AWS Config Rule: CodeBuild Project Environment Privileged Mode Enabled

CODEBUILD_PROJECT_ENVIRONMENT_PRIVILEGED_CHECK

Ryan Ware

Last Update 8 maanden geleden

Description: Checks if an AWS CodeBuild project environment has privileged mode enabled. The rule is NON_COMPLIANT for a CodeBuild project if ‘privilegedMode’ is set to ‘true’.


Trigger type: Configuration changes


AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Europe (Spain), China (Ningxia), Europe (Zurich) Region


How to Resolve Manually

To resolve this manually, you will first need to head over to the CodeBuild Dashboard within the AWS Console. From the list on the left hand side, choose Build followed by Build Projects.


From here you will be able to see a list of your CodeBuild Build Projects. Click on one of your Build Projects to see more information on this resource.


Privileged Mode enables running the Docker daemon inside a Docker container. Set to true only if the build project is used to build Docker images. Otherwise, a build that attempts to interact with the Docker daemon fails. The default setting is false.


You can initialize the Docker daemon during the install phase of your build by adding one of the following sets of commands to the install phase of your buildspec file:


If the operating system's base image is Ubuntu Linux:


- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout 15 sh -c "until docker info; do echo .; sleep 1; done"

If the operating system's base image is Alpine Linux and the previous command does not work, add the -t argument to timeout:


- nohup /usr/local/bin/dockerd --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375 --storage-driver=overlay&
- timeout -t 15 sh -c "until docker info; do echo .; sleep 1; done"

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us