ECS task definition does not set CPU limit for containers Affecting ECS service in AWS

Snyk CCSS

Containers / Limits

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Frameworks

CSA-CCM ISO-27001 NIST-800-53

Snyk ID SNYK-CC-00183
credit Snyk Research Team

Report a new misconfiguration Found a mistake?

Description

Unless specified, containers get access to all the CPU and memory capacity available on that host. Specifying CPU for ECS task definitions ensures that high priority containers are able to claim the CPU runtime they require.

How to fix?

Set the cpu attribute to the number of cpu units to be used by the task.

Example Configuration

resource "aws_ecs_task_definition" "valid_cpu_limit" {
  family = "valid_cpu_limit"

  container_definitions = <<EOF
[
  {
    "name": "valid_cpu_limit",
    "image": "hello-world",
    "memory": 128,
    "cpu": 10
  }
]
EOF

  requires_compatibilities = ["EC2"]
}

Terraform

Resource: aws_ecs_task_definition

References

TaskDefinition