AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2025-04-11 · Documentation medium

File: AmazonECS/latest/developerguide/security-network.md

Summary

Added firewall configuration guidance for ECS agent endpoints

Security assessment

The change adds security-related network configuration documentation for proper firewall rules, but does not indicate a specific security vulnerability being addressed. It enhances security best practices documentation.

Diff

diff --git a/AmazonECS/latest/developerguide/security-network.md b/AmazonECS/latest/developerguide/security-network.md
index 6fc8b322d..0d490e32f 100644
--- a//AmazonECS/latest/developerguide/security-network.md
+++ b//AmazonECS/latest/developerguide/security-network.md
@@ -51,0 +52,2 @@ We recommend that you configure your tasks to use the `awsvpc` network mode. Aft
+If you use a custom firewall with tasks or sevices, add an outbound rule to allow traffic for the Amazon ECS agent management endpoints ("`ecs-a-*.`region`.amazonaws.com`"), telemetry endpoints ("`ecs-t-*.`region`.amazonaws.com`"), and the Service Connect Envoy management endpoints ("`ecs-sc.`region`.api.aws`").
+