By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

VSCode Extension Installations on EC2 Server & Risk Evaluation

0

A customer would like to install vs-code extensions to their EC2 (for example, the official GitHub Copilot extension). These extensions will be stored in the folder /home/ec2-user/.vscode-server/extensions.

The customer like to understand any forseen security vulnerabilities introduced by this? if there are potential risks, are there any advice to evaluate & minimise any security risk of vulnerabilities.

Topics
ComputeAWS Well-Architected Framework
Tags
Amazon EC2Security
Language
English
Dennis
asked 3 months ago216 views
2 Answers
0
Accepted Answer

Hello,

Thank you for your post,

Please note that, as vscode extension is handled by third party developer(based on the extension) thus I will not be able to comment on the vulnerabilities of the extensions.

However as a recommendation, you may scan your EC2 instance using tool like Amazon Inspector to detect if there are any vulnerabilities getting captured post adding the extension and take further action for the remediation.

[+] https://aws.amazon.com/inspector/

You may also have look at the best practices for your EC2 instance to make it more secure.

[+] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-best-practices.html

AWS
SUPPORT ENGINEER
Deepak_J
answered 3 months ago
0

Hi Deepak, thanks & appreciate your sharing.

Dennis
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content