Ensure that your Amazon Elastic Container Service (ECS) cluster services are using the latest version of AWS Fargate platform in order to receive new features, new or improved capabilities, and security updates. An AWS Fargate platform version is used to refer to a specific runtime environment for Fargate task infrastructure.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
By updating your Amazon ECS cluster services with the new version of AWS Fargate platform, you will introduce new Kernel or Operating System (OS) updates, new software features and capabilities, bug fixes, or security updates. For example, the Fargate platform version 1.4.0 has its ephemeral storage encrypted with the AES-256 encryption algorithm using an AWS-managed encryption key, has support for using Amazon EFS file system volumes for persistent task storage, and is able to route UDP traffic using a Network Load Balancer (NLB) to Amazon ECS on Fargate tasks.
Audit
To determine if your Amazon ECS cluster services are using the latest version of AWS Fargate platform, perform the following actions:
Remediation / Resolution
To update the AWS Fargate platform to the latest version supported by Amazon ECS for all your ECS cluster services, perform the following actions:
References
- AWS Documentation
- Amazon Elastic Container Service FAQs
- AWS Fargate platform versions
- Updating a service
- AWS Command Line Interface (CLI) Documentation
- ecs
- list-clusters
- list-services
- describe-services
- update-service