[HN Gopher] ECScape: Understanding IAM Privilege Boundaries in A...
       ___________________________________________________________________
        
       ECScape: Understanding IAM Privilege Boundaries in Amazon ECS
        
       Author : eyberg
       Score  : 6 points
       Date   : 2025-08-06 22:16 UTC (4 days ago)
        
 (HTM) web link (www.sweet.security)
 (TXT) w3m dump (www.sweet.security)
        
       | RainyDayTmrw wrote:
       | At the risk of being overly reductive, isn't this exactly the
       | expected behavior: With ECS on EC2, the EC2 VM is a security
       | boundary, and the container is not?
        
         | easton wrote:
         | Expected, yes, but it's not something you'd necessarily think
         | about I guess. I never thought about the containers being able
         | to access the EC2 metadata endpoint since ECS exposes a
         | container specific one (although they obviously could, in
         | hindsight).
        
           | coredog64 wrote:
           | The recommendation to use IMDSv2 is evergreen.
        
       ___________________________________________________________________
       (page generated 2025-08-10 23:00 UTC)