Replies: 1 comment 5 replies
-
|
Artillery containers rely on having a writeable filesystem - workers need to be able to download test assets (and install npm dependencies if your tests use them) |
Beta Was this translation helpful? Give feedback.
-
|
Hi, I just updated the post. There are alternatives to avoid root system file write access like using docker volumes for example or the /tmp directory: https://repost.aws/questions/QUZufioV63TciPZZ0onYdsdA/unable-to-limit-ecs-containers-to-read-only-access-to-root-filesystem |
Beta Was this translation helpful? Give feedback.
-
|
Yep definitely something we should do |
Beta Was this translation helpful? Give feedback.
-
|
Should I create an issue for this? Or what's the best way to get this going? Can you point me to what part of the code actually create the TaskDefinition in the code? I was some references in aws-legacy, but not sure if that still used? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, an issue would be great! The relevant code is here:
|
Beta Was this translation helpful? Give feedback.
-
|
Actually @drissamri I'll just convert this discussion into an issue |
Beta Was this translation helpful? Give feedback.
-
We run Artillery on AWS using the fargate option but the automated scans by AWS SecurityHub raise an alarm that containers should only have read-only access to its root system
I don't see an option to customize the Fargate deployment? Is this something that can be fixed in the framework itsefl? There is an option readonlyRootFilesystem that can be enabled on a Fargate Task which would resolve this security alert.
If the container does need to write filesystem, there are other options to do this like using Docker volumes to get rid of this error: https://repost.aws/questions/QUZufioV63TciPZZ0onYdsdA/unable-to-limit-ecs-containers-to-read-only-access-to-root-filesystem
Beta Was this translation helpful? Give feedback.
All reactions