Update health check

[dylanratcliffe]

No description provided.

[github-actions]

Expected Changes

No expected changes found.

Unmapped Changes

Note

These changes couldn't be mapped to a discoverable cloud resource and therefore won't be included in the blast radius calculation.

aws_ecs_service › module.loom[0].aws_ecs_service.face

--- current
+++ planned
@@ -41,7 +41,7 @@
 service_registries: []
 tags: {}
 tags_all: {}
-task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:1
+task_definition: (known after apply)
 terraform_address: module.loom[0].aws_ecs_service.face
 terraform_name: module.loom[0].aws_ecs_service.face
 timeouts: null

ecs-task-definition › module.loom[0].aws_ecs_task_definition.face

--- current
+++ planned
@@ -1,26 +1,26 @@
-arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:1
-arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example
-container_definitions: '[{"cpu":1024,"environment":[],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:1234"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234,"hostPort":1234,"protocol":"tcp"}],"systemControls":[],"volumesFrom":[]}]'
+arn: (known after apply)
+arn_without_revision: (known after apply)
+container_definitions: '[{"cpu":1024,"environment":[],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:8080"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234}],"volumesFrom":[]}]'
 cpu: "1024"
 ephemeral_storage: []
-execution_role_arn: ""
+execution_role_arn: null
 family: facial-recognition-terraform-example
-id: facial-recognition-terraform-example
+id: (known after apply)
 inference_accelerator: []
-ipc_mode: ""
+ipc_mode: null
 memory: "2048"
 network_mode: awsvpc
-pid_mode: ""
+pid_mode: null
 placement_constraints: []
 proxy_configuration: []
 requires_compatibilities:
     - FARGATE
-revision: 1
+revision: (known after apply)
 runtime_platform: []
 skip_destroy: false
-tags: {}
-tags_all: {}
-task_role_arn: ""
+tags: null
+tags_all: (known after apply)
+task_role_arn: null
 terraform_address: module.loom[0].aws_ecs_task_definition.face
 terraform_name: module.loom[0].aws_ecs_task_definition.face
 track_latest: false

Blast Radius

Items	Edges
0	0

Open in Overmind

Risks

Potential Impact on Health Check Functionality [Medium]

The health check command for the ECS task definition has changed from wget -q --spider localhost:1234 to wget -q --spider localhost:8080. This could lead to issues if the application inside the container is not configured to respond on port 8080, potentially causing the ECS service to incorrectly mark tasks as unhealthy.

Missing Execution and Task Role ARNs [Medium]

The execution_role_arn and task_role_arn are null in the proposed ECS task definition. This could result in the ECS tasks lacking necessary permissions for operations such as pulling images from a private registry or accessing AWS services (e.g., S3, CloudWatch). It's important to ensure proper IAM roles are assigned to task definitions to maintain the principle of least privilege and secure operation.