Container metadata

Use this rule to identify specific containers with a certain name such as 'simple-app'. In order to use this rule. simply replace 'simple-app' with the name you need to check.

Risk Level: Informational
Cloud Entity: Amazon ECS Task Definitions
CloudGuard Rule ID: D9.AWS.OPE.02
Covered by Spectral: No
Category: Compute

GSL LOGIC

EcsTask should have containers contain [ name = 'simple-app' ]

REMEDIATION

The name of a container - Up to 255 letters (uppercase and lowercase), numbers, hyphens, and underscores are allowed. If you are linking multiple containers together in a task definition, the name of one container can be entered in the links of another container to connect the containers. This parameter maps to name in the Create a container section of the Docker Remote API and the --name option to docker run.

Additional Reference: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html

Amazon ECS Task Definitions

Amazon Elastic Container Service (Amazon ECS) is a highly scalable, high-performance container orchestration service that supports Docker containers and allows you to easily run and scale containerized applications on AWS. Amazon ECS eliminates the need for you to install and operate your own container orchestration software, manage and scale a cluster of virtual machines, or schedule containers on those virtual machines.

Compliance Frameworks

  • AWS CloudGuard Best Practices
  • AWS CloudGuard Containers Security
  • AWS CloudGuard Well Architected Framework
  • AWS HITRUST
  • AWS ITSG-33
  • AWS MAS TRM Framework
  • AWS NIST 800-53 Rev 5