Reputation: 11
Amazon ECS task definitions should have secure networking modes and user definitions
ECS.1 Amazon ECS task definitions should have secure networking modes and user definitions.
Given that AWS Batch necessitates the network mode to be 'host' for task definitions, how can we ensure that our Amazon ECS configurations maintain secure networking modes and user definitions, especially considering the ecs.1 Security Hub finding?
What should we do to address the security concern here?
Upvotes: 1
Views: 300
Answers (1)
Reputation: 201088
Per the official documentation on this AWS SecurityHub ECS control here:
The control fails for task definitions that have host network mode and container definitions of
privileged=false, empty anduser=root, or empty.
So you need to make set or update the privileged and user attributes of your task definition. You may have to make some changes to your Dockerfile and rebuild the image such that it can run as a non-root user.
Upvotes: 1
Related Questions
- What is the difference between a task and a service in AWS ECS?
- What is the difference between Amazon ECS and Amazon EC2?
- How to assign a public IP to container running in AWS ECS cluster in EC2 mode
- AWS ECS Instance on EC2 doesn't pull and run the container in the task definition
- How to run docker task with Amazon ECS - getting error `STOPPED (CannotStartContainerError: Error response from dae)`
- AWS ECS images in two task definitions using gitlab pipelines
- Windows ECS Task Definition - Network Mode Error