Protagona first planned a discovery session with the client’s engineering team to determine their current image building process. We determined that while they did have a base AMI build pipeline, they were using Amazon Linux 1 and they were not securing the images based on the CIS benchmark.
We began building out the solution by creating a secure image based on the newest Amazon Linux 2022 AMI. Using Ansible playbooks, we were able to execute automatic rules against the image. The rules were created based on the CIS level 1 benchmark sections.
After the playbooks were finished, our team focused on automating the image building process using AWS Image Builder, Systems Manager Automations and scanning these AMIs using AWS Inspector. All infrastructure was built in Terraform and built in easy-to-adopt modules for the client engineering team.