Medium

Ensure ECS task definition has memory limit

Availability
No items found.
Description

Amazon Elastic Container Service (ECS) is a fully-managed container orchestration service that allows users to easily run, manage, and scale containerized applications. One important aspect of running containers is ensuring that they have sufficient resources, such as memory, to operate properly. To ensure ECS task definitions have a memory limit, it is recommended to set the memory parameter in the task definition. This specifies the amount of memory, in MiB, that the container will be allocated. If this value is not set, the container may consume all available memory on the host, which can result in degraded performance or even a crash. It is recommended to set a reasonable memory limit for each container in the task definition based on the requirements of the application. This can help ensure that the container has sufficient resources to operate properly and prevent resource contention on the host.

Remediation

To ensure that ECS task definitions have a memory limit, you can follow these remediation steps:

  1. Open the Amazon ECS console.
  2. Select your cluster and click on "Task Definitions" in the left navigation pane.
  3. Select the task definition that you want to modify.
  4. Click on the "Edit" button.
  5. Click on the "Task Role and Network Mode" section.
  6. Scroll down to the "Task Memory" field and enter the memory limit that you want to set.
  7. Click on the "Update" button to save the changes to the task definition.
  8. Repeat the above steps for any other task definitions that need to have memory limits set.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.