1 Answer
- Newest
- Most votes
- Most comments
1
Hi,
your issue is fully described at: https://docs.aws.amazon.com/securityhub/latest/userguide/ecs-controls.html
Go this page and use the link in Remediation section to fix your issue
[ECS.9] ECS task definitions should have a logging configuration
Related requirements: NIST.800-53.r5 AC-4(26), NIST.800-53.r5 AU-10, NIST.800-53.r5 AU-12, NIST.800-53.r5 AU-2, NIST.800-53.r5 AU-3, NIST.800-53.r5 AU-6(3), NIST.800-53.r5 AU-6(4), NIST.800-53.r5 CA-7, NIST.800-53.r5 SC-7(9), NIST.800-53.r5 SI-7(8)
Category: Identify > Logging
Severity: High
Resource type: AWS::ECS::TaskDefinition
AWS Configrule: ecs-task-definition-log-configuration
Schedule type: Change triggered
Parameters: None
This control checks if the latest active Amazon ECS task definition has a logging configuration specified.
The control fails if the task definition doesn't have the logConfiguration property defined
or if the value for logDriver is null in at least one container definition.
Logging helps you maintain the reliability, availability, and performance of Amazon ECS.
Collecting data from task definitions provides visibility, which can help you debug
processes and find the root cause of errors. If you are using a logging solution that does
not have to be defined in the ECS task definition (such as a third party logging solution),
you can disable this control after ensuring that your logs are properly captured and delivered.
Remediation
To define a log configuration for your Amazon ECS task definitions, see Specifying a log
configuration in your task definition in the Amazon Elastic Container Service Developer Guide:
https://docs.aws.amazon.com/AmazonECS/latest/developerguide/using_awslogs.html#specify-log-config
Best
Didier
Relevant content
- asked a year ago
- asked 6 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 21 days ago
- AWS OFFICIALUpdated 3 months ago