Update Health Check

[dylanratcliffe]

No description provided.

[github-actions]

Expected Changes

ecs-task-definition › facial-recognition-terraform-example

--- current
+++ planned
@@ -1,26 +1,26 @@
-arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:5
-arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example
-container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:1234"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234,"hostPort":1234,"protocol":"tcp"}],"systemControls":[],"volumesFrom":[]}]'
+arn: (known after apply)
+arn_without_revision: (known after apply)
+container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20240827194315707700000013.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:8080"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234}],"volumesFrom":[]}]'
 cpu: "1024"
 ephemeral_storage: []
-execution_role_arn: ""
+execution_role_arn: null
 family: facial-recognition-terraform-example
-id: facial-recognition-terraform-example
+id: (known after apply)
 inference_accelerator: []
-ipc_mode: ""
+ipc_mode: null
 memory: "2048"
 network_mode: awsvpc
-pid_mode: ""
+pid_mode: null
 placement_constraints: []
 proxy_configuration: []
 requires_compatibilities:
     - FARGATE
-revision: 5
+revision: (known after apply)
 runtime_platform: []
 skip_destroy: false
-tags: {}
-tags_all: {}
-task_role_arn: ""
+tags: null
+tags_all: (known after apply)
+task_role_arn: null
 terraform_address: module.scenarios[0].aws_ecs_task_definition.face
 terraform_name: module.scenarios[0].aws_ecs_task_definition.face
 track_latest: false

ec2-instance › i-0a525744b5dac529d

--- current
+++ planned
@@ -1,90 +1,63 @@
-ami: ami-0a2b52b696339c85d
-arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-0a525744b5dac529d
+ami: ami-00d2f0339a1fdfef6
+arn: (known after apply)
 associate_public_ip_address: true
-availability_zone: eu-west-2b
-capacity_reservation_specification:
-    - capacity_reservation_preference: open
-      capacity_reservation_target: []
-cpu_core_count: 1
-cpu_options:
-    - amd_sev_snp: ""
-      core_count: 1
-      threads_per_core: 2
-cpu_threads_per_core: 2
-credit_specification:
-    - cpu_credits: unlimited
-disable_api_stop: false
-disable_api_termination: false
-ebs_block_device: []
-ebs_optimized: false
-enclave_options:
-    - enabled: false
-ephemeral_block_device: []
+availability_zone: (known after apply)
+capacity_reservation_specification: (known after apply)
+cpu_core_count: (known after apply)
+cpu_options: (known after apply)
+cpu_threads_per_core: (known after apply)
+credit_specification: []
+disable_api_stop: (known after apply)
+disable_api_termination: (known after apply)
+ebs_block_device: (known after apply)
+ebs_optimized: (known after apply)
+enclave_options: (known after apply)
+ephemeral_block_device: (known after apply)
 get_password_data: false
-hibernation: false
-host_id: ""
-host_resource_group_arn: null
-iam_instance_profile: ""
-id: i-0a525744b5dac529d
-instance_initiated_shutdown_behavior: stop
-instance_lifecycle: ""
-instance_market_options: []
-instance_state: running
+hibernation: null
+host_id: (known after apply)
+host_resource_group_arn: (known after apply)
+iam_instance_profile: (known after apply)
+id: (known after apply)
+instance_initiated_shutdown_behavior: (known after apply)
+instance_lifecycle: (known after apply)
+instance_market_options: (known after apply)
+instance_state: (known after apply)
 instance_type: t3.micro
-ipv6_address_count: 0
-ipv6_addresses: []
+ipv6_address_count: (known after apply)
+ipv6_addresses: (known after apply)
 key_name: Demo Key Pair
 launch_template: []
-maintenance_options:
-    - auto_recovery: default
-metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-monitoring: false
-network_interface: []
-outpost_arn: ""
-password_data: ""
-placement_group: ""
-placement_partition_number: 0
-primary_network_interface_id: eni-052b9ce8c42900c07
-private_dns: ip-10-0-10-86.eu-west-2.compute.internal
-private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-private_ip: 10.0.10.86
-public_dns: ec2-18-175-243-185.eu-west-2.compute.amazonaws.com
-public_ip: 18.175.243.185
-root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 0
-      kms_key_id: ""
-      tags: {}
-      tags_all: {}
-      throughput: 0
-      volume_id: vol-087349579eb65ac71
-      volume_size: 8
-      volume_type: standard
-secondary_private_ips: []
-security_groups: []
+maintenance_options: (known after apply)
+metadata_options: (known after apply)
+monitoring: (known after apply)
+network_interface: (known after apply)
+outpost_arn: (known after apply)
+password_data: (known after apply)
+placement_group: (known after apply)
+placement_partition_number: (known after apply)
+primary_network_interface_id: (known after apply)
+private_dns: (known after apply)
+private_dns_name_options: (known after apply)
+private_ip: (known after apply)
+public_dns: (known after apply)
+public_ip: (known after apply)
+root_block_device: (known after apply)
+secondary_private_ips: (known after apply)
+security_groups: (known after apply)
 source_dest_check: true
-spot_instance_request_id: ""
+spot_instance_request_id: (known after apply)
 subnet_id: subnet-036704734045071f9
 tags:
     Name: App Server
 tags_all:
     Name: App Server
-tenancy: default
+tenancy: (known after apply)
 terraform_address: module.scenarios[0].aws_instance.app_server
 terraform_name: module.scenarios[0].aws_instance.app_server
 timeouts: null
-user_data: null
-user_data_base64: null
+user_data: (known after apply)
+user_data_base64: (known after apply)
 user_data_replace_on_change: false
 volume_tags: null
 vpc_security_group_ids:

ec2-instance › i-05bccc870971a2004

--- current
+++ planned
@@ -1,90 +1,63 @@
-ami: ami-0a2b52b696339c85d
-arn: arn:aws:ec2:eu-west-2:540044833068:instance/i-05bccc870971a2004
+ami: ami-00d2f0339a1fdfef6
+arn: (known after apply)
 associate_public_ip_address: true
-availability_zone: eu-west-2a
-capacity_reservation_specification:
-    - capacity_reservation_preference: open
-      capacity_reservation_target: []
-cpu_core_count: 1
-cpu_options:
-    - amd_sev_snp: ""
-      core_count: 1
-      threads_per_core: 2
-cpu_threads_per_core: 2
-credit_specification:
-    - cpu_credits: unlimited
-disable_api_stop: false
-disable_api_termination: false
-ebs_block_device: []
-ebs_optimized: false
-enclave_options:
-    - enabled: false
-ephemeral_block_device: []
+availability_zone: (known after apply)
+capacity_reservation_specification: (known after apply)
+cpu_core_count: (known after apply)
+cpu_options: (known after apply)
+cpu_threads_per_core: (known after apply)
+credit_specification: []
+disable_api_stop: (known after apply)
+disable_api_termination: (known after apply)
+ebs_block_device: (known after apply)
+ebs_optimized: (known after apply)
+enclave_options: (known after apply)
+ephemeral_block_device: (known after apply)
 get_password_data: false
-hibernation: false
-host_id: ""
-host_resource_group_arn: null
-iam_instance_profile: ""
-id: i-05bccc870971a2004
-instance_initiated_shutdown_behavior: stop
-instance_lifecycle: ""
-instance_market_options: []
-instance_state: running
+hibernation: null
+host_id: (known after apply)
+host_resource_group_arn: (known after apply)
+iam_instance_profile: (known after apply)
+id: (known after apply)
+instance_initiated_shutdown_behavior: (known after apply)
+instance_lifecycle: (known after apply)
+instance_market_options: (known after apply)
+instance_state: (known after apply)
 instance_type: t3.micro
-ipv6_address_count: 0
-ipv6_addresses: []
+ipv6_address_count: (known after apply)
+ipv6_addresses: (known after apply)
 key_name: Demo Key Pair
 launch_template: []
-maintenance_options:
-    - auto_recovery: default
-metadata_options:
-    - http_endpoint: enabled
-      http_protocol_ipv6: disabled
-      http_put_response_hop_limit: 1
-      http_tokens: optional
-      instance_metadata_tags: disabled
-monitoring: false
-network_interface: []
-outpost_arn: ""
-password_data: ""
-placement_group: ""
-placement_partition_number: 0
-primary_network_interface_id: eni-05a61fe5efd2c3a26
-private_dns: ip-10-0-9-45.eu-west-2.compute.internal
-private_dns_name_options:
-    - enable_resource_name_dns_a_record: false
-      enable_resource_name_dns_aaaa_record: false
-      hostname_type: ip-name
-private_ip: 10.0.9.45
-public_dns: ec2-13-40-131-98.eu-west-2.compute.amazonaws.com
-public_ip: 13.40.131.98
-root_block_device:
-    - delete_on_termination: true
-      device_name: /dev/xvda
-      encrypted: false
-      iops: 0
-      kms_key_id: ""
-      tags: {}
-      tags_all: {}
-      throughput: 0
-      volume_id: vol-04ea3f96ac619251d
-      volume_size: 8
-      volume_type: standard
-secondary_private_ips: []
-security_groups: []
+maintenance_options: (known after apply)
+metadata_options: (known after apply)
+monitoring: (known after apply)
+network_interface: (known after apply)
+outpost_arn: (known after apply)
+password_data: (known after apply)
+placement_group: (known after apply)
+placement_partition_number: (known after apply)
+primary_network_interface_id: (known after apply)
+private_dns: (known after apply)
+private_dns_name_options: (known after apply)
+private_ip: (known after apply)
+public_dns: (known after apply)
+public_ip: (known after apply)
+root_block_device: (known after apply)
+secondary_private_ips: (known after apply)
+security_groups: (known after apply)
 source_dest_check: true
-spot_instance_request_id: ""
+spot_instance_request_id: (known after apply)
 subnet_id: subnet-06302fc5a50644cd9
 tags:
     Name: Webserver
 tags_all:
     Name: Webserver
-tenancy: default
+tenancy: (known after apply)
 terraform_address: module.scenarios[0].aws_instance.webserver
 terraform_name: module.scenarios[0].aws_instance.webserver
 timeouts: null
-user_data: null
-user_data_base64: null
+user_data: (known after apply)
+user_data_base64: (known after apply)
 user_data_replace_on_change: false
 volume_tags: null
 vpc_security_group_ids:

ec2-launch-template › lt-0731f767e6be2ab94

--- current
+++ planned
@@ -14,14 +14,14 @@
 hibernation_options: []
 iam_instance_profile: []
 id: lt-0731f767e6be2ab94
-image_id: ami-0a2b52b696339c85d
+image_id: ami-00d2f0339a1fdfef6
 instance_initiated_shutdown_behavior: ""
 instance_market_options: []
 instance_requirements: []
 instance_type: t3.micro
 kernel_id: ""
 key_name: ""
-latest_version: 2
+latest_version: (known after apply)
 license_specification: []
 maintenance_options: []
 metadata_options: []

Unmapped Changes

Note

These changes couldn't be mapped to a discoverable cloud resource and therefore won't be included in the blast radius calculation.

aws_ecs_service › module.scenarios[0].aws_ecs_service.face

--- current
+++ planned
@@ -42,7 +42,7 @@
 service_registries: []
 tags: {}
 tags_all: {}
-task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:5
+task_definition: (known after apply)
 terraform_address: module.scenarios[0].aws_ecs_service.face
 terraform_name: module.scenarios[0].aws_ecs_service.face
 timeouts: null

Blast Radius

Items	Edges
25	33

Open in Overmind

Risks

Port Mapping Change in ECS Task Definition May Impact Connectivity [High]

The proposed change for the ECS task definition '540044833068.eu-west-2.ecs-task-definition.facial-recognition-terraform-example' involves altering the health check command in the container definition to use localhost:8080 instead of localhost:1234. Currently, the ECS task 'facial-recognition' and the associated ELB target group are configured to communicate over HTTP on port 1234.

Risk Considerations:

• Misconfiguration Risk: If external systems or the load balancer are still configured to target port 1234, this change may disrupt application access.
• Dependency Overlaps: Ensure that other services using this ECS task have compatible port configurations.

Validation Steps:

• Verify that all upstream dependencies and the load balancer's health checks and routing configurations are updated to reflect the new port.
• Confirm that security groups allow communication on the new port 8080.
• Validate that this change does not inadvertently block legitimate traffic due to unchanged firewall or routing settings.

Consequences if Misconfigured: Connectivity loss to the facial recognition service, potentially affecting SLA and application performance.

• Check the ECS service and ELB target group to ensure correct port mapping.