Detections
Analytics

Ensure SECRET information is not included in container definition for AWS ECS service

HIGH

Description

Including SECRET information in container definition may cause sensitive information disclosure.

Remediation

For Amazon ECS best practices, see the AWS documentation (below).

In Terraform -

  1. In the aws_ecs_task_definition resource, set the container_definitions field appropriately.
  2. If sensitive information is required, pass this data to containers as environment variables.

References:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition

Policy Details

Rule Reference ID: AC_AWS_0090
CSP: AWS
Remediation Available: No
Domain: Data Protection
Resource: aws_ecs_task_definition
Resource Category: Compute
Resource Type: Elastic Container Service (ECS)

Frameworks