By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Security Hub Issue

0

I'm trying to solve the AWS Security Hub issue "ECS containers should be limited to read-only access to root filesystem"

How can I address this.

Topics
Security, Identity, & Compliance
Tags
AWS Security Hub
Language
English
emmanlaw32
asked 6 months ago463 views
1 Answer
2
Accepted Answer

To resolve this Security Hub finding "[ECS.5] ECS containers should be limited to read-only access to root filesystems", set the parameter "readonlyRootFilesystem" to "false" in the ECSTaskDefinition.

  1. Select a task definition that has container definitions that need to be updated. For each, complete the following steps:
  2. From the drop down, choose Create new revision with JSON.
  3. Add the readonlyRootFilesystem parameter, and set it to **true **in the container definition within the task definition.
  4. Choose Create.

https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-5 https://docs.aws.amazon.com/config/latest/developerguide/ecs-containers-readonly-access.html

profile pictureAWS
Kuok Chiang
answered 6 months ago
profile picture
EXPERT
Gary Mclean
reviewed 6 months ago
  • Gary Mclean EXPERT
    6 months ago

    Totally spot on with the answer here. Just ensure your container/application still launches when set to read only as I see many times that when set to read only the container fails to launch.

  • emmanlaw32
    6 months ago

    This solved the problem for me. Thank you

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content