Sold by: Center for Internet Security
Deployed on AWS
AWS Free Tier
This product has charges associated with the pre-built hardening to the CIS Benchmarks™ and recurring maintenance. The CIS Hardened Images® are hardened in accordance with the associated CIS Benchmarks, an industry best practice for secure configuration. Reduce cost, time, and risk by building your AWS solution with CIS AMIs.
4.2
Overview
The CIS Hardened Image Level 2 on Amazon Linux 2023 is a pre-configured image built by the Center for Internet Security (CIS®) for use on Amazon Elastic Compute Cloud (Amazon EC2). It is a pre-configured, security-hardened image that aligns with the robust security recommendations, the CIS Benchmarks, making it easier for organizations to meet regulatory requirements.
Not only is this image pre-hardened to the CIS Benchmarks guidance, but it is also patched monthly in alignment with the updates from the software vendor.
Key Benefits
This image is hardened against the corresponding Level 2 profile which is intended for environments or use cases where security is paramount, acts as a defense in depth measure, and may negatively inhibit the utility or performance of the technology. No packages are installed on or removed from this image outside of those already present on the base image or as recommended in alignment with the corresponding CIS Benchmark recommendations.
To demonstrate conformance to the CIS Amazon Linux 2023 Level 2 Benchmark, industry-recognized hardening guidance, each image includes an HTML report from CIS Configuration Assessment Tool (CIS-CAT® Pro). Each CIS Hardened Image contains the following files:
These reports are located in /home/CIS_Hardened_Reports.
For customized pricing options or private offers, reach out to us at cloudsecurity@cisecurity.org .
To learn more or access the corresponding CIS Benchmark, please visit https://www.cisecurity.org/cis-benchmarks or sign up for a free account on our community platform, CIS WorkBench, https://workbench.cisecurity.org/ .
Highlights
- Hardened according to a Level 2 CIS Benchmark that is developed in a consensus-based process and that is accepted by government, business, industry, and academia.
- Helps with compliance to PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, select NIST publications, and more.
- Pre-configured to align with industry best practices that are developed and supported by CIS, this image has hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
AmazonLinux 2023
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
If you are an AWS Free Tier customer with a free plan, you are eligible to subscribe to this offer. You can use free credits to cover the cost of eligible AWS infrastructure. See AWS Free Tier for more details. If you created an AWS account before July 15th, 2025, and qualify for the Legacy AWS Free Tier, Amazon EC2 charges for Micro instances are free for up to 750 hours per month. See Legacy AWS Free Tier for more details.
Dimension | Cost/hour |
|---|---|
t3.small Recommended | $0.022 |
t3.micro | $0.022 |
t2.micro | $0.02 |
h1.16xlarge | $0.06 |
m3.2xlarge | $0.026 |
r7i.xlarge | $0.024 |
r5ad.2xlarge | $0.026 |
m6i.large | $0.022 |
m5n.24xlarge | $0.06 |
m6id.4xlarge | $0.035 |
Vendor refund policy
Refunds through AWS are not available at this time. You will only be billed for actual time of instance use. As with all CIS security products, our aim is always 100 percent customer/member satisfaction.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
This release is based on kernel version 6.18. Previous versions were based on kernel version 6.12
Additional details
Usage instructions
No sensitive information supplied by customers will be stored outside this instance. No data encryption configuration is applicable to this instance. You can encrypt the instance EBS volume per standard EC2 processes. No programmatic system credentials and cryptographic keys are used by this instance. Launch the instance via the AWS Marketplace or EC2 console. Navigate to your Amazon EC2 console and verify that you're in the correct region. Choose instance and select your launched instance. Select the server to display your metadata page and choose the Status checks tab at the bottom of the page to review if your status checks passed or failed. Connect using SSH. Use "ec2-user" as the username.
Support
Vendor support
Questions, feedback, and support accessing CIS-developed AMIs is provided by contacting
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Center for Internet Security
By Canonical Group Limited
By Arara Solutions
Top
10
In Compliance and Auditing
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Security Hardening Standard Compliance
Image hardened according to CIS Benchmark Level 2 profile developed through consensus-based process and accepted by government, business, industry, and academia.
Regulatory Compliance Support
Supports compliance with PCI DSS, FedRAMP, DoD Cloud Computing SRG, FISMA, and select NIST publications.
Security Configuration Implementation
Pre-configured with hardened account and local policies, firewall configuration, and computer-based and user-based administrative templates aligned with industry best practices.
Automated Assessment and Reporting
Includes CIS Configuration Assessment Tool (CIS-CAT Pro) HTML reports documenting baseline configuration, hardening changes, package modifications, and exceptions to benchmark recommendations.
Continuous Security Maintenance
Patched monthly in alignment with software vendor updates to maintain alignment with latest security standards.
FIPS Certification
FIPS 140-2 certified kernel and cryptographic modules included out of the box with ongoing security updates
Extended Security Coverage
Security patches available for over 23,000 open source packages in the Ubuntu Universe repository with 10 years of support through Expanded Security Maintenance
Compliance Hardening Profiles
CIS and DISA-STIG hardening profiles accessible through Ubuntu Security Guide tooling for guided compliance configuration
Cryptographic Module Updates
FIPS-certified cryptographic components with continuous security updates maintained throughout the support lifecycle
Long-term Support
10-year security coverage period for the operating system and included packages
Operating System Hardening
Amazon Linux 2 configured with STIG Benchmark High standard for enhanced security posture
Security Standards Compliance
Implementation of Defense Information System Agency (DISA) Security Technical Implementation Guides (STIGs) for system hardening
EMR Compatibility
Tested and compatible with Amazon Elastic MapReduce (EMR) for distributed computing workloads
Continuous Security Updates
Access to continuous security updates available through new versions of the image
Multi-Application Support
Suitable for deployment across various applications beyond EMR environments
Standard contract
No
No
Customer reviews
Yash Patel
Standardized cloud workloads have improved security, faster cold starts, and consistent releases
Reviewed on Apr 26, 2026
Review from a verified AWS customer
What is our primary use case?
Amazon Linux is used as the primary operating system for running containerized backend services on EC2 and ECS. Amazon Linux 2023 serves as a base image for Docker containers and as the OS for host instances. With a mix of Graviton3 and x86-64 instances, having one OS optimized for both architectures without any extra configuration has been a real advantage.
When migrating the core API layer from Amazon Linux 2 to Amazon Linux 2023, average container cold start time dropped by around 25%. This improvement was largely thanks to boot time optimization in AL2023, with kernel configuration and cloud-init improvements making a noticeable difference. Kernel live patching allows critical fixes to be applied without rebooting instances, which has been significant for uptime requirements.
Amazon Linux 2023 is also used for data processing workers that run on Spot Instances, and the version locking feature has been especially useful in that context. All instances can be pinned to a specific repository snapshot so that a package update in deployment does not cause inconsistencies across the fleet. SELinux enforcing mode is leveraged to meet internal compliance requirements without having to write custom hardening scripts.
What is most valuable?
Three features stand out as the best that Amazon Linux offers. Kernel live patching is a game-changer for availability because being able to patch vulnerabilities without a reboot has been invaluable. The repository version locking provides deterministic, reproducible deployments. SELinux-by-default posture required some adjustment at first, but having a security-hardened baseline out of the box means less time spent on custom security configuration.
Kernel live patching alone probably saves the on-call team around ten to fifteen hours a month that previously went into scheduling maintenance windows for kernel updates. Version locking helps eliminate a whole class of deployment inconsistency bugs that were caused by package drift across environments. SELinux being pre-configured means the security team signs off on new deployments faster, whereas previously there was a back-and-forth that could delay releases by days.
The biggest organizational impact from Amazon Linux has been on deployment confidence and release velocity. Before AL2023, OS-level inconsistencies caused roughly twenty percent of production incidents. After standardizing on AL2023 with version locking and consistent AMI builds, that number dropped significantly. This also helped pass the SOC 2 audit faster because the security defaults were already aligned with what auditors were looking for. OS-related incident response time was reduced by about forty percent after moving to AL2023. Kernel live patching eliminated roughly six planned maintenance windows per year per cluster, which translates to real savings in engineering time and avoided customer downtime. Base AMI build time was trimmed by around thirty percent because there is no longer a need to layer on as many post-install hardening scripts.
What needs improvement?
The migration from Amazon Linux 2 to AL2023 was not completely painless, and some packages that were relied on were not available in the core repository and required using SPL, the Supplementary Package Repository, which comes with around-the-clock support. The documentation on SPL limitations could be clearer upfront so teams do not discover it mid-migration. SELinux enforcement, while beneficial for security, requires some ramp-up time for teams that have not worked with it before.
Better inline documentation with the OS itself would be valuable, especially clearer man pages for Amazon-specific tooling like the Amazon Linux Extras equivalent in AL2023. Debugging SELinux denials can be tricky without additional tools, so shipping something like audit2why or better integration with CloudWatch for SELinux logs out of the box would be a nice quality-of-life improvement.
For how long have I used the solution?
I have been working with Amazon Linux for about three years, and the migration to Amazon Linux 2023 was completed roughly a year and a half ago.
What do I think about the stability of the solution?
Stability has been excellent with Amazon Linux. In about eighteen months of production use across hundreds of instances, there have been zero OS-level crashes or kernel panics. The version locking feature contributes significantly to this, and the environment is not caught off guard by a package update breaking something in production. Quarterly updates follow a predictable schedule, which makes release planning much more orderly.
What do I think about the scalability of the solution?
Amazon Linux scales very well. The environment has grown from tens to hundreds of EC2 instances without any OS-level bottlenecks. Boot time optimization means new instances come online faster during auto-scaling events, which directly improves response during traffic spikes. There have been no issues running it across multiple AWS regions with consistent behavior everywhere.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Rutuja Tamboli
Daily workflows have become portable and collaborative for containerized automation
Reviewed on Apr 24, 2026
Review provided by PeerSpot
What is our primary use case?
I have been using Amazon Linux from the day I started learning about AWS services, and we use Amazon Linux images most of the time.
I typically use Amazon Linux for containerizing things when we are developing something such as writing Docker files or running those commands. We use it most often for that purpose.
I was recently creating a bot which sends me emails whenever the pipeline fails or the pods are restarting, and I have used Amazon Linux in the containerized image of that.
What is most valuable?
In my opinion, the best features Amazon Linux offers are the scalability and the portability of platforms it provides, which are the most valuable features of Amazon Linux.
The scalability and portability of Amazon Linux have helped me because many times it happens that multiple people are working on the same project, and at that time we need to scale it. Thus, it was an easy task to scale it and to work with multiple teams. Regarding portability, we many times needed to shift it from one EC2 instance to another, making it easy as well.
Amazon Linux has positively impacted my organization by helping us to automate things on a large scale, so it was really helpful.
There were many things which we used with Amazon Linux, and it was really helpful, providing noticeable time savings and other measurable improvements after using it.
What needs improvement?
I think Amazon Linux can be improved by making things more easy to use and user-friendly, as the features are very inherited and in hierarchical dynamics. If you can make it simpler, it will be easy to use.
For how long have I used the solution?
I have been using Amazon Linux from the day I started learning about AWS services, and we use Amazon Linux images most of the time.
What do I think about the stability of the solution?
Amazon Linux is stable.
What do I think about the scalability of the solution?
The scalability of Amazon Linux is good. We can scale the system, so it is easy.
How are customer service and support?
The customer support for Amazon Linux is supportive, and they helped us understand the system and how it works.
What's my experience with pricing, setup cost, and licensing?
For pricing, my experience with Amazon Linux was that it was most like other services, such as how we use EC2 . The things were not difficult. It was easy to set up.
What other advice do I have?
I do not have anything else to add about my main use cases for Amazon Linux.
The reason I chose nine out of ten is that the hierarchies of features make it somewhat difficult to make people understand how we use it, which was my concern.
My advice to others looking into using Amazon Linux is that whichever companies are using cloud-native things like AWS services for their infrastructure for private or public cloud, they should use Amazon Linux as it provides many functionalities.
I found this interview good.
I would like for you to provide a short poem or haiku that will summarize my review.
My review rating for Amazon Linux is 9.5 out of 10.
Harshal Jethwa
Switching has delivered secure, up-to-date servers and has reduced hosting costs
Reviewed on Apr 20, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Amazon Linux is hosting servers and applications.
What is most valuable?
The best features Amazon Linux offers include regular updates, regular patches, up-to-date software and tools, and security features.
The security features of Amazon Linux stand out for me because it provides vulnerability patches and tools and software patches. Because of that, our servers get the latest updates, which keeps them secure and provides access to the latest tools.
Amazon Linux has positively impacted my organization because we are able to host our applications, mainly Kubernetes applications, our servers, and testing environments, while also being able to get lower cost servers.
Since switching to Amazon Linux, I have noticed that we were previously using Windows Server , which was expensive. After switching to Linux, we are able to get a 30 to 40% savings.
What needs improvement?
Amazon Linux can be improved because currently it does not provide much longer session durations and sometimes it does not provide some of the tools I want to be included.
I chose 8 out of 10 because sometimes Amazon Linux does not provide a longer session and when we restart or refresh, all of the command history gets lost. Additionally, some of the tools I need are not present.
For how long have I used the solution?
I have been using Amazon Linux for six to seven months.
What do I think about the stability of the solution?
Amazon Linux is stable.
What do I think about the scalability of the solution?
Amazon Linux's scalability is good.
How are customer service and support?
I have not reached out to customer support yet, but I believe it will be good.
Which solution did I use previously and why did I switch?
Before Amazon Linux, we were using Windows, which was expensive for us due to its licensing fees. After switching to Linux, we are saving money.
What was our ROI?
I have seen a return on investment with Amazon Linux because I save both time and money.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing with Amazon Linux is that pricing is based on what we use and setup is easy. We do not need a license.
What other advice do I have?
I would advise others looking into using Amazon Linux that they can use it if they want to save money, want a low-cost solution, and want up-to-date patches. I gave this review a rating of 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Osvaldo Part
Using a flexible cloud OS has reduced licensing costs and has supported large-scale load testing
Reviewed on Apr 19, 2026
Review from a verified AWS customer
What is our primary use case?
My main use case for Amazon Linux is as load test injectors VMs. I use Amazon Linux as a load test injector VM by spinning up a number of instances in AWS using this or using auto-scaling. For our requirement, we required RHEL-based systems and servers, which is why we are using Amazon Linux.
For a load injector, we are using a number of servers, mainly 10 to 20 servers. If we were going for RHEL , it would require a 10-server subscription. However, we are using Amazon Linux, which is freeware and does not require any subscription. Additionally, it belongs to the RHEL family and is easily integrated with all the AWS services.
What is most valuable?
The best feature of Amazon Linux is that it can easily integrate with all the services in AWS. The easy integration with AWS services helps me in my day-to-day work because if we are choosing any RHEL or Ubuntu-based server in AWS, we are required to install a service manager on that server. However, if we are using Amazon Linux, it is not required to install that type of package on it.
Amazon Linux has impacted my organization positively because, as I mentioned, we are using it as a load injector, and for this, our client required an RHEL-based OS. If we are using RHEL machines or servers, it requires an RHEL subscription. However, for Amazon Linux, no subscription is required. It is freeware, so it is cost-effective for our organization.
What needs improvement?
I have not felt any lag or any performance issues on Amazon Linux, so it does not require any improvement from my perspective. I do not have anything I wish Amazon Linux would do differently or features I would like to see added in the future.
For how long have I used the solution?
I have been using Amazon Linux for around five plus years.
What do I think about the stability of the solution?
Amazon Linux is stable.
What do I think about the scalability of the solution?
Amazon Linux's scalability is good. I have used it in an auto-scaling group for some time, and it is more scalable and more flexible and reliable.
How are customer service and support?
The customer support is awesome because it belongs to AWS, and AWS customer support is excellent.
Which solution did I use previously and why did I switch?
I have not yet used a different solution.
How was the initial setup?
I did not purchase Amazon Linux through the AWS Marketplace .
What was our ROI?
I have seen a return on investment because it saves money. As I mentioned, if we required RHEL servers, it needs some subscriptions. However, for using Amazon Linux, it is freeware, and it saves us a lot of money.
Which other solutions did I evaluate?
Before choosing Amazon Linux, I did not evaluate any other options.
What other advice do I have?
I would add that it is freeware for RHEL machines and belongs to the RHEL family. I chose 8 out of 10 for my review rating because for the RHEL family, I am using Amazon Linux, but sometimes, if we are using OpenShift or something that requires an RHEL subscription, then we are required to have an RHEL subscription or RHEL OS. Apart from that, we can easily use Amazon Linux.
I would advise that if your company and if your client is required to have an RHEL-based OS on AWS, you must go for Amazon Linux because it easily integrates with all the services and belongs to AWS, and it is freeware for RHEL.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Abhishek-Verma
Performance monitoring has improved reliability and cuts costs in my daily cloud workload
Reviewed on Apr 19, 2026
Review from a verified AWS customer
What is our primary use case?
I use Amazon Linux in my day-to-day work as a performance test engineer to monitor performance-related issues. For my cloud environment, which is AWS , most of my servers are EC2 instances, so I identify CPU utilization, memory usage on EC2 instances, and services. I am using Performance Insight, AWS CloudWatch, and RDS .
What is most valuable?
The best features Amazon Linux offers in my experience are the security of all updates and its ease of use, particularly in terms of performance.
Amazon Linux has positively impacted my organization by reducing costs, improving reliability, and saving time by scanning all AWS services and basically integrating all the services.
What needs improvement?
I think Amazon Linux can be improved, but I have no specific suggestions.
For how long have I used the solution?
I have been using Amazon Linux for four years.
What do I think about the stability of the solution?
Amazon Linux is stable.
What do I think about the scalability of the solution?
The scalability of Amazon Linux is flexible, and I basically use it for multiple load balancers.
How are customer service and support?
The customer support for Amazon Linux is good.
Which solution did I use previously and why did I switch?
I did not previously use a different solution.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that the setup cost is freeware, which results in no cost setup, thereby saving money.
Which other solutions did I evaluate?
Before choosing Amazon Linux, I did not evaluate other options, as I am comfortable with my choice.
What other advice do I have?
My advice to others looking into using Amazon Linux is that if you require a RHEL-based OS, you must use it. I gave this product a rating of 9.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)