The slide says we should not run containers as root. Is it possible to expand on this statement? As it seems to be the default for most containers to run everything as root.
I’m curious what the workflow would look like trying to add users to every container to account for this. Or does this recommendation only apply in certain scenarios?
You can specify the user that you would like to run your processes as inside the Dockerfile. The USER instruction sets the user name (or UID) and optionally the user group (or GID) to use when running the image. From the documentation, it sounds like you don’t have to create the user first.
And there is also a great talk on Container Security from AWS here:
For the exam you just need a general understanding of containers how to secure them at a high level.
hope that helps