Y
Hacker News
new
|
ask
|
show
|
jobs
by
amsully
2468 days ago
Don't know from a Fargate perspective but Elastic Container Service (ECS) deploys EC2 servers that do not pass the CIS Benchmark. I don't believe you gain much from a security perspective.
1 comments
x3n0ph3n3
2468 days ago
You can roll out your own EC2 instances and Auto Scaling Group for ECS and control the security on them yourself.
link
OhSoHumble
2468 days ago
This is incredibly true. The only requirement for an ECS cluster member is to be running the ECS agent - which is a Golang binary.
You're free to run a CIS hardened image if you desire to do so.
link
ed6612
2468 days ago
This is how we roll. CIS as base, Packer to customize (ecs agent, docker) into own AMIs.
link
fovc
2468 days ago
Are there OSS or commercial AMIs that have been hardened? Maybe some RHEL or CentOS?
link
OhSoHumble
2468 days ago
Yeah, if you look at the AWS image marketplace then you'll find some.
link
zo1
2468 days ago
For some odd reason, I find the AWS marketplace a bit suspect looking. Not saying that it is, just that that's my impression of it.
link