aws.ecs-task
Filters
taggable
Filter ECS resources on arn-format https://docs.aws.amazon.com/AmazonECS/latest/userguide/ecs-resource-ids.html :example:
policies: - name: taggable resource: ecs-service filters: - type: taggable state: True
properties:
state:
type: boolean
type:
enum:
- taggable
required:
- type
Permissions - ecs:ListTasks
task-definition
Filter tasks by their task definition.
- Example:
Find any fargate tasks that are running without read only root and stop them.
policies:
- name: fargate-readonly-tasks
resource: ecs-task
filters:
- launchType: FARGATE
- type: task-definition
key: "containerDefinitions[].readonlyRootFilesystem"
value: None
value_type: swap
op: contains
actions:
- type: stop
properties:
default:
type: object
key:
type: string
op:
enum:
- eq
- equal
- ne
- not-equal
- gt
- greater-than
- ge
- gte
- le
- lte
- lt
- less-than
- glob
- regex
- regex-case
- in
- ni
- not-in
- contains
- difference
- intersect
- mod
type:
enum:
- task-definition
value:
oneOf:
- type: array
- type: string
- type: boolean
- type: number
- type: 'null'
value_from:
additionalProperties: 'False'
properties:
expr:
oneOf:
- type: integer
- type: string
format:
enum:
- csv
- json
- txt
- csv2dict
headers:
patternProperties:
? ''
: type: string
type: object
query:
type: string
url:
type: string
required:
- url
type: object
value_path:
type: string
value_regex:
type: string
value_type:
enum:
- age
- integer
- expiration
- normalize
- size
- cidr
- cidr_size
- swap
- resource_count
- expr
- unique_size
- date
- version
- float
required:
- type
Permissions - ecs:DescribeTaskDefinition, ecs:ListTaskDefinitions
Actions
stop
Stop/Delete a currently running task.
properties:
reason:
type: string
type:
enum:
- stop
required:
- type
Permissions - ecs:StopTask