cloudposse/terraform-aws-ecs-container-definition 0.37.0

0.37.0: Set user to null to use default in Docker

on GitHub

what

• ECS default behavior is to have this left unset.
• This allows the container to run with the build-specificed USER in the Dockerfile (if set, root by default)

why

• The default behavior is to use the container's USER runtime.
• Defaulting the runtime is a security gap as it can cause containers that were built to run as other users to suddenly start running as root when deployed with this module.

Note, this could break existing container environments running in the wild if they were inadvertently taking advantage of the root access.