I need implementation docs for CIS Container Image Monthly or any deployment template to deploy on ECS.

Product Name

CIS Hardened Images® (AWS)

CIS Hardened Images (Google)

CIS Hardened Images (Oracle)

CIS Hardened Images (Azure)

Product Version



Dec 8, 2021


When you subscribe to the CIS Ubuntu container image, it provides the commands/URL needed to pull the hardened container image.

How to locate Container Image Usage Instructions and Pull Command Instructions

From the 'Manage Subscriptions Page'

  1. Locate the Container Image Subscription you require the usage instructions for and select it to be taken to the Summary page.

  2. On the top right hit Actions.

  3. Select View Terms

  4. Continue with steps in the 'From the Product's Offer Configuration Page' below.

From the Product's Offer Configuration Page

  1. Once the end user has subscribed to our product, they will be taken to the terms and conditions screen as seen below, they can hit Continue to Configuration to get more details about how they can pull the image they subscribed to.

On the Configure this Softwarepage, you must select the Delivery Method, the end user will probably notice two. The first one is deprecated, and is to be removed in the future by AWS.  The second one in all instances, also being the one that says 'Container' in the name should be selected.

As for Software Version, the end user has the ability to select previous versions however the latest (recommended) will be selected by default. Every month, the oldest available version of the container image will be restricted. The end user can then hit Continue to Launch.

Customers who subscribe to a product version prior to its restriction will retain access to that version even after the version is restricted. The subscription page for the restricted version shows a red banner to notify these customer that the restricted version is not supported.
Marketplace keeps these versions available for customers who may have a dependency on a legacy version. Understand that usage on legacy versions is still billed, generating revenue for CIS.

  1. The Usage Instructions as documented by AWS are linked on the Launch Page. 

The pull command instructions to pull the container into the user's environment can be found by clicking "View container image details" and this pop up box comes up with the necessary steps and commands needed.

Ensure the end user is running the below commands with elevated privileges. They may see a permission denied error if not.


Content by Label

Copyright © 2020

Center for Internet Security®