Control: AWS > NIST 800-53 > ECS > ECS task definition container definitions should be checked for host mode

Check if Amazon Elastic Container Service (Amazon ECS) task definition with host networking mode has 'privileged' or 'user' container definitions.The rule is NON_COMPLIANT for task definitions with host network mode and container definitions of privileged=false or empty and user=root or empty.

Resource Types

This control targets the following resource types:

AWS > ECS > Task Definition

In Your Workspace

Developers

Control Type URI

tmod:@turbot/aws-nist-800-53#/control/types/ecsTaskDefinitionUserForHostModeCheck

Category URI

tmod:@turbot/turbot#/control/categories/complianceNist80053

GraphQL

query controlType(id: "tmod:@turbot/aws-nist-800-53#/control/types/ecsTaskDefinitionUserForHostModeCheck") { … }

query controls(filter: "controlTypeId:'tmod:@turbot/aws-nist-800-53#/control/types/ecsTaskDefinitionUserForHostModeCheck'") { … }

CLI

Get Controls

turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-nist-800-53#/control/types/ecsTaskDefinitionUserForHostModeCheck"