本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
AwsEcs ASFF 中的 資源
以下是 AwsEcs 資源AWS的安全調查結果格式 (ASFF) 語法範例。
AWS Security Hub CSPM將各種來源的問題清單標準化為 ASFF。如需 ASFF 的背景資訊,請參閱 AWS安全調查結果格式 (ASFF)。
AwsEcsCluster
AwsEcsCluster 物件提供有關 Amazon Elastic Container Service 叢集的詳細資訊。
下列範例顯示 AwsEcsCluster 物件AWS的安全調查結果格式 (ASFF)。若要檢視AwsEcsCluster屬性的描述,請參閱 AWS Security HubAPI 參考中的 AwsEcsClusterDetails。
範例
"AwsEcsCluster": { "CapacityProviders": [], "ClusterSettings": [ { "Name": "containerInsights", "Value": "enabled" } ], "Configuration": { "ExecuteCommandConfiguration": { "KmsKeyId": "kmsKeyId", "LogConfiguration": { "CloudWatchEncryptionEnabled": true, "CloudWatchLogGroupName": "cloudWatchLogGroupName", "S3BucketName": "s3BucketName", "S3EncryptionEnabled": true, "S3KeyPrefix": "s3KeyPrefix" }, "Logging": "DEFAULT" } } "DefaultCapacityProviderStrategy": [ { "Base": 0, "CapacityProvider": "capacityProvider", "Weight": 1 } ] }
AwsEcsContainer
AwsEcsContainer 物件包含 Amazon ECS 容器的詳細資訊。
下列範例顯示 AwsEcsContainer 物件AWS的安全調查結果格式 (ASFF)。若要檢視AwsEcsContainer屬性的描述,請參閱 AWS Security HubAPI 參考中的 AwsEcsContainerDetails。
範例
"AwsEcsContainer": { "Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3", "MountPoints": [{ "ContainerPath": "/mnt/etc", "SourceVolume": "vol-03909e9" }], "Name": "knote", "Privileged": true }
AwsEcsService
AwsEcsService 物件提供 Amazon ECS 叢集內服務的詳細資訊。
下列範例顯示 AwsEcsService 物件AWS的安全調查結果格式 (ASFF)。若要檢視AwsEcsService屬性的描述,請參閱 AWS Security HubAPI 參考中的 AwsEcsServiceDetails。
範例
"AwsEcsService": { "CapacityProviderStrategy": [ { "Base": 12, "CapacityProvider": "", "Weight": "" } ], "Cluster": "arn:aws:ecs:us-east-1:111122223333:cluster/example-ecs-cluster", "DeploymentConfiguration": { "DeploymentCircuitBreaker": { "Enable": false, "Rollback": false }, "MaximumPercent": 200, "MinimumHealthyPercent": 100 }, "DeploymentController": "", "DesiredCount": 1, "EnableEcsManagedTags": false, "EnableExecuteCommand": false, "HealthCheckGracePeriodSeconds": 1, "LaunchType": "FARGATE", "LoadBalancers": [ { "ContainerName": "", "ContainerPort": 23, "LoadBalancerName": "", "TargetGroupArn": "" } ], "Name": "sample-app-service", "NetworkConfiguration": { "AwsVpcConfiguration": { "Subnets": [ "Subnet-example1", "Subnet-example2" ], "SecurityGroups": [ "Sg-0ce48e9a6e5b457f5" ], "AssignPublicIp": "ENABLED" } }, "PlacementConstraints": [ { "Expression": "", "Type": "" } ], "PlacementStrategies": [ { "Field": "", "Type": "" } ], "PlatformVersion": "LATEST", "PropagateTags": "", "Role": "arn:aws:iam::111122223333:role/aws-servicerole/ecs.amazonaws.com/ServiceRoleForECS", "SchedulingStrategy": "REPLICA", "ServiceName": "sample-app-service", "ServiceArn": "arn:aws:ecs:us-east-1:111122223333:service/example-ecs-cluster/sample-app-service", "ServiceRegistries": [ { "ContainerName": "", "ContainerPort": 1212, "Port": 1221, "RegistryArn": "" } ], "TaskDefinition": "arn:aws:ecs:us-east-1:111122223333:task-definition/example-taskdef:1" }
AwsEcsTask
AwsEcsTask 物件提供 Amazon ECS 任務的詳細資訊。
下列範例顯示 AwsEcsTask 物件AWS的安全調查結果格式 (ASFF)。若要檢視AwsEcsTask屬性的描述,請參閱 AWS Security HubAPI 參考中的 AwsEcsTask。
範例
"AwsEcsTask": { "ClusterArn": "arn:aws:ecs:us-west-2:123456789012:task/MyCluster/1234567890123456789", "CreatedAt": "1557134011644", "Group": "service:fargate-service", "StartedAt": "1557134011644", "StartedBy": "ecs-svc/1234567890123456789", "TaskDefinitionArn": "arn:aws:ecs:us-west-2:123456789012:task-definition/sample-fargate:2", "Version": 3, "Volumes": [{ "Name": "string", "Host": { "SourcePath": "string" } }], "Containers": { "Image": "1111111/knotejs@sha256:356131c9fef111111111111115f4ed8de5f9dce4dc3bd34bg21846588a3", "MountPoints": [{ "ContainerPath": "/mnt/etc", "SourceVolume": "vol-03909e9" }], "Name": "knote", "Privileged": true } }
AwsEcsTaskDefinition
AwsEcsTaskDefinition 物件包含任務定義的詳細資訊。任務定義說明 Amazon Elastic Container Service 任務的容器和磁碟區定義。
下列範例顯示 AwsEcsTaskDefinition 物件AWS的安全調查結果格式 (ASFF)。若要檢視AwsEcsTaskDefinition屬性的描述,請參閱 AWS Security HubAPI 參考中的 AwsEcsTaskDefinitionDetails。
範例
"AwsEcsTaskDefinition": { "ContainerDefinitions": [ { "Command": ['ruby', 'hi.rb'], "Cpu":128, "Essential": true, "HealthCheck": { "Command": ["CMD-SHELL", "curl -f http://localhost/ || exit 1"], "Interval": 10, "Retries": 3, "StartPeriod": 5, "Timeout": 20 }, "Image": "tongueroo/sinatra:latest", "Interactive": true, "Links": [], "LogConfiguration": { "LogDriver": "awslogs", "Options": { "awslogs-group": "/ecs/sinatra-hi", "awslogs-region": "ap-southeast-1", "awslogs-stream-prefix": "ecs" }, "SecretOptions": [] }, "MemoryReservation": 128, "Name": "web", "PortMappings": [ { "ContainerPort": 4567, "HostPort":4567, "Protocol": "tcp" } ], "Privileged": true, "StartTimeout": 10, "StopTimeout": 100, } ], "Family": "sinatra-hi", "NetworkMode": "host", "RequiresCompatibilities": ["EC2"], "Status": "ACTIVE", "TaskRoleArn": "arn:aws:iam::111122223333:role/ecsTaskExecutionRole", }
