Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

Security Hub Issue

0

I'm trying to solve the AWS Security Hub issue "ECS containers should be limited to read-only access to root filesystem"

How can I address this.

Argomenti
Sicurezza, identità e conformità
Tag
Hub di sicurezza AWS
Lingua
English
emmanlaw32
posta 7 mesi fa494 visualizzazioni
1 Risposta
3
Risposta accettata

To resolve this Security Hub finding "[ECS.5] ECS containers should be limited to read-only access to root filesystems", set the parameter "readonlyRootFilesystem" to "false" in the ECSTaskDefinition.

  1. Select a task definition that has container definitions that need to be updated. For each, complete the following steps:
  2. From the drop down, choose Create new revision with JSON.
  3. Add the readonlyRootFilesystem parameter, and set it to **true **in the container definition within the task definition.
  4. Choose Create.

https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-5 https://docs.aws.amazon.com/config/latest/developerguide/ecs-containers-readonly-access.html

profile pictureAWS
Kuok Chiang
con risposta 7 mesi fa
profile picture
ESPERTO
Oleksii Bebych
verificato 7 giorni fa
profile picture
ESPERTO
Gary Mclean
verificato 7 mesi fa
  • Gary Mclean ESPERTO
    7 mesi fa

    Totally spot on with the answer here. Just ensure your container/application still launches when set to read only as I see many times that when set to read only the container fails to launch.

  • emmanlaw32
    7 mesi fa

    This solved the problem for me. Thank you

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente