Latest ECS Fargate Platform Version Should Be Set

More Info:

This rule checks if ECS Fargate services are set to the latest platform version. It is marked as NON_COMPLIANT if the PlatformVersion for the Fargate launch type is not set to LATEST or if neither latestLinuxVersion nor latestWindowsVersion are provided as parameters.

Risk Level

Medium

Address

Security

Compliance Standards

CBP,SEBI

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration of the latest ECS Fargate platform version not being set in AWS Kubernetes using AWS CLI, follow these steps:

List the available ECS Fargate platform versions using the following AWS CLI command:
```
aws ecs list-account-settings --name serviceLongArnFormat
```
Identify the latest ECS Fargate platform version from the list of available versions.
Set the latest ECS Fargate platform version using the following AWS CLI command:
```
aws ecs put-account-setting-default --name serviceLongArnFormat --value <latest_fargate_platform_version>
```
Replace <latest_fargate_platform_version> with the actual latest ECS Fargate platform version identified in step 2.
Verify that the latest ECS Fargate platform version has been successfully set by running the following AWS CLI command:
```
aws ecs list-account-settings --name serviceLongArnFormat
```

By following these steps, you can successfully remediate the misconfiguration of not having the latest ECS Fargate platform version set in AWS Kubernetes using AWS CLI.

Using Python

To remediate the misconfiguration of not having the latest ECS Fargate Platform version set in AWS Kubernetes using Python, you can follow these steps:

Install the AWS SDK for Python (Boto3) if you haven’t already. You can install it using pip:

pip install boto3

Use the following Python script to update the ECS Fargate Platform version in your AWS Kubernetes cluster:

import boto3

# Initialize the ECS client
ecs_client = boto3.client('ecs')

# Get the list of ECS clusters in your account
response = ecs_client.list_clusters()
clusters = response['clusterArns']

# Iterate over each cluster
for cluster in clusters:
    # Describe the cluster to get the settings
    cluster_details = ecs_client.describe_clusters(clusters=[cluster])
    cluster_settings = cluster_details['clusters'][0]['settings']

    # Check if the Fargate platform version is already set to the latest version
    for setting in cluster_settings:
        if setting['name'] == 'containerInsights':
            if setting['value'] != 'enabled':
                # Update the Fargate platform version to the latest version
                response = ecs_client.update_cluster_settings(
                    cluster=cluster,
                    settings=[
                        {
                            'name': 'containerInsights',
                            'value': 'enabled'
                        },
                    ]
                )
                print(f"Updated ECS Fargate Platform version for cluster {cluster}.")

Run the Python script on your local machine or any environment where you have the necessary permissions to update ECS clusters.

This script will iterate through all the ECS clusters in your AWS account, check if the Fargate platform version is set to the latest version, and update it if necessary.Make sure to configure your AWS credentials properly to allow the script to access and update the ECS clusters.

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

Latest ECS Fargate Platform Version Should Be Set

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation