1 回答
- 最新
- 投票最多
- 评论最多
3
To resolve this Security Hub finding "[ECS.5] ECS containers should be limited to read-only access to root filesystems", set the parameter "readonlyRootFilesystem" to "false" in the ECSTaskDefinition.
- Select a task definition that has container definitions that need to be updated. For each, complete the following steps:
- From the drop down, choose Create new revision with JSON.
- Add the readonlyRootFilesystem parameter, and set it to **true **in the container definition within the task definition.
- Choose Create.
https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-5 https://docs.aws.amazon.com/config/latest/developerguide/ecs-containers-readonly-access.html
已回答 7 个月前
相关内容
AWS 官方已更新 2 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 1 年前
Totally spot on with the answer here. Just ensure your container/application still launches when set to read only as I see many times that when set to read only the container fails to launch.
This solved the problem for me. Thank you