Make GitLab instance CIS level 2 compliant

[nolunwa-ucsc]

We use AWS Config and AWS Security Hub for automated management and verification of configuration settings.
The Team should configure or verify Security Hub is configured to validate the AWS account against
CIS AWS Foundations Benchmark ( CIS level 2 Benchmark). This is required for NIST SP 800 53 rev 5 Standard.

[dsotirho-ucsc]

@hannes-ucsc: "During the 2023 assessment, we were asked to perform a scan of the GitLab instance against the CIS benchmark. There were a number of level 2 findings that we ignored because r4 of FedRamp only required CIS level 2. The scan was one-shot only and we used and still are using CIS level 1 hardened AMI, which we pay a subscription fee for. Spike to investigate if there is a similar AMI that is hardened against level 2."

[dsotirho-ucsc]

…we used and still are using CIS level 1 hardened AMI, which we pay a subscription fee for. Spike to investigate if there is a similar AMI that is hardened against level 2.

CIS Amazon Linux 2 Benchmark - Level 2
By: Center for Internet Security - Latest Version: 2.0.0.29
$0.045/hr

Other CIS hardened images can be found here: https://www.cisecurity.org/cis-hardened-images/amazon

[dsotirho-ucsc]

Spike to test this image in anvildev.gitlab and confirm that all containers start up and that timer units are functional.

[achave11-ucsc]

Assignee to summarize spike results.