Skip to content
This repository has been archived by the owner on Aug 16, 2022. It is now read-only.

AWS ECS Services #260

Closed
hobietje opened this issue Nov 16, 2021 · 0 comments · Fixed by #267 or #646
Closed

AWS ECS Services #260

hobietje opened this issue Nov 16, 2021 · 0 comments · Fixed by #267 or #646
Assignees
@amanenk
Labels
enhancement New feature or request

Comments

@hobietje
Copy link

New Resource

We already have ECS clusters but still miss information about what's running in them that's relevant for security.

Use Case

  • ECS Service should not have tasks with privileged IAM access to an EC2 instance
  • ECS Service tasks should not have access to EC2 instance metadata
  • ECS Services should not have public IP addresses assigned to them
  • ECS Service task role with admin privileges (should not have public IP addresses assigned to them)
  • ECS Service should use a container image hosted on Amazon ECR
  • ECS Service should expose only secure protocols on port 443
  • ECS Cluster should not have running Container Instances with unconnected agents
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@amanenk amanenk

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

ecs clusters dependencies added amanenk/cq-provider-aws
feat: Ecs tasks amanenk/cq-provider-aws
2 participants
@amanenk @hobietje