Data protection

Amazon ECS task definitions should have secure networking modes and user definitions

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Amazon Elastic Container - ECS is a highly scalable, fast container management service that makes running, stopping, and managing containers on a cluster simple. A task definition defines your containers, which you use to run individual tasks or tasks within a service. It was detected that the ECS task definition {AwsEcsTaskDefinition} has unexpected elevated privileges.

  • Recommended Mitigation

    Consider updating the ECS Task Definition Networking Mode to Bridge or vpc configurations or update the Container Definitions to have elevated Privileges or define the User. For more information: <a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition-console-v2.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition-console-v2.html</a> ; <a href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/AmazonECS/latest/developerguide/update-task-definition.html</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.