💼 [ECS.4] ECS containers should run as non-privileged
- ID:
/frameworks/aws-fsbp-v1.0.0/ecs/04
Description
We recommend that you remove elevated privileges from your ECS task definitions.
When the privilege parameter is true, the container is given elevated privileges
on the host container instance (similar to the root user).
Similar
- AWS Security Hub
- Internal
- ID:
dec-c-d71f8501
- ID:
Similar Sections (Give Policies To)
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|---|---|---|---|---|
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-2(1) Account Management _ Automated System Account Management | 4 | 26 | no data | ||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3 Access Enforcement | 15 | 5 | 59 | no data | |
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3(7) Access Enforcement _ Role-based Access Control | 31 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control | 21 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-5 Separation of Duties | 17 | no data | |||
| 💼 NIST SP 800-53 Revision 5 → 💼 AC-6 Least Privilege | 10 | 23 | 72 | no data |
Sub Sections
| Section | Sub Sections | Internal Rules | Policies | Flags | Compliance |
|---|
Policies (1)
| Policy | Logic Count | Flags | Compliance |
|---|---|---|---|
| 🛡️ AWS ECS Task Definition runs as privileged🟢 | 1 | 🟢 x6 | no data |