When running containers on Amazon ECS using EC2 instances, there’s a lot happening under the hood on each host. Understanding these internals is crucial for operating ECS securely. In this first part of our deep‑dive, we’ll explore how ECS on EC2 works – focusing on the ECS agent, the IAM roles and credential delivery mechanism, and where the boundaries (and lack thereof) lie between tasks on the same host. (In Part 2, we’ll leverage this knowledge to examine a real‑world cross...| Naor Haziz
August 1, 2025: This post was updated to clarify the security boundaries between containers and instances. July 9, 2025: This post was updated to clarify security boundaries in Amazon ECS. January 11, 2024: We’ve updated this post to include information about Amazon GuardDuty Runtime Monitoring for Amazon ECS clusters. If you’re looking to further enhance […]| Amazon Web Services
