How do I find Fargate Vulnerability Scan and Patching

0

My company uses ECS and EKS on Fargate to take advantage of automatic vulnerability scanning and patching by AWS. To satisfy our own customer compliance requirements we need to show evidence that Fargate is scanning and patching vulnerabilities. Is it possible to find/see a log of Fargate vulnerability management actions/events? We've been searching documentation but haven't discovered anything. Thank you.

2 Answers
0
Accepted Answer

Fargate is serverless compute for containers which is completely managed by AWS. Hence Customer will not have visibility in the patching and maintenance. There will be no logs provided to support the patching.

New platform versions are released as the runtime environment evolves, for example, if there are kernel or operating system updates, new features, bug fixes, or security updates. Security updates and patches are deployed automatically for the Fargate tasks. If a security issue is found that affects a platform version, AWS patches the platform version [1].

Please refer below documents for more information:

[1] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html

[2] https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-maintenance.html

[3] https://docs.aws.amazon.com/eks/latest/userguide/fargate-pod-patching.html

AWS
answered a year ago
profile pictureAWS
EXPERT
reviewed a year ago
0

Hello,

You have some options.

There's this great resource on Building an end-to-end Kubernetes-based DevSecOps software factory on AWS. From there you'll get a ton of resources.

There are commercial and open source ways to deal with this, one example is Snyk and Sysdig. Also recommend the workshop on threat detection.

Hope it helps,

profile pictureAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions