AWS Config Rule: ECS Containers Non Privileged
ECS_CONTAINERS_NONPRIVILEGED
Ryan Ware
Last Update 9 months ago
Description: Checks if the privileged parameter in the container definition of ECSTaskDefinitions is set to ‘true’. The rule is NON_COMPLIANT if the privileged parameter is ‘true’.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Europe (Spain), China (Ningxia), Europe (Zurich) Region
How to Resolve Manually
This AWS Config Rule only applies to an EC2 ECS Container, not a Fargate one.
To manually resolve this AWS Config Rule, you will first need to head on over to the ECS Dashboard in the AWS Console and take a look at your ECS Task Definitions.
As mentioned above, this option is not available for Fargate launch type compatible ECS Containers, only EC2 ones. On your Container definition, you will need to look for the Security section, as shown below in this image. This is where you will be able to enable or disable the Privileged option.
When this option is true, the container is given elevated privileges on the host container instance. This is the same as performing actions as root user.
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
