top of page
ECS.8
Secrets should not be passed as container environment variables
Severity
Cloud Platforms
Resources
Related Standards
Automated
HIGH
AWS
Amazon Elastic Container Service
AWS Foundational Best Practice, NIST.800-53.r5,
This control checks if the key value of any variables in the ‘environment’ parameter of container definitions includes - AWS_ACCESS_KEY_ID; AWS_SECRET_ACCESS_KEY; or ECS_ENGINE_AUTH_DATA.
bottom of page