1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
1
Hi,
Best practice is to run as non-root user: see https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/security-tasks-containers.html
Run containers as a non-root user
You should run containers as a non-root user. By default, containers run as the root
user unless the USER directive is included in your Dockerfile. The default Linux capabilities
that are assigned by Docker restrict the actions that can be run as root, but only marginally.
For example, a container running as root is still not allowed to access devices.
As part of your CI/CD pipeline you should lint Dockerfiles to look for the USER directive and fail the build if it's missin
External sources also recommend to run Fargate images as non-root: https://www.alertlogic.com/blog/aws-fargate-security-best-practices/
Best,
Didier
Conteúdo relevante
- feita há 17 dias
- feita há um dia
- feita há 17 dias
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há um ano
- AWS OFICIALAtualizada há 7 meses
Much appreciated for the fast response!