Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

VSCode Extension Installations on EC2 Server & Risk Evaluation

0

A customer would like to install vs-code extensions to their EC2 (for example, the official GitHub Copilot extension). These extensions will be stored in the folder /home/ec2-user/.vscode-server/extensions.

The customer like to understand any forseen security vulnerabilities introduced by this? if there are potential risks, are there any advice to evaluate & minimise any security risk of vulnerabilities.

Temas
CálculoAWS Well-Architected Framework
Etiquetas
Amazon EC2Seguridad
Idioma
English
Dennis
preguntada hace 4 meses229 visualizaciones
2 Respuestas
0
Respuesta aceptada

Hello,

Thank you for your post,

Please note that, as vscode extension is handled by third party developer(based on the extension) thus I will not be able to comment on the vulnerabilities of the extensions.

However as a recommendation, you may scan your EC2 instance using tool like Amazon Inspector to detect if there are any vulnerabilities getting captured post adding the extension and take further action for the remediation.

[+] https://aws.amazon.com/inspector/

You may also have look at the best practices for your EC2 instance to make it more secure.

[+] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-best-practices.html

AWS
INGENIERO DE SOPORTE
Deepak_J
respondido hace 3 meses
0

Hi Deepak, thanks & appreciate your sharing.

Dennis
respondido hace 3 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante