ECS containers should run as non-privileged

Severity: High

Resource Types: AWS::ECS::TaskDefinition

Description

This control checks if the privileged parameter in the container definition of Amazon ECS Task Definitions is set to true. The control fails if this parameter is equal to true.

We recommend that you remove elevated privileges from your ECS task definitions. When the privilege parameter is true, the container is given elevated privileges on the host container instance (similar to the root user).

Remediation

To configure the privileged parameter on a task definition, see Advanced container definition parameters in the Amazon Elastic Container Service Developer Guide.

ECS containers should run as non-privileged

Description​

Remediation​

Description

Remediation