πΌ [ECS.5] ECS containers should be limited to read-only access to root filesystems
-
Contextual name: πΌ [ECS.5] ECS containers should be limited to read-only access to root filesystems
-
ID:
/frameworks/aws-fsbp-v1.0.0/ecs/05 -
Located in: πΌ Elastic Container Service (ECS)
Descriptionβ
If the readonlyRootFilesystem parameter is set to true in an Amazon ECS task definition, the ECS container is given read-only access to its root file system. This reduces security attack vectors because the container instance's root file system can't be tampered with or written to without explicit volume mounts that have read-write permissions for file system folders and directories. Enabling this option also adheres to the principle of least privilege.
Similarβ
- AWS Security Hub
- Internal
- ID:
dec-c-437eb07b
- ID:
Similar Sections (Give Policies To)β
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|---|---|---|---|
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-2(1) Account Management _ Automated System Account Management | 4 | 16 | ||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3 Access Enforcement | 15 | 4 | 17 | |
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(7) Access Enforcement _ Role-based Access Control | 7 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-3(15) Access Enforcement _ Discretionary and Mandatory Access Control | 10 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-5 Separation of Duties | 1 | |||
| πΌ NIST SP 800-53 Revision 5 β πΌ AC-6 Least Privilege | 10 | 21 | 26 |
Sub Sectionsβ
| Section | Sub Sections | Internal Rules | Policies | Flags |
|---|