Remediating a potentially compromised ECS cluster
Follow these recommended steps to remediate a potentially compromised Amazon ECS cluster in your Amazon environment:
-
Identify the potentially compromised ECS cluster.
The GuardDuty Malware Protection finding for ECS provides the ECS cluster details in the finding's details panel.
-
Evaluate the source of malware
Evaluate if the detected malware was in the container's image. If malware was in the image, identify all other tasks which are running using this image. For information about running tasks, see ListTasks.
-
Isolate the potentially impacted tasks
Isolate the impacted tasks by denying all ingress and egress traffic to the task. A deny all traffic rule may help you stop an attack that is already underway, by severing all the connections to the task.
If the access was authorized, you can ignore the finding. The https://console.amazonaws.cn/guardduty/