Pilih preferensi cookie Anda

Kami menggunakan cookie penting serta alat serupa yang diperlukan untuk menyediakan situs dan layanan. Kami menggunakan cookie performa untuk mengumpulkan statistik anonim sehingga kami dapat memahami cara pelanggan menggunakan situs dan melakukan perbaikan. Cookie penting tidak dapat dinonaktifkan, tetapi Anda dapat mengklik “Kustom” atau “Tolak” untuk menolak cookie performa.

Jika Anda setuju, AWS dan pihak ketiga yang disetujui juga akan menggunakan cookie untuk menyediakan fitur situs yang berguna, mengingat preferensi Anda, dan menampilkan konten yang relevan, termasuk iklan yang relevan. Untuk menerima atau menolak semua cookie yang tidak penting, klik “Terima” atau “Tolak”. Untuk membuat pilihan yang lebih detail, klik “Kustomisasi”.

Preferensi
Hubungi Kami
Umpan Balik
AWS Documentation
Buat Akun AWS

AWS::Batch::JobDefinition EksContainerSecurityContext

RSS
Mode fokus
AWS::Batch::JobDefinition EksContainerSecurityContext - AWS CloudFormation
SyntaxProperties
Halaman ini belum diterjemahkan ke dalam bahasa Anda. Minta terjemahan
Filter Tampilan

The security context for a job. For more information, see Configure a security context for a pod or container in the Kubernetes documentation.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{
  "AllowPrivilegeEscalation" : Boolean,
  "Privileged" : Boolean,
  "ReadOnlyRootFilesystem" : Boolean,
  "RunAsGroup" : Integer,
  "RunAsNonRoot" : Boolean,
  "RunAsUser" : Integer
}

YAML

  AllowPrivilegeEscalation: Boolean
  Privileged: Boolean
  ReadOnlyRootFilesystem: Boolean
  RunAsGroup: Integer
  RunAsNonRoot: Boolean
  RunAsUser: Integer

Properties

AllowPrivilegeEscalation

Whether or not a container or a Kubernetes pod is allowed to gain more privileges than its parent process. The default value is false.

Required: No

Type: Boolean

Update requires: No interruption

Privileged

When this parameter is true, the container is given elevated permissions on the host container instance. The level of permissions are similar to the root user permissions. The default value is false. This parameter maps to privileged policy in the Privileged pod security policies in the Kubernetes documentation.

Required: No

Type: Boolean

Update requires: No interruption

ReadOnlyRootFilesystem

When this parameter is true, the container is given read-only access to its root file system. The default value is false. This parameter maps to ReadOnlyRootFilesystem policy in the Volumes and file systems pod security policies in the Kubernetes documentation.

Required: No

Type: Boolean

Update requires: No interruption

RunAsGroup

When this parameter is specified, the container is run as the specified group ID (gid). If this parameter isn't specified, the default is the group that's specified in the image metadata. This parameter maps to RunAsGroup and MustRunAs policy in the Users and groups pod security policies in the Kubernetes documentation.

Required: No

Type: Integer

Update requires: No interruption

RunAsNonRoot

When this parameter is specified, the container is run as a user with a uid other than 0. If this parameter isn't specified, so such rule is enforced. This parameter maps to RunAsUser and MustRunAsNonRoot policy in the Users and groups pod security policies in the Kubernetes documentation.

Required: No

Type: Boolean

Update requires: No interruption

RunAsUser

When this parameter is specified, the container is run as the specified user ID (uid). If this parameter isn't specified, the default is the user that's specified in the image metadata. This parameter maps to RunAsUser and MustRanAs policy in the Users and groups pod security policies in the Kubernetes documentation.

Required: No

Type: Integer

Update requires: No interruption

Di halaman ini

PrivasiSyarat situsPreferensi cookie
© 2025, Amazon Web Services, Inc. atau afiliasinya. Semua hak dilindungi undang-undang.