- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
This evaluation examines whether Amazon ECS containers are restricted to read-only access to mounted root filesystems. The evaluation will not succeed if the readonlyRootFilesystem
parameter is set to false or if the parameter is missing from the container definition in the task definition. This assessment is based on the most recent active revision of an Amazon ECS task definition.
Enabling this setting helps to minimize security vulnerabilities as it prevents unauthorized tampering or writing to the container instance’s filesystem unless explicit read-write permissions are granted to its folders and directories. This control also aligns with the principle of least privilege.
Open the Amazon ECS classic console
In the left navigation pane, choose Task definitions.
Select a task definition that has container definitions that need to be updated. For each, complete the following steps:
From the drop down, choose Create new revision with JSON.
Add the readonlyRootFilesystem
parameter, and set it to true
in the container definition within the task definition.
Choose Create.