By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Best practice for a container lifecycle age?

0

What is the best practice for a container (ECS) lifecycle age? Should they be refreshed (patched/deployed) daily/weekly/monthly?

Topics
ContainersAWS Well-Architected Framework
Tags
Amazon Elastic Container ServiceContainersSecurity
Language
English
Boarder
asked 9 months ago283 views
2 Answers
0

https://docs.aws.amazon.com/AmazonECR/latest/userguide/LifecyclePolicies.html

Asha Kanta Sharma
answered 9 months ago
0

Personally this should be based on your companies security strategy.

A Regular scanning strategy of your ECR should be put in place paired with AWS inspector.

Vulnerabilities are being discovered on a daily basis and should be monitored closely.

Containers should be patched based off when vulnerabilities are discovered. Depending on the CVE score and the impact may dictate how urgent you should deploy a patched version.

Regular patching is good practice in my eyes. Time is normally against most people to review release notes for every package in a container and many mainly rely on the likes of inspector,qualys, tenable etc container scanning.

profile picture
EXPERT
Gary Mclean
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content