Our primary use case is rapidly deploying a secure and compliant foundation for our business-critical applications, especially those that need to adhere to PCI/DSS standards. This product is an absolute game changer. What used to take our security and DevOps teams weeks of manual hardening, scripting, and validation is now accomplished in minutes with a single click.
The environment deploys perfectly hardened to CIS benchmarks, and the integrated threat defense tools provide immediate peace of mind. This is not just a hardened AMI; it is a complete, production-ready solution that has saved us countless engineering hours. I highly recommend it for any organization that takes security seriously.
This product has fundamentally improved our organization's security posture and agility. Before, deploying a compliant, production-ready server was a multi-week bottleneck that consumed hundreds of hours from our senior security and DevOps engineers. Now, with this turnkey CloudFormation template, we deploy a fully hardened, PCI-ready environment in minutes. This has slashed our application time to market and, more importantly, freed our security team to focus on application-level threats instead of repetitive, manual OS hardening. It is one of the best investments we have made in our cloud infrastructure.
The two most valuable features for us are the one-click CloudFormation deployment and the pre-configured threat defense suite. The CloudFormation template is brilliant; it has saved our team hundreds of hours, turning a complex, multi-week hardening process into a reliable, minutes-long deployment. The real peace of mind comes from the integrated tools such as ClamAV and rkhunter, which provide active threat detection out of the box. It is this combination of effortless, compliant deployment and proactive, built-in security that makes this an essential part of our cloud infrastructure.
Looking ahead, the feature I would be most excited for in a future release would be a variant of this AMI specifically hardened and optimized for EKS worker nodes. Being able to extend this same level of turnkey CIS compliance and threat detection to our containerized workloads would be a massive win. Additionally, deeper integration with services such as AWS Security Lake would be fantastic for centralizing logs.
I have used this solution for 1 year.
We previously used the standard, unhardened Ubuntu LTS AMIs directly from Canonical. While they are a great starting point, the reason we switched is simple: time and confidence. Our old workflow involved a multi-week security hardening process for every new project. Our DevOps and security teams would spend countless hours manually implementing CIS controls, running validation scripts, and documenting everything for our PCI audits.
It was a massive operational bottleneck. We switched to this product because it turns that entire weeks-long process into a 10-minute, one-click deployment. We now get a fully hardened, audit-ready environment out of the box. This has not only accelerated our project timelines but has also given us much greater confidence in our security posture from day one.
The pricing can be improved.
We did not evaluate other alternative solutions.
I have no additional advice to offer.
