Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update health check #208

Closed
wants to merge 1 commit into from
Closed

Update health check #208

wants to merge 1 commit into from

Conversation

dylanratcliffe
Copy link
Member

No description provided.

@github-actions GitHub Actions
Copy link

mapped Expected Changes

replaced ecs-task-definition › facial-recognition-terraform-example 
--- current
+++ planned
@@ -1,26 +1,26 @@
-arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:7
-arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example
-container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:1234"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234,"hostPort":1234,"protocol":"tcp"}],"systemControls":[],"volumesFrom":[]}]'
+arn: (known after apply)
+arn_without_revision: (known after apply)
+container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:8080"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234}],"volumesFrom":[]}]'
 cpu: "1024"
 ephemeral_storage: []
-execution_role_arn: ""
+execution_role_arn: null
 family: facial-recognition-terraform-example
-id: facial-recognition-terraform-example
+id: (known after apply)
 inference_accelerator: []
-ipc_mode: ""
+ipc_mode: null
 memory: "2048"
 network_mode: awsvpc
-pid_mode: ""
+pid_mode: null
 placement_constraints: []
 proxy_configuration: []
 requires_compatibilities:
     - FARGATE
-revision: 7
+revision: (known after apply)
 runtime_platform: []
 skip_destroy: false
-tags: {}
-tags_all: {}
-task_role_arn: ""
+tags: null
+tags_all: (known after apply)
+task_role_arn: null
 terraform_address: module.scenarios[0].aws_ecs_task_definition.face
 terraform_name: module.scenarios[0].aws_ecs_task_definition.face
 track_latest: false

unmapped Unmapped Changes

Note

These changes couldn't be mapped to a discoverable cloud resource and therefore won't be included in the blast radius calculation.

updated aws_ecs_service › module.scenarios[0].aws_ecs_service.face 
--- current
+++ planned
@@ -43,7 +43,7 @@
 service_registries: []
 tags: {}
 tags_all: {}
-task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:7
+task_definition: (known after apply)
 terraform_address: module.scenarios[0].aws_ecs_service.face
 terraform_name: module.scenarios[0].aws_ecs_service.face
 timeouts: null

Blast Radius

items Items edges Edges
23 33

Open in Overmind

warning Risks

high Potential Service Disruption Due to Unspecified IAM Roles [High]

The proposed change sets execution_role_arn and task_role_arn in the ECS task definition for facial-recognition-terraform-example to null. This could lead to significant service disruption as the ECS task might lose permissions to interact with essential AWS services such as S3, DynamoDB, and CloudWatch. The absence of these roles means the task will no longer be able to perform operations like fetching secrets, accessing databases, or logging, which are critical for application functionality and stability. There is no evidence of alternate roles, fail-safes, or compensating controls in place to manage permissions previously granted by these roles.

medium Mismatch Between Health Check Port and Exposed Container Port Might Lead to Unhealthy Tasks [Medium]

The proposed change modifies the ECS health check command to target port 8080, while the container continues to expose port 1234 as per its port mappings. The absence of evidence indicating that the containerized application is configured to handle requests on port 8080 presents a risk. If not resolved, this could result in failing health checks, leading ECS to mark tasks as unhealthy, potentially causing disruptions or downtime as ECS attempts to replace tasks based on erroneous health statuses. To mitigate this risk, verify application configuration to listen on port 8080 internally or adjust health check settings to align with the existing port mappings.

@dylanratcliffe dylanratcliffe deleted the dylanratcliffe-patch-2 branch January 22, 2025 12:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dylanratcliffe