Amazon ECS task definitions should have secure networking modes and user definitions

Data protection

Amazon ECS task definitions should have secure networking modes and user definitions

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

AWS Foundational Security Best Practices Controls
HITRUST
NIST 800-53

Description

Amazon Elastic Container - ECS is a highly scalable, fast container management service that makes running, stopping, and managing containers on a cluster simple. A task definition defines your containers, which you use to run individual tasks or tasks within a service. It was detected that the ECS task definition {AwsEcsTaskDefinition} has unexpected elevated privileges.

Recommended Mitigation

Consider updating the ECS Task Definition Networking Mode to Bridge or vpc configurations or update the Container Definitions to have elevated Privileges or define the User. For more information: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition-console-v2.html ; https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html

Amazon ECS task definitions should have secure networking modes and user definitions

Description

Need help?