
No Image

March 2025: CMS Gold Image Updates

March 2025: CMS Gold Image Updates

CMS Cloud
March 2025: CMS Gold Image Updates



Below, you will find this month's Centers for Medicare and Medicaid Services (CMS) Gold Images (GIs) updates from the CMS Hybrid Cloud Team.

Upcoming Updates

* *Hardened Container Images Now Available via CMS Artifactory Iron Bank:*
* CMS Hybrid Cloud recommends using a hardened Iron Bank image as the base image for container builds to help ensure the best security posture and reduce the burden of applying security configuration best practices.
* Iron Bank images can be accessed via the CMS JFrog Platform [ https://cloud.cms.gov/getting-started-jfrog-platform ] under the *"gi-gantuar-ironbank"* Artifactory repository. 
* The Iron Bank Artifactory repository functions as a pull-through cache to allow CMS customers access to the images without registering for an Iron Bank account separately. It also helps to avoid any potential rate limits imposed by the Iron Bank registry.

To access pre-cached Iron Bank container images already utilized in our CMS environment, such as Alpine Linux, RedHat UBI, UBI with NodeJS, Alpine, and UBI with Python, the only CMS customer action needed is to register for Artifactory.

* *Red Hat Enterprise Linux 9 (RHEL9) CMS GI available now:*
* The new RHEL9 CMS GI better aligns with Acceptable Risk Safeguards (ARS) 5. As such, there are major differences between RHEL9 and previous versions.
* Please read the RHEL9 Usage Guide [ https://cloud.cms.gov/rhel9-usage-guide ] and test/develop the new RHEL9 in your lower environments before deploying it live into production.

* *Amazon Linux 2023 with Elastic Kubernetes Service (EKS) Optimization CMS GI available now: *
* Note that existing launch template configurations, based on the EKS-optimized AL2 GI, will not work for AL2023, as the node initialization process has changed.
* Please review the Amazon-published documentation  [ https://docs.aws.amazon.com/eks/latest/userguide/al2023.html ]highlighting the changes and the CCG page: Changes from AL2 to AL2023 [ https://cloud.cms.gov/eks-changes-from-al2-to-al2023 ].

* *Amazon Linux 2023 (AL2023) CMS GI:*
* Be aware that as an added security measure, the /tmp directory has been mounted with the NOEXEC option, which will not allow the execution of binaries within /tmp. 
* This change may impact 3rd-party tools that execute scripts out of the /tmp directory, like Packer.
* Packer does have the option to specify a different directory to execute scripts from (see the documentation [ https://developer.hashicorp.com/packer/docs/provisioners/shell#remote_folder ] for more details).

* *CMS Marketplace Customers to utilize "Bring Your Own License" (BYOL) Red Hat GIs only:*
* For CMS Marketplace customers, please note that Marketplace Information Technology Group (MITG) has a dedicated license for Red Hat, which includes premium support. Thus, if a Marketplace customer utilizes a regular GI and not a BYOL RHEL, they will incur unnecessary costs. 
* Note that all BYOL GIs have "byol" in the GI name.

Gold Image Accessibility

CMS GI availability is based on the respective team's Customer Automation and Management Platform (CAMP) details. If a team would like to request a new CMS GI, please open a Hybrid Cloud Support Ticket [ https://jiraent.cms.gov/plugins/servlet/desk/portal/22 ] and notify the designated Infrastructure and Users Services Group (IUSG) Hosting Coordinator.

For more information about CMS GIs, please review the available Gold Image documentation [ https://cloud.cms.gov/intro-gold-image ]. 

Questions or Concerns

For questions or issues, please file a Hybrid Cloud Support Ticket. [ https://jiraent.cms.gov/plugins/servlet/desk/portal/22 ]


Office of Information Technology

You are subscribed to receive email messages about CMS Cloud Operations, Changes, and Outages from the Centers for Medicare & Medicaid Services (CMS).

To update your subscription(s), preferences or to stop receiving messages from the CMS Cloud Operations, Changes, and Outages Updates- distribution list, please go to our Subscriber Preferences Page [ https://public.govdelivery.com/accounts/USCMS/subscriber/new?category_id=USCMS_C176 ].


This email was sent to mshinji3056@gmail.com using GovDelivery Communications Cloud 7500 Security Boulevard · Baltimore MD 21244

body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;} table.govd_hr {min-width: 100%;}
  • [登録者]Centers for Medicare & Medicaid Services (CMS)
  • [言語]日本語
  • [エリア]Baltimore, MD
  • 登録日 : 2025/03/06
  • 掲載日 : 2025/03/06
  • 変更日 : 2025/03/06
  • 総閲覧数 : 17 人
Web Access No.2600315