🛡️ AWS ECS Task Definition logging is not configured🟢

• Contextual name: 🛡️ Task Definition logging is not configured🟢
• ID: /ce/ca/aws/ecs/task-definition-logging
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: SECURITY

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 AWS ECS Task Definition
  • 🔌 AWS ECS Container Definition - object.extracts.yaml
  • 🔌 AWS ECS Task Definition - object.extracts.yaml
  • 🧪 test-data.json

Similar Policies

• AWS Security Hub: [ECS.9] ECS task definitions should have a logging configuration

Description

Open File

Description

This policy identifies AWS ECS Task Definitions in which container definitions do not include a logConfiguration, specifically where a logDriver is not specified.

Without a proper log configuration, container logs (stdout/stderr) may be lost or accessible only through ephemeral methods, such as docker logs on the host, if accessible.

Rationale

Application logs are essential for diagnosing errors, monitoring performance, and supporting post-incident analysis. They provide a historical record of application activity and are critical for compliance and auditing purposes.

Proper log configuration allows log streams to be analyzed in real time (e.g., using CloudWatch Logs Metric Filters) to detect error patterns and trigger alerts.

The awslogs driver is commonly used to send logs to Amazon CloudWatch Logs. Other supported drivers, such as Splunk or Fluentd, are also valid.

Audit

This policy marks an AWS ECS Task Definition as INCOMPLIANT if any associated AWS ECS Container Definition does not include a Log Configuration Driver.

... see more

Remediation

Open File

Remediation

Enable Logging for ECS Task Definitions

Using the AWS CLI

1. Retrieve the existing task definition

   aws ecs describe-task-definition \
       --task-definition {{family-or-full-arn}} \
       --query 'taskDefinition' > task-def.json

2. Edit task-def.json

   Add a logConfiguration object to each container definition.

   "containerDefinitions": [
       {
           "name": "{{my-app}}",
           "image": "{{my-image}}",
           "logConfiguration": {
               "logDriver": "{{awslogs}}",
               "options": {
                   "awslogs-group": "{{/ecs/my-app-logs}}",
                   "awslogs-region": "{{us-east-1}}",
                   "awslogs-stream-prefix": "{{ecs}}"
               }
           },
           ...
       }
   ]

   Note: Ensure that the Task Execution Role (executionRoleArn) has the following permissions:

   • logs:CreateLogStream
   • logs:PutLogEvents

3. Register the updated task definition

... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [ECS.9] ECS task definitions should have a logging configuration			1		no data
💼 Cloudaware Framework → 💼 Logging and Monitoring Configuration			78		no data
💼 FedRAMP High Security Controls → 💼 AU-2 Event Logging (L)(M)(H)			27		no data
💼 FedRAMP High Security Controls → 💼 AU-3 Content of Audit Records (L)(M)(H)	1		39		no data
💼 FedRAMP High Security Controls → 💼 AU-6(3) Correlate Audit Record Repositories (M)(H)			17		no data
💼 FedRAMP High Security Controls → 💼 AU-6(4) Central Review and Analysis (H)			17		no data
💼 FedRAMP High Security Controls → 💼 AU-10 Non-repudiation (H)			16		no data
💼 FedRAMP High Security Controls → 💼 AU-12 Audit Record Generation (L)(M)(H)	2		74		no data
💼 FedRAMP High Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	2		28		no data
💼 FedRAMP Low Security Controls → 💼 AU-2 Event Logging (L)(M)(H)			27		no data
💼 FedRAMP Low Security Controls → 💼 AU-3 Content of Audit Records (L)(M)(H)			24		no data
💼 FedRAMP Low Security Controls → 💼 AU-12 Audit Record Generation (L)(M)(H)			74		no data
💼 FedRAMP Low Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	1		28		no data
💼 FedRAMP Moderate Security Controls → 💼 AU-2 Event Logging (L)(M)(H)			27		no data
💼 FedRAMP Moderate Security Controls → 💼 AU-3 Content of Audit Records (L)(M)(H)	1		39		no data
💼 FedRAMP Moderate Security Controls → 💼 AU-6(3) Correlate Audit Record Repositories (M)(H)			17		no data
💼 FedRAMP Moderate Security Controls → 💼 AU-12 Audit Record Generation (L)(M)(H)			74		no data
💼 FedRAMP Moderate Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	2		28		no data
💼 NIST CSF v2.0 → 💼 DE.AE-02: Potentially adverse events are analyzed to better understand associated activities			51		no data
💼 NIST CSF v2.0 → 💼 DE.AE-03: Information is correlated from multiple sources			66		no data
💼 NIST CSF v2.0 → 💼 DE.CM-01: Networks and network services are monitored to find potentially adverse events			185		no data
💼 NIST CSF v2.0 → 💼 DE.CM-02: The physical environment is monitored to find potentially adverse events			28		no data
💼 NIST CSF v2.0 → 💼 DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events			105		no data
💼 NIST CSF v2.0 → 💼 DE.CM-06: External service provider activities and services are monitored to find potentially adverse events			51		no data
💼 NIST CSF v2.0 → 💼 DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events			182		no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations			47		no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			62		no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities			62		no data
💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded			47		no data
💼 NIST CSF v2.0 → 💼 ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked			50		no data
💼 NIST SP 800-53 Revision 5 → 💼 AC-4(26) Information Flow Enforcement _ Audit Filtering Actions			18		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-2 Event Logging	4		27		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-3 Content of Audit Records	3	15	39		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(3) Audit Record Review, Analysis, and Reporting _ Correlate Audit Record Repositories			17		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(4) Audit Record Review, Analysis, and Reporting _ Central Review and Analysis			17		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-10 Non-repudiation	5		16		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-12 Audit Record Generation	4	48	74		no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		28		no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-7(9) Boundary Protection _ Restrict Threatening Outgoing Communications Traffic			35		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-7(8) Software, Firmware, and Information Integrity _ Auditing Capability for Significant Events			17		no data