AWS AmazonECS documentation change
Summary
Added firewall configuration guidance for ECS agent endpoints
Security assessment
The change adds security-related network configuration documentation for proper firewall rules, but does not indicate a specific security vulnerability being addressed. It enhances security best practices documentation.
Diff
diff --git a/AmazonECS/latest/developerguide/security-network.md b/AmazonECS/latest/developerguide/security-network.md index 6fc8b322d..0d490e32f 100644 --- a//AmazonECS/latest/developerguide/security-network.md +++ b//AmazonECS/latest/developerguide/security-network.md @@ -51,0 +52,2 @@ We recommend that you configure your tasks to use the `awsvpc` network mode. Aft +If you use a custom firewall with tasks or sevices, add an outbound rule to allow traffic for the Amazon ECS agent management endpoints ("`ecs-a-*.`region`.amazonaws.com`"), telemetry endpoints ("`ecs-t-*.`region`.amazonaws.com`"), and the Service Connect Envoy management endpoints ("`ecs-sc.`region`.api.aws`"). +