AWS ECS containers should run as non-privileged

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Description

This assessment examines whether the privileged setting in the container definition of Amazon ECS Task Definitions is enabled. The assessment will not pass if the privileged setting is enabled. This evaluation is based on the most recent active revision of an Amazon ECS task definition.

It is advisable to avoid granting elevated privileges in your ECS task definitions. When the privileged setting is enabled, the container is granted elevated privileges on the host container instance, similar to those of the root user.

Remediation

From the console

To configure the privileged parameter on a task definition, see Advanced container definition parameters in the Amazon Elastic Container Service Developer Guide.