ECS service without running tasks
This product is not supported for your selected
Datadog site. (
).
Id: f5c45127-1d28-4b49-a692-0b97da1c3a84
Cloud Provider: AWS
Platform: Ansible
Severity: Low
Category: Availability
Learn More
Description
ECS services must define a deployment configuration to avoid deployments or scaling events from temporarily leaving zero tasks running, which can cause application downtime and loss of availability.
For Ansible ECS tasks using the community.aws.ecs_service or ecs_service modules, the deployment_configuration property must be present and include the minimum_healthy_percent and maximum_percent keys. Resources missing deployment_configuration or missing either minimum_healthy_percent or maximum_percent are flagged. This rule checks for the presence of those keys and does not validate numeric ranges. Ensure minimum_healthy_percent is set so at least one task remains running during deployments according to your desired task count.
Secure example (Ansible task):
- name: my-ecs-service
community.aws.ecs_service:
name: my-service
cluster: my-cluster
task_definition: my-task:1
desired_count: 2
deployment_configuration:
maximum_percent: 200
minimum_healthy_percent: 50
Compliant Code Examples
- name: ECS Service
community.aws.ecs_service:
state: present
name: test-service
cluster: test-cluster
task_definition: test-task-definition
desired_count: 3
deployment_configuration:
minimum_healthy_percent: 75
maximum_percent: 150
placement_constraints:
- type: memberOf
expression: 'attribute:flavor==test'
placement_strategy:
- type: binpack
field: memory
Non-Compliant Code Examples
- name: ECS Service
community.aws.ecs_service:
state: present
name: test-service
cluster: test-cluster
task_definition: test-task-definition
desired_count: 3
placement_constraints:
- type: memberOf
expression: 'attribute:flavor==test'
placement_strategy:
- type: binpack
field: memory
