1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
Hi,
Best practice is to run as non-root user: see https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/security-tasks-containers.html
Run containers as a non-root user
You should run containers as a non-root user. By default, containers run as the root
user unless the USER directive is included in your Dockerfile. The default Linux capabilities
that are assigned by Docker restrict the actions that can be run as root, but only marginally.
For example, a container running as root is still not allowed to access devices.
As part of your CI/CD pipeline you should lint Dockerfiles to look for the USER directive and fail the build if it's missin
External sources also recommend to run Fargate images as non-root: https://www.alertlogic.com/blog/aws-fargate-security-best-practices/
Best,
Didier
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 1年前
Much appreciated for the fast response!