security audit for new ubuntu 20 server

I was very grateful for some generous assistance I received here years ago when configuring and hardening a new server. The time has come for me to upgrade another AWS-hosted EC2 server to the latest Ubuntu, 20.04, which was released a couple of weeks ago. Can anyone recommend a best practice security audit process for a fresh ubuntu server? I'll be firing up an EC2 instance from the AMI provided by canonical here. Is it still a good plan to install tiger and dig through its recommendations? Some of them seem quite finicky.

I'd be happy to share my experience in auditing and configuring the machine here for everyone's benefit.