1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
Hi,
Best practice is to run as non-root user: see https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/security-tasks-containers.html
Run containers as a non-root user
You should run containers as a non-root user. By default, containers run as the root
user unless the USER directive is included in your Dockerfile. The default Linux capabilities
that are assigned by Docker restrict the actions that can be run as root, but only marginally.
For example, a container running as root is still not allowed to access devices.
As part of your CI/CD pipeline you should lint Dockerfiles to look for the USER directive and fail the build if it's missin
External sources also recommend to run Fargate images as non-root: https://www.alertlogic.com/blog/aws-fargate-security-best-practices/
Best,
Didier
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 7달 전
Much appreciated for the fast response!