AWS ECS containers should run as non-privileged

ecs
This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This assessment examines whether the privileged setting in the container definition of Amazon ECS Task Definitions is enabled. The assessment will not pass if the privileged setting is enabled. This evaluation is based on the most recent active revision of an Amazon ECS task definition.

It is advisable to avoid granting elevated privileges in your ECS task definitions. When the privileged setting is enabled, the container is granted elevated privileges on the host container instance, similar to those of the root user.

Remediation

From the console

To configure the privileged parameter on a task definition, see Advanced container definition parameters in the Amazon Elastic Container Service Developer Guide.