Ubuntu Security on AWS
######################
Ubuntu security features
************************
Ubuntu on AWS provides all the security features available on Ubuntu Server. For more detailed information about how Ubuntu offers security, refer to the following `Introduction to Security `_.
AWS security features
*********************
AWS offers comprehensive security and data protection in the cloud. `Security in Amazon EC2 `_ explains how users can benefit from AWS security features.
Secure Boot and TPM
~~~~~~~~~~~~~~~~~~~
AWS Secure Boot is a feature of Amazon EC2 instances, that allows only trusted software to be used during the booting process. To create and configure a secure boot image using an Ubuntu AMI, refer to :doc:`../aws-how-to/security/use-secureboot-and-vtpm`.
CIS hardened image
~~~~~~~~~~~~~~~~~~
CIS hardened images are available for use on Amazon EC2. These images include the security related configurations specified by the Center for Internet Security (CIS).
To create a hardened image using Ubuntu Pro, refer to `Build a CIS hardened Ubuntu Pro server image on the AWS Console `_.
AMD SEV-SNP
~~~~~~~~~~~
AMD Secure Encrypted Virtualization-Secure Nested Paging (AMD SEV-SNP) provides strong memory integrity protection to instances that use AMD EPYC processors. Details about launching AMD SEV-SNP instances are given in :doc:`../aws-how-to/instances/launch-and-attest-amd-sev-snp-instances`.
Enhanced security using Ubuntu Pro
**********************************
Apart from the Ubuntu Server images, AWS also has images for `Ubuntu Pro `_, which come with enhanced security features:
* Expanded Security Maintenance (ESM): Provides 10 years of security patching for packages in the Ubuntu (main and universe) repositories.
* Live kernel updates: These reduce downtime and unplanned reboots in case of kernel vulnerabilities.
* FIPS compliance: Includes FIPS-certified modules to enable the use of Ubuntu in highly regulated environments.
To find Ubuntu Pro images on AWS (for both EC2 and EKS), refer to :doc:`../aws-how-to/instances/find-ubuntu-images`. The product parameter allows you to specify Pro.