Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update health check #112

Closed
wants to merge 1 commit into from
Closed

Update health check #112

wants to merge 1 commit into from

Conversation

dylanratcliffe
Copy link
Member

No description provided.

@github-actions GitHub Actions
Copy link

mapped Expected Changes

replaced ecs-task-definition › facial-recognition 
--- current
+++ planned
@@ -1,26 +1,16 @@
-arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition:48
-arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition
-container_definitions: '[{"cpu":1024,"environment":[],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:1234"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234,"hostPort":1234,"protocol":"tcp"}],"volumesFrom":[]}]'
+container_definitions: '[{"cpu":1024,"environment":[],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:8080"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234}],"volumesFrom":[]}]'
 cpu: "1024"
 ephemeral_storage: []
-execution_role_arn: ""
 family: facial-recognition
-id: facial-recognition
 inference_accelerator: []
-ipc_mode: ""
 memory: "2048"
 network_mode: awsvpc
-pid_mode: ""
 placement_constraints: []
 proxy_configuration: []
 requires_compatibilities:
     - FARGATE
-revision: 48
 runtime_platform: []
 skip_destroy: false
-tags: {}
-tags_all: {}
-task_role_arn: ""
 terraform_address: module.loom[0].aws_ecs_task_definition.face
 terraform_name: module.loom[0].aws_ecs_task_definition.face
 track_latest: false
replaced ec2-instance › i-0f4846b10d6a0ba80 
--- current
+++ planned
@@ -1,87 +1,13 @@
-ami: ami-0f05f5def61ae1c76
-arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-0f4846b10d6a0ba80
-associate_public_ip_address: true
-availability_zone: eu-west-2a
-capacity_reservation_specification:
-    - capacity_reservation_preference: open
-      capacity_reservation_target: []
-cpu_core_count: 1
-cpu_options:
-    - amd_sev_snp: ""
-      core_count: 1
-      threads_per_core: 2
-cpu_threads_per_core: 2
-credit_specification:
-    - cpu_credits: unlimited
-disable_api_stop: false
-disable_api_termination: false
-ebs_block_device: []
-ebs_optimized: false
-enclave_options:
-    - enabled: false
-ephemeral_block_device: []
+ami: ami-0f199c73e611e6068
+credit_specification: []
 get_password_data: false
-hibernation: false
-host_id: ""
-iam_instance_profile: ""
-id: i-0f4846b10d6a0ba80
-instance_initiated_shutdown_behavior: stop
-instance_lifecycle: ""
-instance_market_options: []
-instance_state: running
 instance_type: t3.micro
-ipv6_address_count: 0
-ipv6_addresses: []
-key_name: ""
 launch_template: []
-maintenance_options:
-    - auto_recovery: default
-metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-monitoring: false
-network_interface: []
-outpost_arn: ""
-password_data: ""
-placement_group: ""
-placement_partition_number: 0
-primary_network_interface_id: eni-0fac7d0335752d290
-private_dns: ip-172-31-25-98.eu-west-2.compute.internal
-private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-private_ip: 172.31.25.98
-public_dns: ec2-52-56-183-105.eu-west-2.compute.amazonaws.com
-public_ip: 52.56.183.105
-root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 0
-      kms_key_id: ""
-      tags: {}
-      tags_all: {}
-      throughput: 0
-      volume_id: vol-060a8af5dc555f647
-      volume_size: 8
-      volume_type: standard
-secondary_private_ips: []
-security_groups:
-    - default
 source_dest_check: true
-spot_instance_request_id: ""
-subnet_id: subnet-0435f45b197666342
 tags:
     Name: SG Removal Example Instance 1
 tags_all:
     Name: SG Removal Example Instance 1
-tenancy: default
 terraform_address: module.scenarios[0].aws_instance.example_1
 terraform_name: module.scenarios[0].aws_instance.example_1
 user_data_replace_on_change: false
-vpc_security_group_ids:
-    - sg-0948cdc916d1efffd
replaced ec2-instance › i-011d8956645a4354a 
--- current
+++ planned
@@ -1,87 +1,13 @@
-ami: ami-0f05f5def61ae1c76
-arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-011d8956645a4354a
-associate_public_ip_address: true
-availability_zone: eu-west-2a
-capacity_reservation_specification:
-    - capacity_reservation_preference: open
-      capacity_reservation_target: []
-cpu_core_count: 1
-cpu_options:
-    - amd_sev_snp: ""
-      core_count: 1
-      threads_per_core: 2
-cpu_threads_per_core: 2
-credit_specification:
-    - cpu_credits: unlimited
-disable_api_stop: false
-disable_api_termination: false
-ebs_block_device: []
-ebs_optimized: false
-enclave_options:
-    - enabled: false
-ephemeral_block_device: []
+ami: ami-0f199c73e611e6068
+credit_specification: []
 get_password_data: false
-hibernation: false
-host_id: ""
-iam_instance_profile: ""
-id: i-011d8956645a4354a
-instance_initiated_shutdown_behavior: stop
-instance_lifecycle: ""
-instance_market_options: []
-instance_state: running
 instance_type: t3.micro
-ipv6_address_count: 0
-ipv6_addresses: []
-key_name: ""
 launch_template: []
-maintenance_options:
-    - auto_recovery: default
-metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-monitoring: false
-network_interface: []
-outpost_arn: ""
-password_data: ""
-placement_group: ""
-placement_partition_number: 0
-primary_network_interface_id: eni-01e265c1f847f1e30
-private_dns: ip-172-31-26-172.eu-west-2.compute.internal
-private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-private_ip: 172.31.26.172
-public_dns: ec2-18-171-170-32.eu-west-2.compute.amazonaws.com
-public_ip: 18.171.170.32
-root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 0
-      kms_key_id: ""
-      tags: {}
-      tags_all: {}
-      throughput: 0
-      volume_id: vol-0833488d449a08e7c
-      volume_size: 8
-      volume_type: standard
-secondary_private_ips: []
-security_groups:
-    - default
 source_dest_check: true
-spot_instance_request_id: ""
-subnet_id: subnet-0435f45b197666342
 tags:
     Name: SG Removal Example Instance 1
 tags_all:
     Name: SG Removal Example Instance 1
-tenancy: default
 terraform_address: module.scenarios[0].aws_instance.example_2
 terraform_name: module.scenarios[0].aws_instance.example_2
 user_data_replace_on_change: false
-vpc_security_group_ids:
-    - sg-0948cdc916d1efffd

unmapped Unmapped Changes

Note

These changes couldn't be mapped to a discoverable cloud resource and therefore won't be included in the blast radius calculation.

updated aws_ecs_service › module.loom[0].aws_ecs_service.face 
--- current
+++ planned
@@ -41,7 +41,6 @@
 service_registries: []
 tags: {}
 tags_all: {}
-task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition:48
 terraform_address: module.loom[0].aws_ecs_service.face
 terraform_name: module.loom[0].aws_ecs_service.face
 triggers: {}

Blast Radius

items Items edges Edges
21 30

Open in Overmind

warning Risks

high Potential for Failed Health Checks Post-Update [High]

Updating the health check command from port 1234 to 8080 without confirming the application's readiness on the new port could lead to failed health checks. The current task definition and ECS service configuration indicate that the health check is set for port 1234, which matches the container's listening port. Changing this to a port that the application does not listen on could make ECS mark the task as unhealthy, leading to task terminations and potentially service disruption.

medium Inaccurate Load Balancer Target Group Configuration [Medium]

Given the ECS service is configured with a load balancer targeting container port 1234, updating the health check to a different port without adjusting the load balancer's target group configuration could lead to an incorrect health status reporting. This discrepancy might not directly affect the routing of traffic (as that is managed by the port mappings and load balancer configuration), but it could cause confusion and mismanagement of container health, resulting in improper scaling or recovery actions.

low Port Conflict and Unintended Load Increase [Low]

Changing the health check port may inadvertently redirect the health checks to another service if port 8080 is already in use by a different application within the ECS cluster or the host. This could lead to an unexpected increase in load on the application running on port 8080, potentially affecting its performance and stability. Since the current state information does not detail other services' configurations within the cluster, the risk of a port conflict remains a concern.

@dylanratcliffe dylanratcliffe deleted the dylanratcliffe-patch-1 branch May 24, 2024 12:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dylanratcliffe