AWS ECS Task Definition Logging Not Enabled

Check if AWS ECS task definition logging is enabled.

Policy Details

Policy Subtype
Build
Severity
Medium
Template Type
CloudFormation

Build Rules

AWS ECS task definition logging not enabled.
JSON Query:
$.Resources.*[?(@.Type=='AWS::ECS::TaskDefinition')].Properties.ContainerDefinitions[*].LogConfiguration any null or $.Resources.*[?(@.Type=='AWS::ECS::TaskDefinition')].Properties.ContainerDefinitions[*].LogConfiguration.LogDriver any null
Recommendation:
Recommended solution for enabling logging for AWS ECS task definition.
It is recommended that logging is enabled for AWS ECS task definition. Please make sure your "TaskDefinition" template has "LogConfiguration" and "LogDriver" configured.
For example:
"ContainerDefinitions" : [ { "Name": "busybox", "Image": "busybox", "ReadonlyRootFilesystem": true, "Cpu": "10", "EntryPoint": [ "sh", "-c" ], "Memory": "0.5GB", "Essential" : "false", "LogConfiguration": { "LogDriver" : "dummy" } }]

Recommended For You