Back to All Checks
High ECS Regional

Amazon ECS task definitions should have secure networking modes and user definitions

NIST

Description

Checks if an active Amazon ECS task definition with host networking mode has privileged or user container definitions. This check fails for task definitions that have host network mode and container definitions of privileged=false, empty and user=root, or empty.

Remediation

Update task definitions to ensure they have secure networking modes and user definitions.

Steps

  1. Open the Amazon ECS console.
  2. Navigate to the Task Definitions section.
  3. Select the task definition to update.
  4. Create a new revision with the network mode set not to 'host'.
  5. Update running tasks and services to use the new task definition revision.

Compliance

NIST
Start Your Free Security Check