16 March 2021 - Rule Update Notice
Custom Policy Updates
The custom policy has been updated to version 1.27 as a result of the new deployment. You’ll need to update your custom policy to the latest version. The permissions added includes:
- ssm:DescribeSessions
The new rule is only available when you update to the new custom policy version.
Click here to access the new Custom Policy.
Support for Amazon ECS Exec
On 16th March 2021, Amazon ECS Exec announced a simple way for Amazon ECS customers to execute commands in an ECS container running on EC2 instances or Fargate. This lets users interact with processes in containers, debug and troubleshoot, or collect diagnostic information from a container, even though your team isn’t managing the infrastructure.
For more information see:
We have released the following new rule for additional governance and oversight to help you optimize the new feature.
New Rule
AWS
SSM-002: SSM Session Length
This rule checks that all active sessions in the AWS Session Manager do not exceed the period of time set in the rule settings. Sessions that are active for longer than expected could be a result of suspicious activity. The AWS Session manager enables users to open a shell into EC2 instances or execute commands on containers running in AWS ECS or Fargate. You can also configure the SSM session length threshold in rule settings to determine a reasonable threshold in your environment.