To begin, open EC2 Image Builder in AWS console and click on Image recipes, then Create image recipe.

Name your recipe and assign it a version number. This version number will be incremented if you need to modify the recipe at a later date

For Base Image choose Marketplace images. You will see any subscribed CIS Hardened Images in the Subscriptions section. Choose your subscribed AMI if applicable.

If you do not see any Subscribed AMIs then you will need to subscribe to a CIS Hardened Image to use the associated CIS hardening components in the EC2 Image Builder pipeline.

In this case, select AWS Marketplace and browse through the available AMIs.

Select the CIS Hardened Image you wish to use with the EC2 Image Builder pipeline, then choose Go to Marketplace.

Select Continue to Subscribe in the Marketplace.

Accept the Terms and Conditions.

Once subscribed, return to EC2 Image Builder and the subscribed AMI should be available for use in the pipeline .

Image Removed

Finish adding all Build and Test components, final information, or tags, under Subscriptions in the Base Image section of the Image recipe. Select the AMI you wish to add to the recipe. You will see an Associated component listed with the image if it has a CIS hardening component available. Only AMIs tested with EC2 Image Builder will have an associated component.

Image Added

Note: AWS automatically uses the latest version of the AMI when the build pipeline is run. You do not manually have to update the Image recipe to update the AMI version.

Add any Build components you wish to use with the AMI. Make sure you select the Third party managed component associated with the AMI you selected. It is recommended to sequence it last in the Build components you select to ensure the CIS hardening is not affected by other Build components in the Image recipe.

Image Added

Finish adding Test components, any final information, or tags to the Image recipe; then click Create recipe to utilize the recipe in a pipeline at a later time, or click Create pipeline for this recipe to define a pipeline immediately.