You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We've been using 7777 on our AWS accounts and after enabling Security Hub we started to get alerts showing the Task Definition created by 7777 cli command violates the ECS.5 rule of AWS Foundational Security Best Practices with severity HIGH
This control checks if Amazon ECS containers are limited to read-only access to mounted root filesystems. The control fails if the readonlyRootFilesystem parameter is set to false or if the parameter doesn't exist in the container definition within the task definition. This control only evaluates the latest active revision of an Amazon ECS task definition.
Enabling this option reduces security attack vectors since the container instance's filesystem cannot be tampered with or written to unless it has explicit read-write permissions on its filesystem folder and directories. This control also adheres to the principle of least privilege.
Wondering if you guys could sort this to get your tool compliant with this Best Practice ?
Thank you
The text was updated successfully, but these errors were encountered:
Hey, sorry for the late response. We discussed it in Slack, here's a quick summary: this would require some changes to the existing design. We're definitely taking note of this though.
Hey there,
We've been using 7777 on our AWS accounts and after enabling Security Hub we started to get alerts showing the Task Definition created by 7777 cli command violates the
ECS.5
rule ofAWS Foundational Security Best Practices
with severity HIGHhttps://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-5
Wondering if you guys could sort this to get your tool compliant with this Best Practice ?
Thank you
The text was updated successfully, but these errors were encountered: