びびなび : World : () World

April 2025: CMS Gold Image Monthly Updates








CMS Cloud
April 2025: CMS Gold Image Monthly Updates

________________________________________________________________________



The Centers for Medicare and Medicaid Services (CMS) Hybrid Cloud Team announces the following CMS Gold Image (GI) updates for April 2025:

April 2025 GI Updates

*Amazon Linux 2 (AL2) End-of-Life (EOL)*


* Based on guidance from AWS Professional Services and the CMS Hybrid Cloud Team, *all AL2 users **must transition to Amazon Linux 2023 (AL2023) [ https://cloud.cms.gov/gold-image-amazon-linux-2023 ] by July 1, 2025*. 
* We will reach out to customers with active AL2 instances using support tickets on *Friday, April 18, 2025*, to ensure all AL2 instances are closed.
* Please note the following AL2023 *cms.cloud.gov [ https://cloud.cms.gov/ ]* (CCG) pages to help your team upgrade from AL2 to AL2023:
*

*Gold Image: Amazon Linux 2023 [ https://cloud.cms.gov/gold-image-amazon-linux-2023 ]*: As an added security measure, the /tmp directory is mounted with the NOEXEC option, which will not allow the execution of binaries within /tmp. This change may impact third-party tools that execute scripts out of the /tmp directory, like Packer, which allows users to specify a different directory to execute scripts from. Please review *the documentation [ https://developer.hashicorp.com/packer/docs/provisioners/shell#remote_folder ]* for more details.


*

*Gold Image: Amazon Linux 2023 with Elastic Kubernetes Service (EKS) Optimization [ https://cloud.cms.gov/gold-image-amazon-linux2023-eks ]*: The existing launch template configurations are based on the EKS-optimized AL2 GI and will not work for AL2023 because of a change to the node initialization process. Note that in the April AL2023 with EKS Optimization CMS GI, the firewall configuration is updated to ensure outbound traffic from containers. For more information, please review the *Amazon-published documentation [ https://docs.aws.amazon.com/eks/latest/userguide/al2023.html ]* that highlights the changes and the *Changes from AL2 to AL2023 [ https://cloud.cms.gov/eks-changes-from-al2-to-al2023 ]* CCG page.


* Please Note: The final AL2 CMS GI will be released on Friday, June 13, 2025.

*Hardened Container Images Now Available in the CMS Artifactory Repository*


*

The CMS Hybrid Cloud Team recommends using a hardened Iron Bank image as the base image for container builds to help:


*

Ensure the best security posture.


*

Reduce the burden of applying security configuration best practices.


*

Access Iron Bank images in the *CMS JFrog Platform [ https://cloud.cms.gov/getting-started-jfrog-platform ]* under the *"gi-gantuar-ironbank"* Artifactory repository. 


*

The CMS Artifactory repository is a pull-through cache that allows CMS customers to access Iron Bank container images without registering for a separate Iron Bank account. It also helps CMS customers avoid any potential rate limits from the Iron Bank registry.


*

Please register for CMS Artifactory repository access to use the pre-cached Iron Bank container images already used in our CMS environment (such as Alpine Linux, RedHat UBI, UBI with NodeJS, Alpine, and UBI with Python).

*CMS Marketplace Customers: Only Use "Bring Your Own License" (BYOL) Red Hat GIs*


* CMS Marketplace Customers: Marketplace Information Technology Group (MITG) has a dedicated license for Red Hat Enterprise Linux (RHEL) that includes premium support. This means that if you use a regular GI instead of a BYOL RHEL GI, you will be charged unnecessary costs. 
* Please Note: All BYOL GIs have "byol" in the GI name.

Gold Image Accessibility

CMS GI availability is based on each team's Customer Automation and Management Platform (CAMP) details. If your team wants to request a new CMS GI, please open a *Hybrid Cloud Support Ticket [ https://jiraent.cms.gov/plugins/servlet/desk/portal/22 ]* and contact your assigned Hosting Coordinator.

For more information about CMS GIs, please review the available *Gold Image documentation [ https://cloud.cms.gov/intro-gold-image ]*. 

Questions or Concerns

 For questions or concerns, please contact your assigned Hosting Coordinator/Technical Advisor or submit a *Hybrid Cloud support ticket* [ https://jiraent.cms.gov/plugins/servlet/desk/portal/22 ].



________________________________________________________________________






Office of Information Technology




You are subscribed to receive email messages about CMS Cloud Operations, Changes, and Outages from the Centers for Medicare & Medicaid Services (CMS).

To update your subscription(s), preferences or to stop receiving messages from the CMS Cloud Operations, Changes, and Outages Updates- distribution list, please go to our Subscriber Preferences Page [ https://public.govdelivery.com/accounts/USCMS/subscriber/new?category_id=USCMS_C176 ].

________________________________________________________________________

This email was sent to mshinji3056@gmail.com using GovDelivery Communications Cloud 7500 Security Boulevard · Baltimore MD 21244


body .abe-column-block { min-height: 5px; } table.gd_combo_table img {margin-left:10px; margin-right:10px;} table.gd_combo_table div.govd_image_display img, table.gd_combo_table td.gd_combo_image_cell img {margin-left:0px; margin-right:0px;} table.govd_hr {min-width: 100%;}