Loading controls...
Benchmark: ECS
Description
This section contains recommendations for configuring ECS resources.
Usage
Browse dashboards and select ECS:
steampipe dashboardOr run the benchmarks in your terminal:
steampipe check aws_compliance.benchmark.all_controls_ecsSnapshot and share results via Steampipe Cloud:
steampipe loginsteampipe check --share aws_compliance.benchmark.all_controls_ecsControls
- ECS clusters should have container insights enabled
- ECS cluster container instances should have connected agent
- ECS clusters encryption at rest should be enabled
- ECS cluster instances should be in a VPC
- At least one instance should be registered with ECS cluster
- ECS fargate services should run on the latest fargate platform version
- ECS services should be attached to a load balancer
- AWS ECS services should not have public IP addresses assigned to them automatically
- ECS task definition containers should not have secrets passed as environment variables
- ECS containers should run as non-privileged
- ECS containers should be limited to read-only access to root filesystems
- ECS task definitions should have logging enabled
- ECS task definitions should not share the host's process namespace
- ECS task definition container definitions should be checked for host mode