AWS Security ChangesHomeSearch

AWS securityhub documentation change

Service: securityhub · 2026-01-19 · Documentation low

File: securityhub/latest/userguide/ecs-controls.md

Summary

Added retirement notice for ECS.1 control and listed alternative controls (ECS.4, ECS.17, ECS.20, ECS.21)

Security assessment

Documents alternative security controls for privileged configuration and network modes, but doesn't address specific vulnerability

Diff

diff --git a/securityhub/latest/userguide/ecs-controls.md b/securityhub/latest/userguide/ecs-controls.md
index cb69fd16a..bcd4578dc 100644
--- a//securityhub/latest/userguide/ecs-controls.md
+++ b//securityhub/latest/userguide/ecs-controls.md
@@ -37,0 +38,11 @@ The purpose of this control is to ensure that access is defined intentionally wh
+###### Note
+
+This control will be retired after February 16, 2026 and removed from all applicable Security Hub CSPM standards. You can refer to the following controls for evaluation of privileged configuration, network mode configuration, and user configuration: 
+
+  * [ECS.4] ECS containers should run as non-privileged
+  * [ECS.17] ECS task definitions should not use host network mode
+  * [ECS.20] ECS Task Definitions should configure non-root users in Linux container definitions
+  * [ECS.21] ECS Task Definitions should configure non-administrator users in Windows container definitions
+
+
+