AWS Config Rule: ECS Task Definition Log Configuration
ECS_AWSVPC_NETWORKING_ENABLED
Eduardo Van Cauteren
Last Update منذ ٧ أشهر
Description: Checks if logConfiguration is set on active ECS Task Definitions. This rule is NON_COMPLIANT if an active ECSTaskDefinition does not have the logConfiguration resource defined or the value for logConfiguration is null in at least one container definition. Note: This rule only evaluates the latest active revision of an Amazon ECS task definition.
Trigger type: Configuration changes
AWS Region: All supported AWS regions except Asia Pacific (Jakarta), Middle East (UAE), Asia Pacific (Hyderabad), Asia Pacific (Osaka), Asia Pacific (Melbourne), AWS GovCloud (US-East), AWS GovCloud (US-West), Israel (Tel Aviv), Europe (Spain), Europe (Zurich) Region
How to Resolve Manually
A task definition is a blueprint for your application. It is a text file in JSON format that describes the parameters and one or more containers that form your application.
This config rules checks if log configuration property exists in the latest active version of a Task Definition. The rule will be marked non-compliant if there isn't any kind of logging configured for the task definition.
In order to resolve this you will need to create a new revision for your particular non-compliant task definition. To do so head on over to the Elastic Container Service (ECS) and click on Task definitions from the left menu. From the list, click on the definition that is not compliant and then choose the latest revision.
At the properties screen, if you click on the JSON tab, you can check that the 'logConfiguration' parameter is not present.
To resolve the issue, click on Create New Revision button at the top right, then you can select Create new revision with JSON to use the current JSON definition as a baseline. Once there, you can configure the logging type that better suits your organization's needs. You can check this AWS article for further reference.
Review the following screenshot as visual reference:
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here