Skip to content

Set ReadonlyRootFilesystem to true by default in manifest files #4010

Closed
#4062
Closed
Set ReadonlyRootFilesystem to true by default in manifest files#4010
#4062
Labels
area/overrideIssues related to overrides.good first issueIssues for newcomers.size/SWe should be able to deliver roughly 2 small issues in a sprint.type/featureIssues that are new feature requests.
@efekarakus

Description

@efekarakus
efekarakus
opened on Sep 19, 2022

Ask

To comply with Security Hub's recommendation of [ECS.5] ECS containers should be limited to read-only access to root filesystems. Copilot should consider generating default manifest files with the following field already populated:

name: my-service

storage:
  readonly_root_fs: true

This way existing deployed service won't break, but newer services will comply with ECS.5 by enabling ReadonlyRootFilesystem: true in the CloudFormation template.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/overrideIssues related to overrides.good first issueIssues for newcomers.size/SWe should be able to deliver roughly 2 small issues in a sprint.type/featureIssues that are new feature requests.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions