ECS Service Without Running Tasks

  • Query id: f5c45127-1d28-4b49-a692-0b97da1c3a84
  • Query name: ECS Service Without Running Tasks
  • Platform: Ansible
  • Severity: Low
  • Category: Availability
  • CWE: 665
  • URL: Github

Description

ECS Service should have at least 1 task running
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: ECS Service
  community.aws.ecs_service:
    state: present
    name: test-service
    cluster: test-cluster
    task_definition: test-task-definition
    desired_count: 3
    placement_constraints:
      - type: memberOf
        expression: 'attribute:flavor==test'
    placement_strategy:
      - type: binpack
        field: memory

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: ECS Service
  community.aws.ecs_service:
    state: present
    name: test-service
    cluster: test-cluster
    task_definition: test-task-definition
    desired_count: 3
    deployment_configuration:
      minimum_healthy_percent: 75
      maximum_percent: 150
    placement_constraints:
      - type: memberOf
        expression: 'attribute:flavor==test'
    placement_strategy:
      - type: binpack
        field: memory