By default the task definition readonlyRootFilesystem is set to false. If not set to true, it will grant write permissions to the root file system. Could you clarify if write permission is needed for the acl-controller?
This triggers the following AWS Security Hub alert:
[ECS.5] This control checks if ECS containers are limited to read-only access to mounted root filesystems. This control fails if the ReadonlyRootFilesystem parameter in the container definition of ECS task definitions is set to ‘false’. Remediation instructions
By default the task definition
readonlyRootFilesystem
is set tofalse
. If not set to true, it will grant write permissions to the root file system. Could you clarify if write permission is needed for theacl-controller
?This triggers the following AWS Security Hub alert: