AWS ECS
Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes
Design Guidance:
Tags | ||
Cluster Name |
Cluster | |
Task Set Id | |
Service |
Cluster | ||
Load Balancers-Container Name | ||
Load Balancers-Load Balancer Name | ||
Load Balancers-Target Group Arn | ||
Service Name | ||
Service Registries | ||
Service Registries-Container Name | ||
Service Registries-Registry Arn | ||
Tags |
Depends On-Container Name | ||
Container Definitions-Hostname | ||
Volumes-Efsvolume Configuration | ||
Efsvolume Configuration-Filesystem Id | ||
Tags |
Cluster | ||
Load Balancers-Container Name | ||
Load Balancers-Load Balancer Name | ||
Service | ||
Service Registries-Container Name | ||
Service Registries-Registry Arn |
Name | ||
Tags |
Design Guidance:
Cluster Settings | ||
Cluster Settings-Name | ||
Cluster Settings-Value |
Firelens Configuration-Type | ||
Firelens Configuration-Options | ||
Log Configuration-Log Driver |
Design Guidance:
Launch Type |
Container Definitions-Docker Security Options |
Launch Type | ||
Platform Version | ||
Task Definition |
Load Balancers |
Load Balancers |
Design Guidance:
Load Balancers-Container Port | ||
Service Registries-Container Port | ||
Service Registries-Port |
Port Mappings-Container Port | ||
Port Mappings-Host Port | ||
Efsvolume Configuration-Transit Encryption Port |
Load Balancers-Container Port | ||
Service Registries-Container Port | ||
Service Registries-Port |
Design Guidance:
Network Configuration-AWS VPC Configuration | ||
AWS VPC Configuration-Assign Public Ip | ||
AWS VPC Configuration-Subnets |
Network Configuration-AWS VPC Configuration | ||
AWS VPC Configuration-Assign Public Ip | ||
AWS VPC Configuration-Subnets |
Design Guidance:
AWS VPC Configuration-Security Groups |
AWS VPC Configuration-Security Groups |
Design Guidance:
Role |
Execution Role Arn | ||
Task Role Arn |
Design Guidance:
Container Definitions | ||
Container Definitions-Command | ||
Container Definitions-Environment | ||
Container Definitions-Environment Files |
Design Guidance:
Container Definitions-Disable Networking |
Design Guidance:
Container Definitions-Dns Search Domains | ||
Container Definitions-Dns Servers | ||
Container Definitions-Extra Hosts |
Design Guidance:
Container Definitions-Health Check | ||
Health Check-Command | ||
Health Check-Interval | ||
Health Check-Timeout | ||
Health Check-Retries | ||
Health Check-Start Period | ||
Port Mappings-Protocol |
Auto Scaling Group Provider | ||
Managed Scaling-Status | ||
Auto Scaling Group Provider-Managed Termination Protection |
Design Guidance:
Secret Options-Name | ||
Secret Options-Value From | ||
Repository Credentials-Credentials Parameter | ||
Secrets-Name | ||
Secrets-Value From |
Container Definitions-Privileged | ||
Container Definitions-Readonly Root Filesystem | ||
Container Definitions-User | ||
Efsvolume Configuration-Root Directory |
Design Guidance:
Efsvolume Configuration-Transit Encryption |
Load Balancers-Target Group Arn |
Last modified 1yr ago