Thanks! This is an extremely thorough and helpful article. However, it recommends running containers as the root user, which is a known bad security practice. There is a workaround, which is mentioned in the AWS best practices regarding this very issue (i.e., the dangers of running containers as root).
Could you link to this best practice, or at least explain the workaround (i.e. using securityContext + fsGroup) instead of recommending running containers as root?
Here's the best practices document to which I refer: https://docs.aws.amazon.com/whitepapers/latest/security-practices-multi-tenant-saas-applications-eks/forbid-running-tenant-containers-as-root.html
Thank you for your comment. We'll review and update the Knowledge Center article as needed.
- asked a year ago
- AWS OFFICIALUpdated 24 days ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago