Skip to content
Below are some of the security best practices in terms of AWS Elastic Container Service:
- The credentials should not be stored in containers/images
- Secrets managers (like Hashicorp Vault, AWS Secrets Manager, etc.,) should be used for managing the credentials
- The containers should not be running with the root user
- Only the trusted images should be used for creating the containers
- The images with the latest tag should be used
- Container image scanning tools should be placed in the pipeline to check for vulnerabilities in order to minimize the attack surface
- The containers should be inside the respective VPC with security groups and NACLs in place
