AWS ECS – Security Best Practices

Below are some of the security best practices in terms of AWS Elastic Container Service:

  • The credentials should not be stored in containers/images
  • Secrets managers (like Hashicorp Vault, AWS Secrets Manager, etc.,) should be used for managing the credentials
  • The containers should not be running with the root user
  • Only the trusted images should be used for creating the containers
  • The images with the latest tag should be used
  • Container image scanning tools should be placed in the pipeline to check for vulnerabilities in order to minimize the attack surface
  • The containers should be inside the respective VPC with security groups and NACLs in place

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *