ECS task definition does not limit memory usage for containers Affecting ECS service in AWS


Severity

0.0
medium
0
10
Severity Framework
Snyk CCSS
Rule category
Containers/ Limits

Is your environment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
Frameworks
CSA-CCMGDPRISO-27001NIST-800-53
  • Snyk IDSNYK-CC-00189
  • creditSnyk Research Team

Description

Having no limit on memory usage can lead to issues where one container can easily make the whole system unstable and as a result unusable.

How to fix?

Set the memory attribute in the task definition or container_definitions.

Example Configuration

resource "aws_ecs_task_definition" "valid_memory_limit_ec2" {
  family = "valid_memory_limit_ec2"

  container_definitions = <<EOF
[
  {
    "name": "valid_memory_limit_ec2",
    "image": "hello-world",
    "memoryReservation": 128,
    "memory": 256
  }
]
EOF

  memory                   = 256
  requires_compatibilities = ["EC2"]
}

References