High
ECS
Regional
Secrets should not be passed as container environment variables
NISTISO 27001
Description
Checks if ECS containers are not passing secrets as plain text environment variables such as AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, PASSWORD, TOKEN, SECRET.
Remediation
To prevent passing secrets as environment variables, use AWS Secrets Manager or parameter store to manage secrets.
Steps
- Open the Amazon ECS console.
- In the left navigation pane, choose Task definitions.
- Select a task definition and choose Create new revision with JSON.
- Modify the container definition to use AWS Secrets Manager or parameter store for secrets.
- Choose Create.
Compliance
NISTISO 27001