diff --git a/tasks/amazon_linux.yaml b/tasks/amazon_linux.yaml
new file mode 100644
index 0000000..e701050
--- /dev/null
+++ b/tasks/amazon_linux.yaml
@@ -0,0 +1,3 @@
+---
+- name: Amazon Linux 2 | Configure Filesystem Partitions
+  include_tasks: configure_filesystem_partitions_al2.yaml
diff --git a/tasks/configure_filesystem_partitions_al2.yaml b/tasks/configure_filesystem_partitions_al2.yaml
new file mode 100644
index 0000000..0bb65f8
--- /dev/null
+++ b/tasks/configure_filesystem_partitions_al2.yaml
@@ -0,0 +1,23 @@
+---
+- name: Configure /tmp partition security options
+  mount:
+    path: /tmp
+    src: tmpfs
+    fstype: tmpfs
+    opts: "{{ item.opts }}"
+    state: mounted
+  loop: "{{ tmp_mount_options }}"
+  loop_control:
+    label: "{{ item.name }}"
+
+- name: Configure /dev/shm partition security options
+  mount:
+    path: /dev/shm
+    src: tmpfs
+    fstype: tmpfs
+    opts: "{{ item.opts }}"
+    state: mounted
+  loop: "{{ shm_mount_options }}"
+  loop_control:
+    label: "{{ item.name }}"
+
diff --git a/tasks/main.yaml b/tasks/main.yaml
index 01a0df0..a032800 100644
--- a/tasks/main.yaml
+++ b/tasks/main.yaml
@@ -2,15 +2,18 @@
 - name: Include CIS Stage Specific vars
   include_vars: cis-{{ cis_Stage }}.yaml
 
-- name: Debian realted Specification
+- name: Debian related Specification
   include_tasks: configure_Debian.yaml
   when:
     ansible_os_family == 'Debian'
 
-- name: Centos realted Specification
+- name: CentOS related Specification
   include_tasks: configure_RedHat.yaml
-  when:
-    ansible_os_family == 'RedHat'
+  when: ansible_os_family == 'RedHat' and ansible_distribution != 'Amazon'
+
+- name: Amazon Linux 2 related Specification
+  include_tasks: amazon_linux.yaml
+  when: ansible_distribution == 'Amazon'
 
 # - name: Special purpose services
 #   include_tasks: services.yaml
@@ -35,3 +38,4 @@
 
 # - name: Ensure dccp and sctp is disabled
 #   include_tasks: network_protocol_and_unusedFilesystem.yaml
+
diff --git a/vars/main.yml b/vars/main.yml
index 790b629..5b03353 100644
--- a/vars/main.yml
+++ b/vars/main.yml
@@ -88,3 +88,18 @@ os_services_name: ['avahi-daemon', 'slapd', 'named', 'cups', 'telnet', 'discard-
 # aide cronjob configuration
 minute_aide_cronjob: '0'
 hour_aide_cronjob: '5'
+
+# configure filesystem partitions for al2
+tmp_mount_options:
+  - { name: "Ensure /tmp is a separate partition", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
+  - { name: "Ensure nodev option set on /tmp", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
+  - { name: "Ensure nosuid option set on /tmp", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
+  - { name: "Ensure noexec option set on /tmp", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
+
+shm_mount_options:
+  - { name: "Ensure /dev/shm is a separate partition", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
+  - { name: "Ensure nodev option set on /dev/shm", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
+  - { name: "Ensure nosuid option set on /dev/shm", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
+  - { name: "Ensure noexec option set on /dev/shm", opts: "defaults,rw,nosuid,nodev,noexec,relatime" }
+
+