Images & AMIs

Hardened Images, Production Ready

CIS Level 2 hardened machine images built with EC2 Image Builder and Ansible, distributed across four AWS regions. Available on AWS Marketplace, or delivered directly for VMware, Hyper-V, KVM, and bare metal environments.

Hardening Standard
CIS Level 2
Image benchmark
Lynis Score
85+ / 100
Post-hardening audit result
AWS Regions
5 Regions
us-east-1, us-west-2, eu-west-1, ap-southeast-1, eu-west-1
Base OS
Linux Distro of your choice
RHEL 9 pipeline + more in development
Billing Model
Flat Monthly Rate
$0 EC2 hourly add-on charges
AWS Marketplace AMIs
AI Infrastructure $49 / mo

AI / LLM Workbench

A hardened base pre-configured for AI and large language model workloads. Includes CUDA support hooks, Python ML toolchain, and CIS Level 2 hardening — ready for Ollama, llama.cpp, or custom inference servers.

Distro of your choice CIS L2 ML Toolchain GPU-Ready
AWS Marketplace Custom Build
Healthcare Compliance $299 / mo

HIPAA-Ready Base AMI

Purpose-built for healthcare workloads requiring HIPAA administrative, physical, and technical safeguards. CIS Level 2 hardening with additional audit logging, encrypted storage configurations, and access control enforcement.

Distro of your choice CIS L2 Audit Logging HIPAA Controls
AWS Marketplace Inquire
Agentic Workloads $79 / mo

Agentic AI Server

Configured for autonomous AI agent deployments: tool-calling frameworks, background job orchestration, and API gateway hooks — all on a CIS-hardened base with network isolation and process-level controls.

Distro of your choice CIS L2 Agent Frameworks API Gateway Ready
AWS Marketplace Custom Build
Web Infrastructure $29 / mo

Hardened WordPress AMI

Production-grade WordPress on a CIS Level 2 hardened Ubuntu base. Includes Nginx, PHP-FPM with tight permissions, fail2ban login protection, and secure default configurations — ready to deploy without the usual hardening debt.

Distro of your choice CIS L2 Nginx + PHP-FPM fail2ban
AWS Marketplace Custom Build
Security Operations $149 / mo

SMB SIEM Stack — Wazuh

A fully integrated SIEM stack built on Wazuh and OpenSearch — deployed on a CIS Level 2 hardened Ubuntu 24.04 base. Purpose-built for organizations that need centralized log management, threat detection, and compliance reporting without the cost of enterprise SIEM licensing. Requires t3.xlarge or larger for OpenSearch heap requirements.

Distro of your choice CIS L2 Wazuh OpenSearch t3.xlarge+ Log Management Threat Detection
AWS Marketplace Custom SIEM Build
On-Premises & Private Cloud Delivery

The same Ansible hardening playbooks used to build PTG's AMIs are applied to on-premises images via Packer. Images are delivered via S3 presigned URLs in your preferred hypervisor format — no AWS dependency required for deployment.

VMware vSphere / ESXi
.OVA  /  .OVF

Open Virtual Appliance format for direct import into vSphere, ESXi, and Workstation environments. CIS-hardened Ubuntu or RHEL base image delivered with documented import procedure and post-deploy checklist.

Microsoft Hyper-V
.VHDX

Generation 2 VHDX images for Hyper-V on Windows Server 2019/2022 and Azure Stack HCI. Secure Boot compatible, pre-configured with Hyper-V guest integration services.

KVM / QEMU / Proxmox
.QCOW2

Copy-on-write QCOW2 images optimized for KVM, QEMU, and Proxmox VE. Virtio drivers pre-installed, cloud-init configured for flexible network and credential injection at first boot.

Bare Metal
Raw / ISO

Raw disk images and bootable ISOs for bare metal provisioning via PXE, MAAS, or manual installation. Unattended installation support with pre-applied CIS hardening and provisioning hooks.

Hardening Stack
Base Role
Linux Distro CIS L2
Ansible-lockdown role
Rootkit Detection
Malware Scan
Daily scan schedules, hash database init
Intrusion Prevention
SSH Secured
SSH, auth log monitoring, ban rules
Audit & Accounting
sysstat + acct
Process accounting, I/O stat collection
Package Integrity
debsums
MD5 verification of installed packages
PAM Hardening
libpam-tmpdir
Per-session /tmp isolation for PAM users
SSH Hardening
SSH Parameter Tightening
Ciphers, MACs, key exchange restricted
Compiler Access
Restricted Compiler Access
gcc, cc permissions limited to root group
Image Roadmap — 100 AMIs Planned

Powell Tech Group is expanding to 100 total AMIs across 5 Linux distributions — the same five products on Ubuntu 24.04, RHEL 9, AlmaLinux, Amazon Linux, and RockyLinux. RHEL 9 pipeline is currently in active development.

Ubuntu 24.04 LTS
AI / LLM Workbench
HIPAA-Ready Base AMI
Agentic AI Server
Hardened WordPress AMI
SMB SIEM Stack (Wazuh)
RHEL 9
AI / LLM Workbench
HIPAA-Ready Base AMI
Agentic AI Server
Hardened WordPress AMI
SMB SIEM Stack (Wazuh)
Distro 3 (TBD)
AI / LLM Workbench
HIPAA-Ready Base AMI
Agentic AI Server
Hardened WordPress AMI
SMB SIEM Stack (Wazuh)
Live on AWS Marketplace
In Development
Planned

Need a custom image or on-prem format?

PTG builds custom hardened images for specific compliance frameworks, toolchains, or hypervisor environments. Contact us to discuss your requirements.

Request Custom Build AWS Marketplace
Loading

NVD