1 Answer
- Newest
- Most votes
- Most comments
1
Hi,
Best practice is to run as non-root user: see https://docs.aws.amazon.com/AmazonECS/latest/bestpracticesguide/security-tasks-containers.html
Run containers as a non-root user
You should run containers as a non-root user. By default, containers run as the root
user unless the USER directive is included in your Dockerfile. The default Linux capabilities
that are assigned by Docker restrict the actions that can be run as root, but only marginally.
For example, a container running as root is still not allowed to access devices.
As part of your CI/CD pipeline you should lint Dockerfiles to look for the USER directive and fail the build if it's missin
External sources also recommend to run Fargate images as non-root: https://www.alertlogic.com/blog/aws-fargate-security-best-practices/
Best,
Didier
Relevant content
- Accepted Answerasked 3 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 10 months ago
- AWS OFFICIALUpdated 4 months ago
Much appreciated for the fast response!