AWS ECS containers should run as non-privileged

Description

This assessment examines whether the privileged setting in the container definition of Amazon ECS Task Definitions is enabled. The assessment will not pass if the privileged setting is enabled. This evaluation is based on the most recent active revision of an Amazon ECS task definition.

It is advisable to avoid granting elevated privileges in your ECS task definitions. When the privileged setting is enabled, the container is granted elevated privileges on the host container instance, similar to those of the root user.

Remediation

From the console

To configure the privileged parameter on a task definition, see Advanced container definition parameters in the Amazon Elastic Container Service Developer Guide.