS
AWS Free Tier
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
Overview
The CIS Hardened Image Level 2 on Amazon Linux 2 is a pre-configured image built by the Center for Internet Security (CIS®) for use on Amazon Elastic Compute Cloud (Amazon EC2). It is a pre-configured, security-hardened image that aligns with the robust security recommendations, the CIS Benchmarks, making it easier for organizations to meet regulatory requirements.
Not only is this image pre-hardened to the CIS Benchmarks guidance, but it is also patched monthly in alignment with the updates from the software vendor.
Key Benefits
This image is hardened against the corresponding Level 2 profile which is intended for environments or use cases where security is paramount, acts as a defense in depth measure, and may negatively inhibit the utility or performance of the technology. No packages are installed on or removed from this image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.
To demonstrate conformance to the CIS Amazon Linux 2 Level 2 Benchmark, industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT® Pro). Each CIS Hardened Image contains the following files:
These reports are located in /home/CIS_Hardened_Reports.
For customized pricing options or private offers, reach out to us at cloudsecurity@cisecurity.org .
To learn more or access the corresponding CIS Benchmark, please visit https://www.cisecurity.org/cis-benchmarks or sign up for a free account on our community platform, CIS WorkBench, https://workbench.cisecurity.org/ .
Highlights
- Hardened according to a Level 2 CIS Benchmark that is developed in a consensus-based process and that is accepted by government, business, industry, and academia.
- Helps with compliance to PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, select NIST publications, and more.
- Pre-configured to align with industry best practices that are developed and supported by CIS, this image has hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
AmazonLinux 2
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
t3a.small Recommended | $0.022 |
t2.micro AWS Free Tier | $0.02 |
t3.micro AWS Free Tier | $0.022 |
m7i.xlarge | $0.024 |
f1.2xlarge | $0.026 |
g2.2xlarge | $0.026 |
h1.4xlarge | $0.035 |
i2.4xlarge | $0.035 |
r6i.large | $0.022 |
m6id.16xlarge | $0.06 |
Vendor refund policy
Refunds through AWS are not available at this time. You will only be billed for actual time of instance use. As with all CIS security products, our aim is always 100 percent customer/member satisfaction.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
NA
Additional details
Usage instructions
Once the instance is running, connect using SSH. Use "ec2-user" as the username. Immediately apply latest security updates after launching the instance.
Resources
Support
Vendor support
Questions, feedback, and support accessing CIS-developed AMIs is provided by contacting
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Center for Internet Security
By Canonical Group Limited
By Hardened Images
Top
10
In Operating Systems
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Security Hardening
Pre-configured image hardened according to CIS Benchmarks Level 2 security recommendations
Configuration Assessment
Includes CIS Configuration Assessment Tool (CIS-CAT Pro) reports for verifying hardening compliance
Benchmark Compliance
Aligns with industry security standards including PCI DSS, FedRAMP, DoD Cloud Computing SRG, and FISMA guidelines
System Reporting
Provides comprehensive hardening reports including base VM packages, post-hardening changes, and configuration exceptions
Security Policy Management
Implements hardened account policies, firewall configurations, and administrative templates with defense-in-depth approach
Cryptographic Compliance
FIPS 140-2 certified kernel and cryptographic modules with out-of-the-box compliance
Security Patch Coverage
Comprehensive security updates for over 23,000 open source packages across Ubuntu Universe repository
Compliance Hardening
Integrated hardening profiles from CIS and DISA-STIG security implementation guidelines
Kernel Security
FIPS-certified kernel with ongoing security updates for cryptographic components
Security Tooling
Ubuntu Security Guide (USG) for automated compliance and security configuration management
Security Configuration
Pre-configured security safeguards with minimized attack surfaces and default protective measures
Compliance Framework
Vendor-neutral security configuration aligned with multiple cybersecurity compliance standards
System Optimization
Preconfigured Linux system tailored for system administrators, security experts, and platform deployment professionals
Security Standard Adherence
Image developed through consensus-based approach following industry-recognized security benchmarks
Standard contract
No
No
Customer reviews
Amudhan Pandian
Running containers effectively for many years with excellent security features and pre-installed tools
Reviewed on Jun 27, 2025
Review from a verified AWS customer
What is our primary use case?
My use case for Amazon Linux is mostly for running containers.
I am using SELinux for enhanced security in Amazon Linux , and it is helpful for me.
What is most valuable?
I find that the functions or features of Amazon Linux that are most valuable are ones that I haven't specifically mentioned.
The main benefits I receive from Amazon Linux are saving time and streamlining some work processes.
I use Python, as Amazon Linux includes some pre-installed libraries and tools such as Python, Ruby, and Node.js.
What needs improvement?
In my opinion, for improvement, Amazon Linux could make better integration with third-party vendors, perhaps enhance user experience or lower the price compared to other Linux solutions.
For the future, it would be great to see Amazon Linux have more wide functionality to work with other systems.
For how long have I used the solution?
I have been working with Amazon Linux for eight years.
What do I think about the stability of the solution?
I rate the stability of Amazon Linux as a nine.
What do I think about the scalability of the solution?
I understand the scalability aspects and I think they are adequate.
How are customer service and support?
I would rate the technical support from Amazon Linux as good enough.
I believe the response time and quality of support could be better, so I see quality as a single point of feedback.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I work with both Amazon Linux and Ubuntu because Ubuntu provides more wide functionalities than Amazon Linux.
How was the initial setup?
The initial setup for Amazon Linux is straightforward, and I understand it well.
Which other solutions did I evaluate?
Regarding the pricing model of Amazon Linux, I think it could be more flexible or a bit cheaper for users, as I find Ubuntu is cheaper than Amazon Linux.
What other advice do I have?
I am not using IPv6 and I'm okay with that.
On a scale of one to ten, I rate Amazon Linux an eight.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Henry Rivera
Reliable documentation and support streamline deployment and troubleshooting
Reviewed on Jun 17, 2025
Review from a verified AWS customer
What is our primary use case?
The main use case for Amazon Linux is hosting websites.
This is for overall company operations.
What is most valuable?
The best features with Amazon Linux include the integration with AWS and other services.
It is an operating system that AWS manages, and I feel I can trust it regarding the updates without interfering with or interrupting services.
The performance of Amazon Linux with AWS services is perfectly fine. I use it and change the instance type to give it more resources at times, and for the sandbox, I give it less, and it satisfies what we want.
Amazon Linux reduces the time it would take for setup or deployment because I rely on the documentation for AWS since it's streamlined, and the commands I need to run are easily accessible whenever I need to look up anything.
We've used the application load balancers with Amazon Linux, and that's the main one I can think of regarding advanced networking capabilities.
That feature has definitely helped us enhance the scalability and reliability of our cloud applications by easing administration, as the application load balancer is managed by AWS and ties in with Amazon Certificate Manager, ensuring I do not have to concern myself with scalability and any updates.
The main positive impact of Amazon Linux on my company has been no interruptions of services.
The public website is up and running, which allows us to monetize with virtually no staff hours for downtime or service interruptions.
What needs improvement?
I cannot say honestly how these features have contributed to my system security and package management processes.
I try to keep the services and what I use on Amazon Linux very limited to support overall configurations.
I would love it if Amazon could provide fleet management of their operating system for updates and configuration, as that's an area I would need more attention to.
For how long have I used the solution?
I have dealt with the Amazon Linux product for 10 years.
How are customer service and support?
I would rate customer service or technical support from Amazon a 10.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I switched to Amazon Linux primarily because I was running my operating systems within AWS, knowing that Amazon would support it and all the documentation was up-to-date.
We were using CentOS before switching to Amazon Linux.
Mainly, we used CentOS , which was managed by Red Hat or IBM. Once they changed their upgrade path, it became unviable, so we went with Amazon Linux, which made the most sense in AWS.
How was the initial setup?
My experience with the pricing, setup costs, and licensing of Amazon Linux is straightforward and simple.
What was our ROI?
I have seen a return on investment with Amazon Linux.
What other advice do I have?
I have experience with RDS with AWS.
I have experience with Amazon Linux and other Amazon products.
I have mentioned relevant data points about ease of use and the trust that Amazon provides, as I don't have to concern myself with other Linux distributions.
I realized those benefits during the actual deployment.
On a scale of 1-10, I rate Amazon Linux a 10.
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Martin Mato
Extensive support experience and seamless deployment enable efficient troubleshooting
Reviewed on Jun 05, 2025
Review from a verified AWS customer
What is our primary use case?
I work with Kubernetes tools. My job is L3 support and I troubleshoot Red Hat-based systems and Kubernetes . Those are my two areas and that is all I do. When a client's system breaks down, it is my job to fix it as much as possible.
In the last 12 months, I have been troubleshooting systems and training in Kubernetes.
I deploy applications atop it. I mostly use it as a server for various DevOps concerns. For example, I have a Kubernetes server running on Red Hat Enterprise Linux and Ansible server running on Red Hat Enterprise Linux . It is a DevOps pipeline that is fed by these separate servers.
I just duplicate installations of my clients' machines in order to troubleshoot. The idea is that I am presented with a problem, a broken system. If I can clone it, I do and then I try to fix it locally on my own machine before I present the solution back to the client. It varies slightly, depending on what the clients are using it for. In my very last case, about 2 or 3 weeks ago, there were etcd clusters running on an Ubuntu machine managing a Patroni installation. I tried to set that up on my own systems and started troubleshooting from there.
What is most valuable?
Red Hat is definitely the reason why we go for Linux and why we choose it above Ubuntu . The idea is security and the inbuilt security features. We don't have separate security experts here, so we configure it ourselves. We choose those systems that already have a lot of security features. Red Hat SE Linux is something we appreciate.
Regarding the most valuable features of Red Hat Enterprise Linux , flexibility is the biggest reason. The fact that I can easily manage kernel parameters is a testament to the flexibility of the operating system, and that is why we use it on virtually all our servers.
There are two reasons why I always turn to either Amazon Linux or Ubuntu. My preference for Amazon Linux is because of its SE Linux implementations. My preference for Linux entirely is because of its customizable nature. It is flexible and I can change it to fit whatever my applications' needs are.
What needs improvement?
I have been experimenting with new terminals, and I think that the default terminals for Linux machines in general could be improved. For example, Alacritty. I have been using these things extensively now, so they could do a good job improving their terminals.
For how long have I used the solution?
I have been using the solution for about three years.
What do I think about the scalability of the solution?
I have found it to be the most scalable solution and would rate it an 8.
How was the initial setup?
I have been involved in setting it up from scratch in respect to fixing other peoples' systems, but never for my own use.
The setup was straightforward. I really appreciate how they make it easy to install Kubernetes. I find working with Kubernetes in the cloud easier than working with it on-prem, simply because of swap issues. I appreciate how easy it is to use Amazon Linux as compared to on-prem systems.
What other advice do I have?
I deploy applications atop it. I mostly use it as a server for various DevOps concerns. For example, I have a Kubernetes server running on Red Hat Enterprise Linux and Ansible server running on Red Hat Enterprise Linux. It is a DevOps pipeline that is fed by these separate servers.
We always enable Amazon Linux. We don't switch it off and we do not put it in permissive mode. Where there are issues regarding permissions that Amazon Linux has enforced, we fix them and make it work. SE Linux is enforced on our machines.
I have configured failover for clients using blue-green deployments, where we have identical servers running. That is how we implemented manual failover. They have identical systems running and when one stops working, for any reason, while we are fixing it, these clients remain live.
Whenever I deploy solutions on Amazon Linux, I almost never have to worry about the operating system. Whenever I have problems, it is from the application itself. I have honestly never had any problems with Amazon Linux, aside from disk space issues. But no problems with the operating system itself.
I work as a Linux Administrator, specifically in Linux Support.
I rate Amazon Linux a 9 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Putinas Piliponis
Good, but still lacks some stuff
Reviewed on Nov 06, 2021
Review from a verified AWS customer
I have been using this AMI in PCI DSS env for quite some time, however out of the box it doesn't pass Amazon Inspector findings - still needs quite a bit of tuning to deal with findings. Things like sshd protocol version is not set, sshd logging, password lockout policy, etc.
I was not able to find CHANGELOG - basically its some "black box".