This template creates an Amazon ECS task definition with EC2 as the required compatibility. It includes container definitions, volumes, and optional properties such as mount points, entry point, memory, and CPU.

This template creates an Amazon ECS task definition with the specified container definitions and volumes. It also includes optional properties such as mount points, port mappings, entry point, memory, and CPU.

This template creates an Amazon Elastic Container Service (Amazon ECS) service with ECS Exec enabled. The service has a desired count of 1 and uses a cluster, task definition, and ECS Exec flag that are declared elsewhere in the same template.

This template creates an Amazon Elastic Container Service (Amazon ECS) service with a parameter that allows users to specify the number of seconds that the service scheduler should ignore unhealthy Elastic Load Balancing target health checks after a task has first started. The service has a desired count of 0 and uses a cluster, deployment configuration, load balancer, placement strategies, placement constraints, task definition, service name, and role that are declared elsewhere in the same template.

This template creates an Amazon Elastic Container Service (Amazon ECS) service and associates it with an Application Load Balancer. The service has a desired count of 1 and uses a cluster, task definition, and load balancer that are declared elsewhere in the same template.

This template creates an Amazon Elastic Container Service (Amazon ECS) service with a desired count of 1. It uses a cluster and task definition that are declared elsewhere in the same template.

This template associates the FARGATE and FARGATE_SPOT capacity providers with an existing cluster. The cluster name must be specified as a parameter.

This template creates an empty Amazon ECS cluster named MyCluster with CloudWatch Container Insights enabled. It is also tagged with the key 'environment' and the value 'production'.

This template creates an Amazon ECS cluster named MyCluster with ECS Exec enabled using the default logging configuration.

This template creates an Amazon ECS cluster named MyFargateCluster with the FARGATE and FARGATE_SPOT capacity providers. It also defines a default capacity provider strategy where tasks launched will be split evenly between the FARGATE and FARGATE_SPOT capacity providers.

This template creates an Amazon ECS capacity provider that is associated with an Auto Scaling group and used for cluster auto scaling. The capacity provider has managed scaling and managed termination protection enabled. It also includes tags for environment.

A Config rule that checks if the privileged parameter in the container definition of ECSTaskDefinitions is set to true The rule is NON_COMPLIANT if the privileged parameter is true.

A Config rule that checks if Amazon Elastic Container Service (ECS) Fargate Services is running on the latest Fargate platform version. The rule is NON_COMPLIANT if ECS Service platformVersion not set to LATEST.

A Config rule that checks if secrets are passed as container environment variables. The rule is NON_COMPLIANT if 1 or more environment variable key matches a key listed in the secretKeys parameter (excluding environmental variables from other locations such as Amazon S3).

A Config rule that checks if Amazon Elastic Container Service (ECS) task definitions have a set memory limit for its container definitions. The rule is NON_COMPLIANT for a task definition if the ‘memory’ parameter is absent for one container definition.

A Config rule that checks if ECSTaskDefinitions specify a user for Amazon Elastic Container Service (Amazon ECS) EC2 launch type containers to run on. The rule is NON_COMPLIANT if the user parameter is not present or set to root.

A Config rule that checks if ECSTaskDefinitions are configured to share a host process namespace with its Amazon Elastic Container Service (Amazon ECS) containers. The rule is NON_COMPLIANT if the pidMode parameter is set to host.

A Config rule that checks if an Amazon Elastic Container Service (Amazon ECS) task definition with host networking mode has privileged or user container definitions. The rule is NON_COMPLIANT for task definitions with host network mode and container definitions of privileged=false or empty and user=root or empty.

Checks if the networking mode for active ECSTaskDefinitions is set to ‘awsvpc’. This rule is NON_COMPLIANT if active ECSTaskDefinitions is not set to ‘awsvpc’. This rule only evaluates the latest active revision of an Amazon ECS task definition.

Checks if Amazon Elastic Container Service clusters have container insights enabled. The rule is NON_COMPLIANT if container insights are not enabled.

Checks if logConfiguration is set on active ECS Task Definitions. This rule is NON_COMPLIANT if an active ECSTaskDefinition does not have the logConfiguration resource defined or the value for logConfiguration is null in at least one container definition.