- Newest
- Most votes
- Most comments
Fargate is serverless compute for containers which is completely managed by AWS. Hence Customer will not have visibility in the patching and maintenance. There will be no logs provided to support the patching.
New platform versions are released as the runtime environment evolves, for example, if there are kernel or operating system updates, new features, bug fixes, or security updates. Security updates and patches are deployed automatically for the Fargate tasks. If a security issue is found that affects a platform version, AWS patches the platform version [1].
Please refer below documents for more information:
[1] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html
[2] https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-maintenance.html
[3] https://docs.aws.amazon.com/eks/latest/userguide/fargate-pod-patching.html
Hello,
You have some options.
There's this great resource on Building an end-to-end Kubernetes-based DevSecOps software factory on AWS. From there you'll get a ton of resources.
There are commercial and open source ways to deal with this, one example is Snyk and Sysdig. Also recommend the workshop on threat detection.
Hope it helps,
Relevant content
- asked a year ago
- How do I use the Microsoft KB number in Patch Manager to install a specific patch or set of patches?AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 9 months ago