ECS Task Definitions Share the Host's Process Namespace

Overview

This check examines Amazon ECS task definitions to ensure they do not share the host's process namespace with containers, failing if such sharing is configured.

PID namespaces ensure vital isolation between processes, preventing visibility of system processes and enabling PID reuse, including PID 1. If a task definition shares the host's PID namespace with containers, it grants access to all host processes, compromising process-level isolation. This poses risks of unauthorized access, manipulation, and termination of host processes, highlighting the need to avoid sharing the host's process namespace with containers.

Vendor

AWS

Cloud Service

ECS

ECS.3

Severity

Item Types

AWS::ECS::TaskDefinition

Overview​

Vendor​

Cloud Service​

Related Controls​

Severity​

Item Types​

Overview

Vendor

Cloud Service

Related Controls

Severity

Item Types