diff --git a/provider/pws-aws/build-aws/Dockerfile b/provider/pws-aws/build-aws/Dockerfile
index 3966c7f254b8b0a2a20e3a15e0a5adc7220fc80b..36a698a0a14fbf3f766955e74f2cca028f6b4202 100644
--- a/provider/pws-aws/build-aws/Dockerfile
+++ b/provider/pws-aws/build-aws/Dockerfile
@@ -21,4 +21,10 @@ COPY ${JAR_FILE} app.jar
 COPY /provider/pws-aws/build-aws/entrypoint.sh /entrypoint.sh
 EXPOSE 8080
 
+# Add a non-root user
+RUN groupadd -g 10001 -r nonroot \
+  && useradd -g 10001 -r -u 10001 nonroot
+# Run as non-root user
+USER 10001:10001
+
 ENTRYPOINT ["/bin/sh", "-c", ". /entrypoint.sh"]