AWS ECS Task Definition Resource Limits Not Set

Check if AWS ECS task definition resource limits are set.

Policy Details

Policy Subtype
Build
Severity
High
Template Type
CloudFormation

Build Rules

AWS ECS task definition resource limits not set.
JSON Query:
$.Resources.*[?(@.Type=='AWS::ECS::TaskDefinition')].Properties.Cpu any null or $.Resources.*[?(@.Type=='AWS::ECS::TaskDefinition')].Properties.ContainerDefinitions[*].Cpu any null or $.Resources.*[?(@.Type=='AWS::ECS::TaskDefinition')].Properties.Cpu any equal 0 or $.Resources.*[?(@.Type=='AWS::ECS::TaskDefinition')].Properties.ContainerDefinitions[*].Cpu any equal 0 or ($.Resources.*[?(@.Type=='AWS::ECS::TaskDefinition')].Properties.Memory any null and $.Resources.*[?(@.Type=='AWS::ECS::TaskDefinition')].Properties.ContainerDefinitions[*].Memory any null) or ($.Resources.*[?(@.Type=='AWS::ECS::TaskDefinition')].Properties.Memory any equal 0 and $.Resources.*[?(@.Type=='AWS::ECS::TaskDefinition')].Properties.ContainerDefinitions[*].Memory any equal 0)
Recommendation:
Recommended solution for setting resource limits for AWS ECS task definition.
It is recommended that resource limits are set for AWS ECS task definition. Please make sure attributes "Cpu" or "Memory" exists and its value is not set to 0 under "TaskDefinition" or "ContainerDefinitions".
For example:
"ContainerDefinitions" : [ { "Name": {"Ref": "AppName"}, "ReadonlyRootFilesystem": true, "Image":"amazon/amazon-ecs-sample", "Cpu": "10", "Memory":"0.5GB", "Essential": "true" }]" }

Recommended For You