AWS Security ChangesHomeSearch

AWS AmazonECS documentation change

Service: AmazonECS · 2026-07-04 · Documentation low

File: AmazonECS/latest/developerguide/express-service-best-practices.md

Summary

Added new section 'When to use a custom task definition' with security-related use cases

Security assessment

Explicitly mentions using custom task definitions for security agents and compliance configurations, documenting security features without addressing specific vulnerabilities.

Diff

diff --git a/AmazonECS/latest/developerguide/express-service-best-practices.md b/AmazonECS/latest/developerguide/express-service-best-practices.md
index 13c7f876b..fa0fe3d31 100644
--- a//AmazonECS/latest/developerguide/express-service-best-practices.md
+++ b//AmazonECS/latest/developerguide/express-service-best-practices.md
@@ -160,0 +161,13 @@ Meaningful health checks and alarm based rollbacks can both help with rollback.
+### When to use a custom task definition
+
+Consider providing your own custom task definition only when:
+
+  * Your team has standardized task definitions with security agents, logging sidecars, or compliance configurations that must be present on all services.
+
+  * You need task-level settings not directly configurable through Express Mode, such as container health checks, custom log drivers (for example, FireLens), Linux parameters (`initProcessEnabled`, `tmpfs` mounts), or additional sidecar containers.
+
+  * You use infrastructure as code and want to define your task definition in your templates and pass it to your Express Mode service.
+
+
+
+