Update health check

[dylanratcliffe]

No description provided.

[github-actions]

Expected Changes

ecs-task-definition › facial-recognition-terraform-example

--- current
+++ planned
@@ -1,26 +1,26 @@
-arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:5
-arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example
-container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:1234"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234,"hostPort":1234,"protocol":"tcp"}],"systemControls":[],"volumesFrom":[]}]'
+arn: (known after apply)
+arn_without_revision: (known after apply)
+container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:8080"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234}],"volumesFrom":[]}]'
 cpu: "1024"
 ephemeral_storage: []
-execution_role_arn: ""
+execution_role_arn: null
 family: facial-recognition-terraform-example
-id: facial-recognition-terraform-example
+id: (known after apply)
 inference_accelerator: []
-ipc_mode: ""
+ipc_mode: null
 memory: "2048"
 network_mode: awsvpc
-pid_mode: ""
+pid_mode: null
 placement_constraints: []
 proxy_configuration: []
 requires_compatibilities:
     - FARGATE
-revision: 5
+revision: (known after apply)
 runtime_platform: []
 skip_destroy: false
-tags: {}
-tags_all: {}
-task_role_arn: ""
+tags: null
+tags_all: (known after apply)
+task_role_arn: null
 terraform_address: module.scenarios[0].aws_ecs_task_definition.face
 terraform_name: module.scenarios[0].aws_ecs_task_definition.face
 track_latest: false

ec2-instance › i-01af8bc7deaf4f9db

--- current
+++ planned
@@ -1,90 +1,63 @@
-ami: ami-06daf814fbf8530fa
-arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-01af8bc7deaf4f9db
+ami: ami-0d3998a1fb9c31903
+arn: (known after apply)
 associate_public_ip_address: true
-availability_zone: eu-west-2b
-capacity_reservation_specification:
-    - capacity_reservation_preference: open
-      capacity_reservation_target: []
-cpu_core_count: 1
-cpu_options:
-    - amd_sev_snp: ""
-      core_count: 1
-      threads_per_core: 2
-cpu_threads_per_core: 2
-credit_specification:
-    - cpu_credits: unlimited
-disable_api_stop: false
-disable_api_termination: false
-ebs_block_device: []
-ebs_optimized: false
-enclave_options:
-    - enabled: false
-ephemeral_block_device: []
+availability_zone: (known after apply)
+capacity_reservation_specification: (known after apply)
+cpu_core_count: (known after apply)
+cpu_options: (known after apply)
+cpu_threads_per_core: (known after apply)
+credit_specification: []
+disable_api_stop: (known after apply)
+disable_api_termination: (known after apply)
+ebs_block_device: (known after apply)
+ebs_optimized: (known after apply)
+enclave_options: (known after apply)
+ephemeral_block_device: (known after apply)
 get_password_data: false
-hibernation: false
-host_id: ""
-host_resource_group_arn: null
-iam_instance_profile: ""
-id: i-01af8bc7deaf4f9db
-instance_initiated_shutdown_behavior: stop
-instance_lifecycle: ""
-instance_market_options: []
-instance_state: running
+hibernation: null
+host_id: (known after apply)
+host_resource_group_arn: (known after apply)
+iam_instance_profile: (known after apply)
+id: (known after apply)
+instance_initiated_shutdown_behavior: (known after apply)
+instance_lifecycle: (known after apply)
+instance_market_options: (known after apply)
+instance_state: (known after apply)
 instance_type: t3.micro
-ipv6_address_count: 0
-ipv6_addresses: []
+ipv6_address_count: (known after apply)
+ipv6_addresses: (known after apply)
 key_name: Demo Key Pair
 launch_template: []
-maintenance_options:
-    - auto_recovery: default
-metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-monitoring: false
-network_interface: []
-outpost_arn: ""
-password_data: ""
-placement_group: ""
-placement_partition_number: 0
-primary_network_interface_id: eni-0cf70b2e4caf520ae
-private_dns: ip-10-0-10-165.eu-west-2.compute.internal
-private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-private_ip: 10.0.10.165
-public_dns: ec2-18-130-198-48.eu-west-2.compute.amazonaws.com
-public_ip: 18.130.198.48
-root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 0
-      kms_key_id: ""
-      tags: {}
-      tags_all: {}
-      throughput: 0
-      volume_id: vol-026757bd7b18141fc
-      volume_size: 8
-      volume_type: standard
-secondary_private_ips: []
-security_groups: []
+maintenance_options: (known after apply)
+metadata_options: (known after apply)
+monitoring: (known after apply)
+network_interface: (known after apply)
+outpost_arn: (known after apply)
+password_data: (known after apply)
+placement_group: (known after apply)
+placement_partition_number: (known after apply)
+primary_network_interface_id: (known after apply)
+private_dns: (known after apply)
+private_dns_name_options: (known after apply)
+private_ip: (known after apply)
+public_dns: (known after apply)
+public_ip: (known after apply)
+root_block_device: (known after apply)
+secondary_private_ips: (known after apply)
+security_groups: (known after apply)
 source_dest_check: true
-spot_instance_request_id: ""
+spot_instance_request_id: (known after apply)
 subnet_id: subnet-036704734045071f9
 tags:
     Name: App Server
 tags_all:
     Name: App Server
-tenancy: default
+tenancy: (known after apply)
 terraform_address: module.scenarios[0].aws_instance.app_server
 terraform_name: module.scenarios[0].aws_instance.app_server
 timeouts: null
-user_data: null
-user_data_base64: null
+user_data: (known after apply)
+user_data_base64: (known after apply)
 user_data_replace_on_change: false
 volume_tags: null
 vpc_security_group_ids:

ec2-instance › i-0eec9aceacee2a457

--- current
+++ planned
@@ -1,90 +1,63 @@
-ami: ami-06daf814fbf8530fa
-arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-0eec9aceacee2a457
+ami: ami-0d3998a1fb9c31903
+arn: (known after apply)
 associate_public_ip_address: true
-availability_zone: eu-west-2a
-capacity_reservation_specification:
-    - capacity_reservation_preference: open
-      capacity_reservation_target: []
-cpu_core_count: 1
-cpu_options:
-    - amd_sev_snp: ""
-      core_count: 1
-      threads_per_core: 2
-cpu_threads_per_core: 2
-credit_specification:
-    - cpu_credits: unlimited
-disable_api_stop: false
-disable_api_termination: false
-ebs_block_device: []
-ebs_optimized: false
-enclave_options:
-    - enabled: false
-ephemeral_block_device: []
+availability_zone: (known after apply)
+capacity_reservation_specification: (known after apply)
+cpu_core_count: (known after apply)
+cpu_options: (known after apply)
+cpu_threads_per_core: (known after apply)
+credit_specification: []
+disable_api_stop: (known after apply)
+disable_api_termination: (known after apply)
+ebs_block_device: (known after apply)
+ebs_optimized: (known after apply)
+enclave_options: (known after apply)
+ephemeral_block_device: (known after apply)
 get_password_data: false
-hibernation: false
-host_id: ""
-host_resource_group_arn: null
-iam_instance_profile: ""
-id: i-0eec9aceacee2a457
-instance_initiated_shutdown_behavior: stop
-instance_lifecycle: ""
-instance_market_options: []
-instance_state: running
+hibernation: null
+host_id: (known after apply)
+host_resource_group_arn: (known after apply)
+iam_instance_profile: (known after apply)
+id: (known after apply)
+instance_initiated_shutdown_behavior: (known after apply)
+instance_lifecycle: (known after apply)
+instance_market_options: (known after apply)
+instance_state: (known after apply)
 instance_type: t3.micro
-ipv6_address_count: 0
-ipv6_addresses: []
+ipv6_address_count: (known after apply)
+ipv6_addresses: (known after apply)
 key_name: Demo Key Pair
 launch_template: []
-maintenance_options:
-    - auto_recovery: default
-metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-monitoring: false
-network_interface: []
-outpost_arn: ""
-password_data: ""
-placement_group: ""
-placement_partition_number: 0
-primary_network_interface_id: eni-099819ae1bbdfb383
-private_dns: ip-10-0-9-176.eu-west-2.compute.internal
-private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-private_ip: 10.0.9.176
-public_dns: ec2-18-171-173-126.eu-west-2.compute.amazonaws.com
-public_ip: 18.171.173.126
-root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 0
-      kms_key_id: ""
-      tags: {}
-      tags_all: {}
-      throughput: 0
-      volume_id: vol-05a1f62e039c2755c
-      volume_size: 8
-      volume_type: standard
-secondary_private_ips: []
-security_groups: []
+maintenance_options: (known after apply)
+metadata_options: (known after apply)
+monitoring: (known after apply)
+network_interface: (known after apply)
+outpost_arn: (known after apply)
+password_data: (known after apply)
+placement_group: (known after apply)
+placement_partition_number: (known after apply)
+primary_network_interface_id: (known after apply)
+private_dns: (known after apply)
+private_dns_name_options: (known after apply)
+private_ip: (known after apply)
+public_dns: (known after apply)
+public_ip: (known after apply)
+root_block_device: (known after apply)
+secondary_private_ips: (known after apply)
+security_groups: (known after apply)
 source_dest_check: true
-spot_instance_request_id: ""
+spot_instance_request_id: (known after apply)
 subnet_id: subnet-06302fc5a50644cd9
 tags:
     Name: Webserver
 tags_all:
     Name: Webserver
-tenancy: default
+tenancy: (known after apply)
 terraform_address: module.scenarios[0].aws_instance.webserver
 terraform_name: module.scenarios[0].aws_instance.webserver
 timeouts: null
-user_data: null
-user_data_base64: null
+user_data: (known after apply)
+user_data_base64: (known after apply)
 user_data_replace_on_change: false
 volume_tags: null
 vpc_security_group_ids:

ec2-launch-template › lt-0731f767e6be2ab94

--- current
+++ planned
@@ -14,14 +14,14 @@
 hibernation_options: []
 iam_instance_profile: []
 id: lt-0731f767e6be2ab94
-image_id: ami-06daf814fbf8530fa
+image_id: ami-0d3998a1fb9c31903
 instance_initiated_shutdown_behavior: ""
 instance_market_options: []
 instance_requirements: []
 instance_type: t3.micro
 kernel_id: ""
 key_name: ""
-latest_version: 1
+latest_version: (known after apply)
 license_specification: []
 maintenance_options: []
 metadata_options: []

Unmapped Changes

Note

These changes couldn't be mapped to a discoverable cloud resource and therefore won't be included in the blast radius calculation.

aws_ecs_service › module.scenarios[0].aws_ecs_service.face

--- current
+++ planned
@@ -42,7 +42,7 @@
 service_registries: []
 tags: {}
 tags_all: {}
-task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:5
+task_definition: (known after apply)
 terraform_address: module.scenarios[0].aws_ecs_service.face
 terraform_name: module.scenarios[0].aws_ecs_service.face
 timeouts: null

Blast Radius

Items	Edges
14	16

Open in Overmind

Risks

Potential Dependency Issues with ECS Task Definition Change [High]

The proposed change to the ECS task definition (540044833068.eu-west-2.ecs-task-definition.facial-recognition-terraform-example) alters several critical attributes such as container_definitions (health check command and port mappings) which might impact service availability.

Specifically, the health check command is changed from wget -q --spider localhost:1234 to wget -q --spider localhost:8080. Any service relying on port 1234 on localhost will be affected. Similarly, reducing portMappings from having a hostPort mapping might result in network connectivity issues for services expecting this mapping.

Validation Steps:

1. Health Check Command: Verify the new health check command (wget -q --spider localhost:8080) matches the exposed service endpoints for the containers.
2. Port Mappings: Ensure no clients, internal services, or load balancers are relying on the previous port configuration (1234). This can be checked against AWS ALB/NLB configurations and security group rules.

Potential Impact:

• Service Downtime: Inaccurate health check or port mapping might lead to ECS tasks being marked unhealthy, causing unnecessary restarts or downtimes.
• Network Connectivity Issues: Changes in port mappings might require updates in associated security groups and load balancer configurations.

EC2 Instance Replacement Impact on Application Availability [Medium]

The EC2 instance (540044833068.eu-west-2.ec2-instance.i-01af8bc7deaf4f9db) is being replaced with a new AMI (ami-0d3998a1fb9c31903). Ensure that the new instance is properly configured to match the existing instance settings, such as instance type (t3.micro), key pair (Demo Key Pair), subnet (subnet-036704734045071f9), and security group (sg-010489fd0c4c07ca5). Additionally, current instance configurations like metadata options, placement, root block device settings, and instance tags need to remain consistent.

Validation Steps:

1. Configuration Validation: Compare the new instance configuration against the current instance (i-01af8bc7deaf4f9db) to ensure attributes such as network interfaces, security groups, key pairs, and placement are identical.
2. Service Availability Check: Ensure the applications running on these instances are correctly deployed and not impacted by differences in instance configuration or AMIs. Test connectivity and application responsiveness post-deployment.

Potential Impact:

• Service Availability: Unoptimized or improperly configured instances could lead to application downtime or degraded performance.
• Configuration Drift: Differences in settings like metadata options and security groups can introduce inconsistencies and potential security vulnerabilities.

EC2 Instance Replacement Impact on Webserver [Medium]

Similar to the App Server, the EC2 instance (540044833068.eu-west-2.ec2-instance.i-0eec9aceacee2a457) is also being replaced with a new AMI (ami-0d3998a1fb9c31903). Ensure the new configuration matches the existing setup, such as instance type, key pair, security group, subnet, and all other configurations. Any discrepancies can affect the availability and performance of the web server.

Validation Steps:

1. Configuration Validation: Review the new instance setup against the current configurations of i-0eec9aceacee2a457. This includes network interface settings, security group configurations, metadata options, and placement details.
2. Service Checks: Post-deployment, validate the webserver's functionality by testing HTTP/HTTPS endpoints to ensure there is no downtime or performance issues.

Potential Impact:

• Webserver Availability: Misconfigurations or mismatched settings can lead to webserver unavailability or impaired functionality.
• Configuration Drift: Inconsistent setup between old and new instances might introduce security risk or operational issues.

Launch Template Update Impact [Medium]

The EC2 Launch Template (540044833068.eu-west-2.ec2-launch-template.lt-0731f767e6be2ab94) is being updated with a new AMI (ami-0d3998a1fb9c31903). Ensure that this change does not introduce inconsistencies in any auto-scaling or instance launch operations. Validate that all settings in the launch template remain consistent, such as instance type (t3.micro), and any critical launch configurations remain unchanged.

Validation Steps:

1. Launch Template Consistency: Verify that the new AMI settings retain all critical launch configurations from the old template. Ensure that instance types, key pairs, and other settings are unchanged and as expected.
2. Test Autoscaling Policies: If this launch template is used within an auto-scaling group, conduct a test to validate that instances launched with the new AMI adhere to the expected configuration, and applications deploying on these instances function without issues.

Potential Impact:

• Auto-scaling Issues: New instances might not configure correctly if there are discrepancies in the launch template, leading to auto-scaling failures or suboptimal performance.
• Configuration Drift: Ensure that updates do not introduce unexpected changes that can affect operational stability and security settings.