ECS Service Without Running Tasks

  • Query id: 91f16d09-689e-4926-aca7-155157f634ed
  • Query name: ECS Service Without Running Tasks
  • Platform: Terraform
  • Severity: Medium
  • Category: Availability
  • URL: Github

Description

ECS Service should have at least 1 task running
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_ecs_service" "positive1" {
  name    = "positive1"
  cluster = aws_ecs_cluster.example.id
  desired_count   = 0
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_ecs_service" "negative1" {
  name    = "negative1"
  cluster = aws_ecs_cluster.example.id

  deployment_maximum_percent         = 200
  deployment_minimum_healthy_percent = 100
}

resource "aws_ecs_service" "km_ecs_service" {
  name            = "km_ecs_service_${var.environment}"
  cluster         = aws_ecs_cluster.km_ecs_cluster.id
  task_definition = aws_ecs_task_definition.km_ecs_task.arn
  desired_count   = 1
  launch_type     = "FARGATE"

  load_balancer {
    target_group_arn = var.elb_target_group_arn
    container_name   = "km-frontend"
    container_port   = 80
  }
  network_configuration {
    assign_public_ip = true
    subnets          = var.private_subnet
    security_groups  = [ var.elb_sg ]
  }
  tags = merge(var.default_tags, {
  })
}