Only grant read-only access to root file system. - Githubissues

hashicorp / terraform-aws-consul-ecs

Consul Service Mesh on AWS ECS (Elastic Container Service)

https://www.consul.io/docs/ecs

Mozilla Public License 2.0

52 stars 30 forks source link

Only grant read-only access to root file system. #158

Closed v-rosa closed 1 year ago

v-rosa commented 1 year ago

Changes proposed in this PR:

ACL controller: only grant read-only access to root file system. To avoid trigger the following AWS Security Hub alert:

[ECS.5] This control checks if ECS containers are limited to read-only access to mounted root filesystems. This control fails if the ReadonlyRootFilesystem parameter in the container definition of ECS task definitions is set to ‘false’. Remediation instructions

https://github.com/hashicorp/terraform-aws-consul-ecs/issues/157

How I've tested this PR:

Locally bootstrap the ACL controler with this change and no side effect was detected.

How I expect reviewers to test this PR:

Checklist:

[ ] Tests added
[X] CHANGELOG entry added