AWS Config Rule: ECS Task Definition PID Mode Check
ECS_TASK_DEFINITION_PID_MODE_CHECK
Eduardo Van Cauteren
Last Update há um mês
Description: Checks if ECSTaskDefinitions are configured to share a host’s process namespace with its Amazon Elastic Container Service (Amazon ECS) containers. The rule is NON_COMPLIANT if the pidMode parameter is set to ‘host’.
Note: this rule only evaluates the latest active revision of an Amazon ECS task definition. Fargate doesn't support pidMode
Trigger type: Configuration changes
AWS Region: All supported AWS regions
How to Resolve Manually
A task definition is a blueprint for your application. It is a text file in JSON format that describes the parameters and one or more containers that form your application.
This config rules checks if pidMode parameter exists in the latest active version of a Task Definition. The rule will be marked non-compliant if the pidMode is set to 'host'.
In order to resolve this you will need to create a new revision for your particular non-compliant task definition. To do so, head on over to the Elastic Container Service (ECS) and click on Task definitions from the left menu. From the list, click on the definition that is not compliant and then choose the latest revision.
At the properties screen, if you click on the JSON tab, you can check that the 'logConfiguration' parameter is not present.
To resolve the issue, click on Create New Revision button at the top right, then you can select Create new revision with JSON to use the current JSON definition as a baseline.
Review the following screenshot as visual reference:
Want to know more about StackZone and how to make your cloud management simple and secure?
Check our how it works section with easy to follow videos or just create your own StackZone Account here
