We are building docker images in CodeBuild. This works fine but we have a "HIGH" security hub finding because we had to enable priviledged mode:
CodeBuild.5 CodeBuild project environments should not have privileged mode enabled
I'm currently looking for a way to build docker images without using priviledged mode. I saw this URL from AWS where they are also using priviledged mode.
How can I build docker images without using this mode so we are compliant with the security hub rules?
On
if we refer to AWS guide https://docs.aws.amazon.com/codebuild/latest/userguide/sample-docker.html
Because you use this build project to build a Docker image, select Privileged
since you're building docker image, codebuild would require privilegedMode=true
@ekeyse has shared the cdk doc that privilege mode is required otherwise it will fail
Specify true to enable running the Docker daemon inside a Docker container. This value must be set to true only if this build project will be used to build Docker images, and the specified build environment image is not one provided by AWS CodeBuild with Docker support. Otherwise, all associated builds that attempt to interact with the Docker daemon will fail.
I personally think that security hub is informing you that there is codebuild project running on privilege mode, you may ignore if that is intended
You can do it throughout aws cli.
Here is AWS Documentation
There is no way (for now) to do it throughout AWS console. But you can see your configuration here on console:
AWS Config > Resources > my-project-name > View Configuration Item (JSON)
and you can check the result afterwards.