ECS Task Definition Network Mode Not Recommended
- Query id: 01aec7c2-3e4d-4274-ae47-2b8fea22fd1f
- Query name: ECS Task Definition Network Mode Not Recommended
- Platform: Ansible
- Severity: High
- Category: Insecure Configurations
- URL: Github
Description¶
Network_Mode should be 'awsvpc' in ecs_task_definition. AWS VPCs provides the controls to facilitate a formal process for approving and testing all network connections and changes to the firewall and router configurations
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
---
- name: Create task definition
community.aws.ecs_taskdefinition:
family: nginx
containers:
- name: nginx
essential: true
image: "nginx"
portMappings:
- containerPort: 8080
hostPort: 8080
cpu: 512
memory: 1024
state: present
network_mode: default
- name: Create task definition2
community.aws.ecs_taskdefinition:
family: nginx
containers:
- name: nginx
essential: true
image: "nginx"
portMappings:
- containerPort: 8080
hostPort: 8080
launch_type: FARGATE
cpu: 512
memory: 1024
state: present
network_mode: none