- 最新
- 投票最多
- 评论最多
Fargate is serverless compute for containers which is completely managed by AWS. Hence Customer will not have visibility in the patching and maintenance. There will be no logs provided to support the patching.
New platform versions are released as the runtime environment evolves, for example, if there are kernel or operating system updates, new features, bug fixes, or security updates. Security updates and patches are deployed automatically for the Fargate tasks. If a security issue is found that affects a platform version, AWS patches the platform version [1].
Please refer below documents for more information:
[1] https://docs.aws.amazon.com/AmazonECS/latest/developerguide/platform_versions.html
[2] https://docs.aws.amazon.com/AmazonECS/latest/userguide/task-maintenance.html
[3] https://docs.aws.amazon.com/eks/latest/userguide/fargate-pod-patching.html
Hello,
You have some options.
There's this great resource on Building an end-to-end Kubernetes-based DevSecOps software factory on AWS. From there you'll get a ton of resources.
There are commercial and open source ways to deal with this, one example is Snyk and Sysdig. Also recommend the workshop on threat detection.
Hope it helps,
相关内容
AWS 官方已更新 9 个月前- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
