Amazon Elastic Container Service (ECS) now supports mounting Amazon Elastic Block Store (EBS) volumes to containers running as non-root users. With this launch, ECS automatically configures the EBS volume’s file system permissions to allow non-root users to read and write data securely, while preserving the root-level ownership of the volume. This enhancement simplifies security-first container deployments by removing the need for manual permission management or custom entrypoint scripts.
This feature enhances container security by allowing tasks to run as non-root users, reducing the risk of privilege escalation and unauthorized access to data. Previously, for a container in a task to write to a mounted Amazon EBS volume, it had to run as the root user. ECS now automatically manages EBS volume permissions, simplifying workflows and ensuring that all containers within a task — regardless of user ID — can securely read and write to the mounted volume.
This feature is now available in all AWS Regions where Amazon ECS and Amazon EBS are supported, for EC2, AWS Fargate, and ECS Managed Instances launch types. To learn more, see Use Amazon EBS volumes with Amazon ECS in the Amazon ECS Developer Guide.
Categories: marketing:marchitecture/containers,marketing:marchitecture/storage,marketing:marchitecture/compute,general:products/amazon-ecs,marketing:marchitecture/serverless
Source: Amazon Web Services
Latest Posts
- Amazon ECS announces non-root container support for managed EBS volumes
- Amazon Keyspaces (for Apache Cassandra) is now available in the Middle East (UAE) Region
- Amazon DynamoDB Streams expands AWS PrivateLink support to FIPS endpoints
- Amazon CloudFront announces cross-account support for VPC origins
