ECS task definition logging configuration

Hi,

your issue is fully described at: https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html

Go this page and use the link in Remediation section to fix your issue

[ECS.9] ECS task definitions should have a logging configuration

Related requirements: NIST.800-53.r5 AC-4(26), NIST.800-53.r5 AU-10, NIST.800-53.r5 AU-12, NIST.800-53.r5 AU-2, NIST.800-53.r5 AU-3, NIST.800-53.r5 AU-6(3), NIST.800-53.r5 AU-6(4), NIST.800-53.r5 CA-7, NIST.800-53.r5 SC-7(9), NIST.800-53.r5 SI-7(8)

Category: Identify > Logging

Severity: High

Resource type: AWS::ECS::TaskDefinition

AWS Configrule: ecs-task-definition-log-configuration

Schedule type: Change triggered

Parameters: None

This control checks if the latest active Amazon ECS task definition has a logging configuration specified. 
The control fails if the task definition doesn't have the logConfiguration property defined
 or if the value for logDriver is null in at least one container definition.

Logging helps you maintain the reliability, availability, and performance of Amazon ECS. 
Collecting data from task definitions provides visibility, which can help you debug 
processes and find the root cause of errors. If you are using a logging solution that does 
not have to be defined in the ECS task definition (such as a third party logging solution), 
you can disable this control after ensuring that your logs are properly captured and delivered.

Remediation
To define a log configuration for your Amazon ECS task definitions, see Specifying a log 
configuration in your task definition in the Amazon Elastic Container Service Developer Guide: 
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html#specify-log-config

Best

Didier