AWS Config Rule: ECS AWS VPC Networking Enabled

Description: Checks if the networking mode for active ECSTaskDefinitions is set to ‘awsvpc’. This rule is NON_COMPLIANT if active ECSTaskDefinitions is not set to ‘awsvpc’. Note: This rule only evaluates the latest active revision of an Amazon ECS task definition.

Trigger type: Configuration changes

AWS Region: All supported AWS regions except China (Beijing), Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), China (Ningxia), Europe (Zurich) Region

A task definition is a blueprint for your application. It is a text file in JSON format that describes the parameters and one or more containers that form your application.

This config rules checks if networking mode in the latest active version of a Task Definition is set to ‘awsvpc’ . If the networking mode is not configured to 'awsvpc', the rule will be marked non-compliant.

In order to resolve this you will need to create a new revision for your particular non-compliant task definition. To do so head on over to the Elastic Container Service (ECS) and click on Task definitions from the left menu. From the list, click on the definition that is not compliant and then choose the latest revision.

At the properties screen, if you click on the JSON tab, you can confirm that the 'networkMode' parameter is whether configured as 'bridge' or 'host' mode. To resolve the issue, click on Create New Revision button at the top right, then you can select Create new revision with JSON to use the current JSON definition as a baseline.

Change the 'networkMode' parameter to 'awsvpc' then save. You can check the following screenshot as a general reference:

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here