AWS Config Rule: ECS Containers Non Privileged


Ryan Ware

Last Update för 8 månader sedan

Description: Checks if the privileged parameter in the container definition of ECSTaskDefinitions is set to ‘true’. The rule is NON_COMPLIANT if the privileged parameter is ‘true’.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Europe (Spain), China (Ningxia), Europe (Zurich) Region

How to Resolve Manually

This AWS Config Rule only applies to an EC2 ECS Container, not a Fargate one.

To manually resolve this AWS Config Rule, you will first need to head on over to the ECS Dashboard in the AWS Console and take a look at your ECS Task Definitions.

As mentioned above, this option is not available for Fargate launch type compatible ECS Containers, only EC2 ones. On your Container definition, you will need to look for the Security section, as shown below in this image. This is where you will be able to enable or disable the Privileged option.

When this option is true, the container is given elevated privileges on the host container instance. This is the same as performing actions as root user.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here

Was this article helpful?

0 out of 0 liked this article

Still need help? Message Us