1 Answer
- Newest
- Most votes
- Most comments
2
To resolve this Security Hub finding "[ECS.5] ECS containers should be limited to read-only access to root filesystems", set the parameter "readonlyRootFilesystem" to "false" in the ECSTaskDefinition.
- Select a task definition that has container definitions that need to be updated. For each, complete the following steps:
- From the drop down, choose Create new revision with JSON.
- Add the readonlyRootFilesystem parameter, and set it to **true **in the container definition within the task definition.
- Choose Create.
https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-5 https://docs.aws.amazon.com/config/latest/developerguide/ecs-containers-readonly-access.html
answered 6 months ago
Relevant content
- asked 17 days ago
- asked 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Totally spot on with the answer here. Just ensure your container/application still launches when set to read only as I see many times that when set to read only the container fails to launch.
This solved the problem for me. Thank you