Product

Amazon Linux 2023

What is your question?

We are looking for guidance on building a hardened Docker base OS image using Amazon Linux 2023 (AL2023) as the foundation for our applications. Our goal is to create a security-compliant and optimized base image that can be centrally maintained and distributed to development and DevOps teams.

We have attempted to enforce CIS benchmarks for AL2023 but encountered challenges, as there are no readily available solutions for applying CIS hardening standards specifically to Docker base OS images.

Requirements:
Develop an automated process to harden the AL2023 base OS image.
Ensure the hardened image complies with industry security standards like CIS...
Store and maintain the hardened image in a central repository in our ECR private repo
Enable development and DevOps teams to pull this hardened base image for application deployment.
Request for Recommendations:
Has anyone implemented successful solutions for hardening AL2023 base OS images?
Are there any automated tools or scripts that can apply CIS hardening in a Dockerized environment?
What best practices do you recommend for maintaining a secure, up-to-date base OS image in a CI/CD pipeline?