Help CenterAt present, the easiest way to ensure your EC2 instances can be updated to the latest quarterly STIG releases is to create them using a CloudFormation (or similar) automated build system, specifying the baseline AMI ID as a parameter in the build process. As long as your system can be automatically rebuilt, updating the stack parameter (using CloudFormation as an example) would automatically build new servers with the latest STIG baselines, join them to the Elastic Load Balancer, and drop the old servers when that is done.
But not everybody is Netflix, and this level of automation is very hard to achieve with many applications.
We're looking at offering a continual upgrade program, that will allow our AWS Marketplace customers a way to use our on-premise Nému Hardened Computing client software to apply the latest baselines to their running EC2 instances.
We're not sure how much of a demand there is for this yet - so if this is something that's important to you, please don't hesitate to let us know.