Detections
Analytics

Ensure potential AWS_ACCESS_KEY_ID information is not disclosed in container definition for AWS ECS service

HIGH

Description

Disclosing potential AWS_ACCESS_KEY_ID information in container definition may cause sensitive information disclosure.

Remediation

For Amazon ECS best practices, see the AWS documentation (below).

In Terraform -

  1. In the aws_ecs_task_definition resource, set the container_definitions field appropriately.
  2. If sensitive information is required, pass this data to containers as environment variables.

References:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition

Policy Details

Rule Reference ID: AC_AWS_0093
CSP: AWS
Remediation Available: No
Domain: Data Protection
Resource: aws_ecs_task_definition
Resource Category: Compute
Resource Type: Elastic Container Service (ECS)

Frameworks