AWS::Batch::JobDefinition EksContainerSecurityContext
The security context for a job. For more information, see Configure a
security context for a pod or container
Syntax
To declare this entity in your Amazon CloudFormation template, use the following syntax:
JSON
{ "AllowPrivilegeEscalation" :
Boolean
, "Privileged" :Boolean
, "ReadOnlyRootFilesystem" :Boolean
, "RunAsGroup" :Integer
, "RunAsNonRoot" :Boolean
, "RunAsUser" :Integer
}
YAML
AllowPrivilegeEscalation:
Boolean
Privileged:Boolean
ReadOnlyRootFilesystem:Boolean
RunAsGroup:Integer
RunAsNonRoot:Boolean
RunAsUser:Integer
Properties
AllowPrivilegeEscalation
-
Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The default value is
false
.Required: No
Type: Boolean
Update requires: No interruption
Privileged
-
When this parameter is
true
, the container is given elevated permissions on the host container instance. The level of permissions are similar to theroot
user permissions. The default value isfalse
. This parameter maps toprivileged
policy in the Privileged pod security policiesin the Kubernetes documentation. Required: No
Type: Boolean
Update requires: No interruption
ReadOnlyRootFilesystem
-
When this parameter is
true
, the container is given read-only access to its root file system. The default value isfalse
. This parameter maps toReadOnlyRootFilesystem
policy in the Volumes and file systems pod security policiesin the Kubernetes documentation. Required: No
Type: Boolean
Update requires: No interruption
RunAsGroup
-
When this parameter is specified, the container is run as the specified group ID (
gid
). If this parameter isn't specified, the default is the group that's specified in the image metadata. This parameter maps toRunAsGroup
andMustRunAs
policy in the Users and groups pod security policiesin the Kubernetes documentation. Required: No
Type: Integer
Update requires: No interruption
RunAsNonRoot
-
When this parameter is specified, the container is run as a user with a
uid
other than 0. If this parameter isn't specified, so such rule is enforced. This parameter maps toRunAsUser
andMustRunAsNonRoot
policy in the Users and groups pod security policiesin the Kubernetes documentation. Required: No
Type: Boolean
Update requires: No interruption
RunAsUser
-
When this parameter is specified, the container is run as the specified user ID (
uid
). If this parameter isn't specified, the default is the user that's specified in the image metadata. This parameter maps toRunAsUser
andMustRanAs
policy in the Users and groups pod security policiesin the Kubernetes documentation. Required: No
Type: Integer
Update requires: No interruption