Use Latest Fargate Platform Version for ECS Services

Verifies that ECS Fargate services are running on the latest platform version, ensuring they benefit from the latest security and performance improvements.

Rule	ECS Fargate services should run on the latest Fargate platform version
Framework	AWS Foundational Security Best Practices
Severity	✔ Medium

Rule Description:

ECS Fargate services should always be running on the latest Fargate platform version to ensure compliance with AWS Foundational Security Best Practices. Upgrading to the latest Fargate platform version helps in receiving the latest security patches, bug fixes, and performance improvements released by AWS. Running on older versions may expose the service to potential vulnerabilities and security risks.

Troubleshooting Steps:

If your ECS Fargate services are not running on the latest Fargate platform version, follow these steps to troubleshoot and remediate the issue:

1.
Check the current Fargate platform version of your ECS cluster.

2.
Verify the latest available Fargate platform version on the AWS documentation.

3.
Update the task definition of the ECS service to specify the latest platform version.

4.
Ensure that the IAM role associated with the ECS task has the required permissions for the new platform version.

Necessary Codes:

To update the task definition of the ECS service with the latest Fargate platform version, use the following code snippet:

{
  "family": "your-task-definition-family",
  "containerDefinitions": [
    {
      "name": "your-container-name",
      "image": "your-container-image",
      "cpu": 256,
      "memory": 512,
      "essential": true
    }
  ],
  "requiresCompatibilities": [
    "FARGATE"
  ],
  "networkMode": "awsvpc",
  "cpu": "256",
  "memory": "512",
  "executionRoleArn": "YourExecutionRoleArn",
  "taskRoleArn": "YourTaskRoleArn",
  "platformVersion": "LATEST"
}

Remediation Steps:

Follow these step-by-step guide for remediating and ensuring that your ECS Fargate services are running on the latest Fargate platform version:

1.

Identify the ECS service that needs to be updated.

2.

Update the task definition of the ECS service with the latest Fargate platform version using the provided code snippet.

3.
Execute the following AWS CLI command to register the new task definition:
```
aws ecs register-task-definition --cli-input-json file://your-task-definition.json
```

Update the ECS service to use the new task definition version:

aws ecs update-service --service your-service-name --task-definition your-task-definition:latest

5.

Monitor the ECS service for any issues and ensure that it is running on the latest Fargate platform version.

By following these steps, you can ensure that your ECS Fargate services are always running on the latest Fargate platform version for enhanced security and performance.

Use Latest Fargate Platform Version for ECS Services

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description:

Troubleshooting Steps:

Necessary Codes:

Remediation Steps:

Is your System Free of Underlying Vulnerabilities?
Find Out Now