0

I am not sure whether my basic assumption for this question is correct, but as I understand, there is the following problem: A user who has the permission to create ECS task definitions can access all data of the instance at any time through docker bind mounts. Including database passwords, API keys and other critical data. If that's correct, I can manage my passwords in git, assuming that all git users are authorized to start task definitions at the same time, because it doesnt matter. Or in other words, i can put all critical passwords into my docker images. If i am right, is there a way to prevent this kind of privileg escalation?

I'm sorry if I was a little indistinct. I'm trying to understand what it means when an employee has the rights to change / create an ECS task definition. This right would typically be granted to a git runner in order to push changes in the source code as a docker container onto an instance. From my point of view, that would mean that everyone who has this authorization can also read out all data on the instance at the same time. As powerful as an SSH access to the instance. Because with the help of docker volumes (bind-mount) an evil container could access all data of the instance. Can you confirm that? So assuming you would give a git runner this authorization, then you could actually simply check in your passwords in git or write in a docker image, which you shouldn't do.

eltitano
  • 3
  • 3
  • What exactly you want to achieve? Protect the credentials from who? Give an example and desired outcome. – MLu Sep 25 '20 at 23:21
  • I'm not quite sure what you're trying to achieve, but you could consider aws secrets manager for secure password storage. Your instance role can access and decrypt, so anyone who can log into the instance / container can access them. You can always put security group rules in to prevent ssh, and disallow users from security group rules. – Tim Sep 26 '20 at 02:15

0 Answers0