ECS Task Definitions Do Not Have Logging Configuration

Overview

This check ensures that the latest active Amazon ECS task definition includes a specified logging configuration. It fails if the task definition lacks the defined logConfiguration property or if the logDriver value is null in at least one container definition.

Logging is crucial for maintaining the reliability, availability, and performance of Amazon ECS. Extracting data from task definitions offers visibility, aiding in process debugging and error root cause identification. If you employ a logging solution external to the ECS task definition (e.g., a third-party solution), you can disable this control once you confirm that your logs are appropriately captured and delivered.

Vendor

AWS

Cloud Service

ECS

References

https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html#ecs-9

Severity

Item Types

AWS::ECS::TaskDefinition

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​