kddejong
commented
2 months ago This rule is triggered from an AWS::ECS::Service and associated AWS::ECS::TaskDefinition. Can you provide the relevant parts of those resources too?
Closed dengmingtong closed 2 months ago
kddejong
commented
2 months ago This rule is triggered from an AWS::ECS::Service and associated AWS::ECS::TaskDefinition. Can you provide the relevant parts of those resources too?
dengmingtong
commented
2 months ago "IngestionServerclickstreamingestionserviceecstaskdef5E69A80A": { "Type": "AWS::ECS::TaskDefinition", "Properties": { "ContainerDefinitions": [ { "Cpu": 256, "Environment": [ { "Name": "NGINX_WORKER_CONNECTIONS", "Value": "1024" }, { "Name": "SERVER_ENDPOINT_PATH", "Value": { "Ref": "referencetoMyTestServerEndpointPathA8D9F825Ref" } }, { "Name": "PING_ENDPOINT_PATH", "Value": "/ping" }, { "Name": "SERVER_CORS_ORIGIN", "Value": { "Ref": "referencetoMyTestServerCorsOrigin76E61FDCRef" } }, { "Name": "AWS_REGION", "Value": { "Ref": "AWS::Region" } } ], "Essential": true, "Image": { "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:176b933c13981a68fdcdaacf1c02eb96ff6644bae4996c79cef8317d90f724e2" }, "LogConfiguration": { "LogDriver": "awslogs", "Options": { "awslogs-group": { "Ref": "IngestionServerproxylogAAED240F" }, "awslogs-stream-prefix": "proxy", "awslogs-region": { "Ref": "AWS::Region" } } }, "MemoryReservation": 900, "Name": "proxy", "PortMappings": [ { "ContainerPort": 8088, "Protocol": "tcp" } ] }, { "Cpu": 1792, "Environment": [ { "Name": "AWS_REGION", "Value": { "Ref": "AWS::Region" } }, { "Name": "AWS_MSK_BROKERS", "Value": "NOT_SET" }, { "Name": "AWS_MSK_TOPIC", "Value": "NOT_SET" }, { "Name": "AWS_S3_BUCKET", "Value": { "Ref": "referencetoMyTestS3DataBucketEE7953A1Ref" } }, { "Name": "AWS_S3_PREFIX", "Value": { "Ref": "referencetoMyTestS3DataPrefix00332684Ref" } }, { "Name": "DEV_MODE", "Value": { "Ref": "referencetoMyTestDevMode58A1BD65Ref" } }, { "Name": "S3_BATCH_MAX_BYTES", "Value": { "Ref": "referencetoMyTestS3BatchMaxBytes6130DCB2Ref" } }, { "Name": "S3_BATCH_TIMEOUT_SECS", "Value": { "Ref": "referencetoMyTestS3BatchTimeout9585B8F8Ref" } }, { "Name": "AWS_KINESIS_STREAM_NAME", "Value": "__NOT_SET__" }, { "Name": "STREAM_ACK_ENABLE", "Value": "true" }, { "Name": "WORKER_THREADS_NUM", "Value": "6" } ], "Essential": true, "Image": { "Fn::Sub": "${AWS::AccountId}.dkr.ecr.${AWS::Region}.${AWS::URLSuffix}/cdk-hnb659fds-container-assets-${AWS::AccountId}-${AWS::Region}:4c025482bf4cfcedc65cb6486870dc9aa9f3328d84f7c7c9d892271b03225b12" }, "LogConfiguration": { "LogDriver": "awslogs", "Options": { "awslogs-group": { "Ref": "IngestionServerworkerlog35CECF3A" }, "awslogs-stream-prefix": "worker", "awslogs-region": { "Ref": "AWS::Region" } } }, "MemoryReservation": 900, "Name": "worker", "PortMappings": [ { "ContainerPort": 8685, "Protocol": "tcp" }, { "ContainerPort": 8686, "Protocol": "tcp" } ], "StopTimeout": { "Ref": "referencetoMyTestWorkerStopTimeout8B57DC12Ref" } } ], "ExecutionRoleArn": { "Fn::GetAtt": [ "IngestionServerclickstreamingestionserviceecstaskdefExecutionRole1D7B080E", "Arn" ] }, "Family": "MyTestIngestionServerC0000IngestionServerclickstreamingestionserviceecstaskdefF8F3E8BB", "NetworkMode": "awsvpc", "RequiresCompatibilities": [ "EC2" ], "TaskRoleArn": { "Fn::GetAtt": [ "IngestionServerclickstreamingestionserviceecstaskdefTaskRole3FCE5FCB", "Arn" ] } }, "Metadata": { "aws:cdk:path": "MyTest/IngestionServerC0000/IngestionServer/clickstream-ingestion-service-ecs-task-def/Resource" } },
AWS::ECS::Service "IngestionServerclickstreamingestionserviceecsserviceServiceB3B48083": { "Type": "AWS::ECS::Service", "Properties": { "CapacityProviderStrategy": [ { "CapacityProvider": { "Ref": "IngestionServerclickstreamingestionserviceecscapacityprovider8FF654A6" }, "Weight": 1 } ], "Cluster": { "Ref": "IngestionServerclickstreamingestionserviceecscluster02FAD1F6" }, "DeploymentConfiguration": { "Alarms": { "AlarmNames": [], "Enable": false, "Rollback": false }, "MaximumPercent": 200, "MinimumHealthyPercent": 50 }, "EnableECSManagedTags": false, "HealthCheckGracePeriodSeconds": 60, "LoadBalancers": [ { "ContainerName": "proxy", "ContainerPort": 8088, "TargetGroupArn": { "Ref": "IngestionServerclickstreamingestionservicealbListenerECSGroup46B223E2" } } ], "NetworkConfiguration": { "AwsvpcConfiguration": { "AssignPublicIp": "DISABLED", "SecurityGroups": [ { "Fn::GetAtt": [ "ECSEgressToAWSServiceSGB2867C11", "GroupId" ] } ], "Subnets": { "Fn::Split": [ ",", { "Ref": "referencetoMyTestPrivateSubnetIds3D2B0A75Ref" } ] } } }, "PropagateTags": "SERVICE", "SchedulingStrategy": "REPLICA", "TaskDefinition": { "Ref": "IngestionServerclickstreamingestionserviceecstaskdef5E69A80A" } }, "DependsOn": [ "IngestionServerclickstreamingestionservicealbListenerECSGroup46B223E2", "IngestionServerclickstreamingestionservicealbListenerC75A1082", "IngestionServerclickstreamingestionserviceecscluster2CD9C6F5", "IngestionServerclickstreamingestionserviceecstaskdefTaskRoleDefaultPolicy1D6452DB", "IngestionServerclickstreamingestionserviceecstaskdefTaskRole3FCE5FCB" ], "Metadata": { "aws:cdk:path": "MyTest/IngestionServerC0000/IngestionServer/clickstream-ingestion-service-ecs-service/Service" } },
kddejong
commented
2 months ago Thank you this release should have this resolved https://github.com/aws-cloudformation/cfn-lint/releases/tag/v1.9.1
CloudFormation Lint Version
1.9.0
What operating system are you using?
Mac
Describe the bug
When I upgrade cfn-lint to version 1.9.0, got below error:
E3002 When using an ECS task definition of host port 0 and associating that container to an ELB the target group has to have a 'HealthCheckPort' of 'traffic-port' cdk.out/MyTestIngestionServerC0000BCCECD80.nested.template.json:1768:5
We don't think this is an error, and according to https://github.com/aws-cloudformation/cfn-lint/blob/63cadf41e6e1e7288e8ea2d22571c8ea4d261a5c/docs/rules.md?plain=1#L101 The E3002 should be another error.
Expected behavior
Expect there is no error for cfn-lint v1.9.0
Reproduction template