ECS task definition does not limit memory usage for containers Affecting ECS service in AWS

Snyk CCSS

Containers / Limits

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CSA-CCM GDPR ISO-27001 NIST-800-53

Snyk ID SNYK-CC-00189
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Having no limit on memory usage can lead to issues where one container can easily make the whole system unstable and as a result unusable.

How to fix?

Set the memory attribute in the task definition or container_definitions.

Example Configuration

resource "aws_ecs_task_definition" "valid_memory_limit_ec2" {
  family = "valid_memory_limit_ec2"

  container_definitions = <<EOF
[
  {
    "name": "valid_memory_limit_ec2",
    "image": "hello-world",
    "memoryReservation": 128,
    "memory": 256
  }
]
EOF

  memory                   = 256
  requires_compatibilities = ["EC2"]
}

Terraform

Resource: aws_ecs_task_definition

References

TaskDefinition