aws-containers
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFE
Full Analysis
- Strong Identity and Access Management (IAM) Guidance: The skill consistently emphasizes the critical distinction between ECS execution roles (infrastructure access) and task roles (application code access), promoting least-privilege permissions and the use of scoped managed policies.
- Secure Secret Management: It explicitly mandates the use of AWS Secrets Manager and SSM Parameter Store for sensitive configuration data, providing detailed syntax for JSON key extraction and warning against the exposure of secrets in plaintext environment variables.
- Network Security Best Practices: The documentation provides robust advice on deploying containers in private subnets, utilizing VPC endpoints to minimize data exposure, and configuring Security Groups with specific source/destination rules rather than open CIDR ranges.
- Encryption and Auditability: Instructions include enabling encryption at rest for ECR repositories and CloudWatch Logs, as well as enforcing encryption in transit (TLS) via ALB HTTPS listeners. It also encourages the use of CloudTrail for API audit logging.
- Resource Integrity: All external references and tools, such as the ECS Exec Checker, originate from official AWS documentation or vendor-maintained GitHub repositories, ensuring the integrity of recommended diagnostic utilities.
- Verification and Safety Checks: The skill includes mandatory instructions to verify CLI configurations and inform users before executing potentially destructive operations like service deletions or forced redeployments.
Audit Metadata