Cloud Conformity Real-Time Threat Monitoring and Analysis (RTMA) engine has detected configuration changes made at the AWS ECS service level, within your Amazon Web Services account.
Amazon ECS is a highly scalable, high-performance, container management service that makes it easy to run and manage Docker containers within a cluster. You can use the Elastic Container Service (ECS) service to schedule the placement of containers across your cluster based on your resource needs, isolation policies and availability requirements. Amazon ECS eliminates the need for you to install, operate and scale your own cluster management infrastructure. With AWS ECS, you can launch and stop Docker-enabled applications, query the complete state of your application and access AWS cloud resources and features like IAM roles, EC2 security groups, EBS volumes, CloudWatch events, Amazon CloudFormation templates and CloudTrail logs.
Cloud Conformity RTMA feature monitors and detects each ECS configuration change made in your AWS account such as creating an updating attributes for an ECS resource, deregistering container instances from a cluster, removing a specified service from a cluster or deleting a cluster. Specifically, the activity detected by this Cloud Conformity RTMA rule can be any IAM or root account user request initiated through AWS Management Console or any AWS API request initiated programmatically using AWS CLI or SDKs, that triggers the following Amazon ECS actions:
The main purpose of Amazon ECS is to help you deploy, manage and scale Docker containers within your own cloud environment. When you use Amazon ECS service to run containerized applications in production, monitoring ECS configuration changes in real-time is extremely important for keeping your production environment stable and secure. As best practice, you have to be aware of any configuration change made at the ECS service level at any point in time. Using Cloud Conformity RTMA feature to detect ECS configuration changes can help you prevent any accidental or intentional modifications that may lead to severe security breaches or data loss.