ECS tasks should be configured with a health check

Description

Adding health checks to your ECS tasks gives you more visibility in monitoring the health of your tasks and improves your ability to know that your ECS tasks are healthy.

This rule enforces that running tasks have a non-UNKNOWN health status. The health status of a task is set by ECS when it executes the health check commands of each essential container definition within the task. Each essential container within the task definition must therefore have a health check specified. For more information about the healthStatus property, see Task in the ECS API reference.

Console Remediation Steps

  • Navigate to ECS.

  • Select the Region that contains your task definition.

  • In the left pane, select Task Definitions.

  • Check the task definition and click Create new revision.

  • On the Create new revision of task definition page, make changes. For example, to change the existing container definitions (such as the container image, memory limits, or port mappings), select the container, make the changes, and then choose Update.

  • Select Create.

  • If your task definition is used in a service, update your service with the updated task definition and deactivate the previous task definition. For more information, see Updating a service.

CLI Remediation Steps

  • Create new task definition revision:

aws ecs register-task-definition
--family <value>
[--task-role-arn <value>]
[--execution-role-arn <value>]
[--network-mode <value>]
--container-definitions <value>
[--volumes <value>]
[--placement-constraints <value>]
[--requires-compatibilities <value>]
[--cpu <value>]
[--memory <value>]
[--tags <value>]
[--pid-mode <value>]
[--ipc-mode <value>]
[--proxy-configuration <value>]
[--inference-accelerators <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
  • Update the service to use the new task definition:

aws ecs update-service
[--cluster <value>]
--service <value>
[--desired-count <value>]
[--task-definition <value>]
[--capacity-provider-strategy <value>]
[--deployment-configuration <value>]
[--network-configuration <value>]
[--placement-constraints <value>]
[--placement-strategy <value>]
[--platform-version <value>]
[--force-new-deployment | --no-force-new-deployment]
[--health-check-grace-period-seconds <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]