AWS AmazonECS documentation change
Summary
Added new section 'When to use a custom task definition' with security-related use cases
Security assessment
Explicitly mentions using custom task definitions for security agents and compliance configurations, documenting security features without addressing specific vulnerabilities.
Diff
diff --git a/AmazonECS/latest/developerguide/express-service-best-practices.md b/AmazonECS/latest/developerguide/express-service-best-practices.md index 13c7f876b..fa0fe3d31 100644 --- a//AmazonECS/latest/developerguide/express-service-best-practices.md +++ b//AmazonECS/latest/developerguide/express-service-best-practices.md @@ -160,0 +161,13 @@ Meaningful health checks and alarm based rollbacks can both help with rollback. +### When to use a custom task definition + +Consider providing your own custom task definition only when: + + * Your team has standardized task definitions with security agents, logging sidecars, or compliance configurations that must be present on all services. + + * You need task-level settings not directly configurable through Express Mode, such as container health checks, custom log drivers (for example, FireLens), Linux parameters (`initProcessEnabled`, `tmpfs` mounts), or additional sidecar containers. + + * You use infrastructure as code and want to define your task definition in your templates and pass it to your Express Mode service. + + + +