For more information, see Network mode.Ĭredential Isolation: A container can only This command does not affect containers in tasks that use the host orĪwsvpc network modes. Still allowing the permissions that are provided by the task role) by running theįollowing iptables command on your container instances. To prevent containers in tasks that use the bridge network mode from For more information, see Amazon ECS container agent configuration. In the agent configuration file and restart the agent. Still allowing the permissions that are provided by the task role), set theĮCS_AWSVPC_BLOCK_IMDS agent configuration variable to true To prevent containers in tasks that use the awsvpc network mode fromĪccessing the credential information supplied to the container instance profile (while We recommend that you limit the permissionsĬontainer instance role to the minimal list of permissions shown in Amazon ECS container instance IAM role. The Amazon EC2 instance metadata server). Containers that are running on your container instances are not prevented fromĪccessing the credentials that are supplied to the container instance profile (through
0 kommentar(er)
