New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Privileged tasks on AWS #2413
Privileged tasks on AWS #2413
Conversation
Signed-off-by: Manuele Simi <manuele.simi@gmail.com>
…assumption). Signed-off-by: Manuele Simi <manuele.simi@gmail.com>
Signed-off-by: Manuele Simi <manuele.simi@gmail.com>
Co-authored-by: Abhinav Sharma <abhi18av@users.noreply.github.com>
Hi @manuelesimi , thanks for this PR! I was wondering, given that a previous PR covered something similar for Azure #2157 , specifically adding the
I was wonrdering it makes sense to address the |
@abhi18av Yes, it would make sense to have a similar Right now my problem is to fix the sign off on my commits. Somehow git used my other email address (well, it's the default, by I had the repo configured for my gmail address), so the DCO check fails. I followed the instructions to fix it... but no luck. Any suggestion? |
That's an interesting problem :) I have not ran across this myself, but this is what I'd do. ( Best to make a copy of the
|
Thanks for the suggestion. The problem is that I merged back the master branch into this one, and the last 5 commits are not the ones with the changes proposed here (I branched for this 2 weeks ago, then got swamped in something else). I know how to change the author of past commits with rebase + amend, but for the same reason mentioned above, rebase wants me to merge after each amendment. I believe the fastest way to fix this is to branch again from master and applies the changes proposed in this commit. I'm closing this PR (since we can't change the source branch) and open a new one when the new branch is ready. |
Several problems with this feature:
Also, how is the privileged flag related to HIPAA compliance ? I would have expected the opposite. |
I see the overlapping with #2282. For HIPAA compliance, we have a rule requesting to have non-privileged permissions on the task, so we must be able to explicitly set them to false. I see that my initial comment was misleading in this sense, but not relevant for the PR). Thanks! |
Oh, so the requirement is to explicitly set to false .. (funny) |
As part of our HIPAA compliance procedure (https://aws.amazon.com/compliance/hipaa-compliance/), we are requested to be able to set elevated privileges on the tasks we register on AWS.
This PR extends the AWS configuration in Nextflow to allow setting such privileges on the host container instances. This mirrors a similar behavior NF already has for Azure (#2157).
Here's a sample configuration:
See AWS doc: https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task_definition_parameters.html