- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
This configuration check verifies that unauthorized permissions do not exist in Amazon Elastic Container Service (Amazon ECS) task definitions that have NetworkMode
set to host
. If the NetworkMode
is host
, the rule will be marked as NON_COMPLIANT
if the container definitions have privileged set to false
or empty
, and user set to root
or empty
.
It is recommended to avoid granting elevated privileges in Amazon ECS task definitions. When privileged is set to true
, the container is granted elevated permissions on the host container instance, similar to the root user.
Similarly, it is recommended to avoid running tasks in host network mode when running containers with the root user (UID 0). As a security best practice, you should always use a non-root user.
host
and contains privileged set to false
or empty
, and user set to root
or empty
.true
based on your application requirements.non-root
user with a non-zero UID.