πΌ [ECS.4] ECS containers should run as non-privileged
- Contextual name: πΌ [ECS.4] ECS containers should run as non-privileged
- ID:
/frameworks/aws-fsbp-v1.0.0/ecs/04 - Located in: πΌ Elastic Container Service (ECS)
Descriptionβ
We recommend that you remove elevated privileges from your ECS task definitions.
When the privilege parameter is true, the container is given elevated privileges
on the host container instance (similar to the root user).
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-d71f8501
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2(1) Account Management _ Automated System Account Management | 4 | 16 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3 Access Enforcement | 15 | 5 | 34 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(7) Access Enforcement _ Role-based Access Control | 11 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control | 11 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-5 Separation of Duties | 13 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6 Least Privilege | 10 | 23 | 46 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|