Skip to content

Instantly share code, notes, and snippets.

@jaxley jaxley/ecsPrivileged.py
Last active Feb 13, 2019

Embed
What would you like to do?
Iterate all AWS ECS task families and identify any tasks with a 'privileged' container flag set
#!/usr/bin/env python
import boto3
import pprint
import sys
sys.stdout.flush()
# to support AWS profiles, just change the profile name here. Be sure you've set the region in that profile config
devSession = boto3.session.Session(profile_name='default')
client = devSession.client('ecs')
paginator = client.get_paginator('list_task_definition_families')
pages = paginator.paginate(
status='ACTIVE',
maxResults=100
)
for page in pages:
for family in page['families']:
response = client.describe_task_definition(
taskDefinition=family
)
latestTaskFamily="{}:{}".format(family,response['taskDefinition']['revision'])
for containerDef in response['taskDefinition']['containerDefinitions']:
if 'privileged' in containerDef:
print "PRIVILEGED: {}; {} => {}".format(containerDef['privileged'], latestTaskFamily, containerDef['name'])
@jaxley

This comment has been minimized.

Copy link
Owner Author

jaxley commented Feb 12, 2019

If you have your AWS credentials set up in ~/.aws/credentials, then this script will iterate all of the ECS task families and list out any that have a non-null 'privileged' flag. It will list the specific task family and container definition that has this flag set.

Useful for identifying where you have privileged (root-level) containers running.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.