/hardened-ami

Hardened AMI that is compliant with the DevSec Linux Baseline https://dev-sec.io/baselines/linux/ Built using Packer, Ansible and Shell commands https://github.com/dev-sec/ansible-os-hardening https://github.com/dev-sec/ansible-ssh-hardening

Primary LanguageShell

AWS Hardened AMI

This repository builds an AMI that uses the DevSec Hardening Framework SSH and OS hardening ansible roles. The roles provide numerous security-related configurations that follow security best practices.

Why

We want to ensure all instances and AMI's we provision have a secure configuration and the likelihood of attacks is minimal. The DevSec community keeps the playbooks up to do date with the DevSec Linux Security Baseline which gives us the extra security we need.

Source code structure

├── ansible
│   ├── playbook.yaml                       <-- Ansible playbook file
│   ├── requirements.yaml                   <-- Ansible Galaxy requirements containing additional Roles to be used (DevSec)
├── scripts
│   └── install_ansible.sh                  <-- Updates packages and installs ansible on the OS
├── .gitlab-ci.yml                          <-- Gitlab CI pipeline
├── packer.json                             <-- Packer template to build AMI

Built with