aws.ecs-task

Filters

taggable

Filter ECS resources on arn-format https://docs.aws.amazon.com/AmazonECS/latest/userguide/ecs-resource-ids.html :example:

policies:
    - name: taggable
      resource: ecs-service
      filters:
        - type: taggable
          state: True
properties:
  state:
    type: boolean
  type:
    enum:
    - taggable
required:
- type

Permissions - ecs:ListTasks

task-definition

Filter tasks by their task definition.

Example:

Find any fargate tasks that are running without read only root and stop them.

policies:
  - name: fargate-readonly-tasks
    resource: ecs-task
    filters:
      - launchType: FARGATE
      - type: task-definition
        key: "containerDefinitions[].readonlyRootFilesystem"
        value: None
        value_type: swap
        op: contains
    actions:
      - type: stop
properties:
  default:
    type: object
  key:
    type: string
  op:
    enum:
    - eq
    - equal
    - ne
    - not-equal
    - gt
    - greater-than
    - ge
    - gte
    - le
    - lte
    - lt
    - less-than
    - glob
    - regex
    - regex-case
    - in
    - ni
    - not-in
    - contains
    - difference
    - intersect
  type:
    enum:
    - task-definition
  value:
    oneOf:
    - type: array
    - type: string
    - type: boolean
    - type: number
    - type: 'null'
  value_from:
    additionalProperties: 'False'
    properties:
      expr:
        oneOf:
        - type: integer
        - type: string
      format:
        enum:
        - csv
        - json
        - txt
        - csv2dict
      headers:
        patternProperties:
          ? ''
          : type: string
        type: object
      url:
        type: string
    required:
    - url
    type: object
  value_path:
    type: string
  value_regex:
    type: string
  value_type:
    enum:
    - age
    - integer
    - expiration
    - normalize
    - size
    - cidr
    - cidr_size
    - swap
    - resource_count
    - expr
    - unique_size
    - date
    - version
    - float
required:
- type

Permissions - ecs:DescribeTaskDefinition, ecs:ListTaskDefinitions

Actions

stop

Stop/Delete a currently running task.

properties:
  reason:
    type: string
  type:
    enum:
    - stop
required:
- type

Permissions - ecs:StopTask