Severity Framework
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Snyk CCSS
Rule category
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Containers/ Limits
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CSA-CCMISO-27001NIST-800-53
- Snyk IDSNYK-CC-00183
- creditSnyk Research Team
Description
Unless specified, containers get access to all the CPU and memory capacity available on that host. Specifying CPU for ECS task definitions ensures that high priority containers are able to claim the CPU runtime they require.
How to fix?
Set the cpu attribute to the number of cpu units to be used by the task.
Example Configuration
resource "aws_ecs_task_definition" "valid_cpu_limit" {
family = "valid_cpu_limit"
container_definitions = <<EOF
[
{
"name": "valid_cpu_limit",
"image": "hello-world",
"memory": 128,
"cpu": 10
}
]
EOF
requires_compatibilities = ["EC2"]
}