Limit ECS container access to root file system

Question

Limit ECS container access to root file system

markjschreiber opened this issue 2 years ago · 0 comments

Description

If possible ECS containers should only have read access to root file system

Use Case

Rule: securityhub-ecs-containers-readonly-access-0d3e3dca
Summary of Rule: This control checks if ECS Containers are limited to read-only access to its mounted root filesystems. This control fails if the readonlyRootFilesystem parameter in the container definition of ECSTaskDefinitions is set to 'false'.

Proposed Solution

Examine FS access in ECS containerized engines. This may also need to include miniwdl and fargate which run as "privileged" containers.