Using the CIS AWS Hardening Components
Subscribing via AWS Marketplace
1.) Navigate to the respective Hardening Component in AWS Marketplace and select “View purchase options”.
2.) After subscribing to the offer, select “Launch your software”.
3.) On the next page, choose your deployment region.
Once the region is selected, click “Launch from Image Builder console”.
Utilizing the CIS AWS Hardening Components
1. Confirm Subscription
Ensure that: - The AWS Marketplace subscription is active in your account. - You have accepted all Terms of Use.
2. Validate IAM Role Permissions
Confirm that the IAM user or assumed role has the required Image Builder permissions.
3. Create or Edit an Image Recipe
Navigate to:
AWS Console → Image Builder → Image Recipes
You may either:
- Create a new image recipe, or
- Edit an existing one.
4. Add the Marketplace Component
Within your image recipe:
- Go to Components
- Select the subscribed marketplace component
- Specify the required version
Note: Combining this hardening component with other components has limited support.
For best results, run the CIS hardening component last in the component order.
5. Create an Infrastructure Configuration
Define:
- Instance type
- IAM role with required permissions
- Optional settings such as logging or network isolation (VPC)
6. Create an Image Pipeline
Navigate back to the Image Recipe tab.
- Select your image recipe
- Open Actions → Create pipeline from this recipe
- Configure: Infrastructure Settings, Distribution Settings, Schedules / Triggers
7. Build and Validate
Start the build by:
- Manually triggering a run in Image Pipelines, or
- Allowing the scheduled trigger to execute
Monitor:
- Image Builder console
- CloudWatch logs
After the build completes:
- Review CIS hardening reports
- Validate overall system functionality