Back to All Checks
Medium ECS Regional

ECS task definitions should not use host network mode

NIST 800-53

Description

This control checks whether the latest active revision of an Amazon ECS task definition uses host network mode. The control fails if the latest active revision of the ECS task definition uses host network mode.

Remediation

To ensure ECS task definitions don't use host network mode, configure the network mode to use bridge, awsvpc, or none instead of host.

Steps

  1. Navigate to the Amazon ECS console
  2. Select your task definition
  3. Choose 'Edit' and go to the 'Networking' section
  4. Change the 'Network mode' from 'host' to 'bridge', 'awsvpc', or 'none'
  5. Update any port mappings if necessary
  6. Save the task definition with the new network configuration

Compliance

NIST 800-53
Start Your Free Security Check