Skip to content

Commit

Permalink
Possibility to set readonlyRootFilesystem on container. (#71)
Browse files Browse the repository at this point in the history 
AWS Foundational Security Best Practices [ECS.5] ECS containers should be limited to read-only access to root filesystems
  • Loading branch information
@Ole-Harald
Ole-Harald authored Aug 15, 2022
1 parent 8bb3eab commit d10a1b2
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 0 deletions.
1 change: 1 addition & 0 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,7 @@ locals {
"options" = local.log_configuration_options
}
"privileged" : var.privileged
"readonlyRootFilesystem" : var.readonlyRootFilesystem
}, local.task_container_secrets, local.repository_credentials)
}

Expand Down
6 changes: 6 additions & 0 deletions variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,12 @@ variable "privileged" {
type = bool
}

variable "readonlyRootFilesystem" {
description = "When this parameter is true, the container is given read-only access to its root file system."
default = false
type = bool
}

variable "wait_for_steady_state" {
description = "Wait for the service to reach a steady state (like aws ecs wait services-stable) before continuing."
type = bool
Expand Down

0 comments on commit d10a1b2

Please sign in to comment.