Matthew Venne

For those wanting to know, this is currently supported via aws cdk - they create a custom resource which invokes a lambda function, and updates the config map. A little...

@dany74q yes that is what it does and i agree wholeheartedly. It’s definitely a pain. Adding the ability to update the Config mp at launch to include other principals would...

@yohtm did you do that on image build or some other mechanism with ECS? currently running into a similar issue nginx: [emerg] bind() to 0.0.0.0:443 failed (13: Permission denied)

Thanks - I am leaning toward selinux or some sort of linux capability like SYS_ADMIN etc. Unfortunately I am using ECS Fargate and Privileged containers are not supported.

I'm running into this issue as well - certain resources will require different tags - for instance for AWS Backup. So defining the tags at a stack level doesn't make...

When you say third-party certifications are you including research into configurations to ensure containers hosted in bottlerocket are FIPS 140-2 compliant? Obviously this will require the containers themself to use...

Thanks for your comments. I opened a new issue as recommended. #1667

Hey @JohnTrevorBurke i believe I just added you in linked in. I may be able to help.

Just commenting to add some more clarity to this. If you are using containers, FIPS mode on the OS is not in scope. That only changes OS-level configurations. I was...

Are you aware of any container images that don't include their own cryptographic modules? If so, I would imagine their use is very limited; it could limit the container's portability...