Ubuntu Security on AWS

Ubuntu security features

Ubuntu on AWS provides all the security features available on Ubuntu Server. For more detailed information about how Ubuntu offers security, refer to the following Introduction to Security.

AWS security features

AWS offers comprehensive security and data protection in the cloud. Security in Amazon EC2 explains how users can benefit from AWS security features.

Secure Boot and TPM

AWS Secure Boot is a feature of Amazon EC2 instances, that allows only trusted software to be used during the booting process. To create and configure a secure boot image using an Ubuntu AMI, refer to Use UEFI Secure Boot and TPM on Ubuntu-based EC2 instances.

CIS hardened image

CIS hardened images are available for use on Amazon EC2. These images include the security related configurations specified by the Center for Internet Security (CIS).

To create a hardened image using Ubuntu Pro, refer to Build a CIS hardened Ubuntu Pro server image on the AWS Console.

AMD SEV-SNP

AMD Secure Encrypted Virtualization-Secure Nested Paging (AMD SEV-SNP) provides strong memory integrity protection to instances that use AMD EPYC processors. Details about launching AMD SEV-SNP instances are given in Launch and attest AMD SEV-SNP instances with Ubuntu 24.04 on AWS.

Enhanced security using Ubuntu Pro

Apart from the Ubuntu Server images, AWS also has images for Ubuntu Pro, which come with enhanced security features:

  • Expanded Security Maintenance (ESM): Provides 10 years of security patching for packages in the Ubuntu (main and universe) repositories.

  • Live kernel updates: These reduce downtime and unplanned reboots in case of kernel vulnerabilities.

  • FIPS compliance: Includes FIPS-certified modules to enable the use of Ubuntu in highly regulated environments.

To find Ubuntu Pro images on AWS (for both EC2 and EKS), refer to Find Ubuntu images on AWS. The product parameter allows you to specify Pro.