- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Fargate is serverless compute for containers which is completely managed by AWS. Hence Customer will not have visibility in the patching and maintenance. There will be no logs provided to support the patching.
New platform versions are released as the runtime environment evolves, for example, if there are kernel or operating system updates, new features, bug fixes, or security updates. Security updates and patches are deployed automatically for the Fargate tasks. If a security issue is found that affects a platform version, AWS patches the platform version [1].
Please refer below documents for more information:
[1] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html
[2] https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-maintenance.html
[3] https://docs.aws.amazon.com/eks/latest/userguide/fargate-pod-patching.html
Hello,
You have some options.
There's this great resource on Building an end-to-end Kubernetes-based DevSecOps software factory on AWS. From there you'll get a ton of resources.
There are commercial and open source ways to deal with this, one example is Snyk and Sysdig. Also recommend the workshop on threat detection.
Hope it helps,
Contenuto pertinente
AWS UFFICIALEAggiornata 3 anni fa- AWS UFFICIALEAggiornata 2 anni fa
- AWS UFFICIALEAggiornata 9 mesi fa
- AWS UFFICIALEAggiornata 3 mesi fa