@@ -80,11 +80,12 @@ resource "aws_ecs_task_definition" "task" {
8080
8181 # forms-runner
8282 {
83- name = " forms-runner"
84- image = var.forms_runner_container_image
85- command = []
86- essential = true
87- environment = local.forms_runner_env_vars
83+ name = " forms-runner"
84+ image = var.forms_runner_container_image
85+ command = []
86+ essential = true
87+ environment = local.forms_runner_env_vars
88+ readonlyRootFilesystem = true
8889
8990 dockerLabels = {
9091 " traefik.http.middlewares.forms-runner-pr-${ var . pull_request_number } .basicauth.users" : data.terraform_remote_state.review.outputs.traefik_basic_auth_credentials
@@ -140,11 +141,12 @@ resource "aws_ecs_task_definition" "task" {
140141
141142 # forms-api
142143 {
143- name = " forms-api"
144- image = " 711966560482.dkr.ecr.eu-west-2.amazonaws.com/forms-api-deploy:latest"
145- command = []
146- essential = true
147- environment = local.forms_api_env_vars
144+ name = " forms-api"
145+ image = " 711966560482.dkr.ecr.eu-west-2.amazonaws.com/forms-api-deploy:latest"
146+ command = []
147+ essential = true
148+ environment = local.forms_api_env_vars
149+ readonlyRootFilesystem = true
148150
149151 portMappings = [{ containerPort = 9292 }]
150152
@@ -178,11 +180,12 @@ resource "aws_ecs_task_definition" "task" {
178180
179181 # forms-admin
180182 {
181- name = " forms-admin"
182- image = " 711966560482.dkr.ecr.eu-west-2.amazonaws.com/forms-admin-deploy:latest"
183- command = []
184- essential = true
185- environment = local.forms_admin_env_vars
183+ name = " forms-admin"
184+ image = " 711966560482.dkr.ecr.eu-west-2.amazonaws.com/forms-admin-deploy:latest"
185+ command = []
186+ essential = true
187+ environment = local.forms_admin_env_vars
188+ readonlyRootFilesystem = true
186189
187190 dockerLabels = {
188191 " traefik.http.middlewares.forms-runner-pr-${ var . pull_request_number } -admin-app.basicauth.users" : data.terraform_remote_state.review.outputs.traefik_basic_auth_credentials
@@ -289,11 +292,12 @@ resource "aws_ecs_task_definition" "task" {
289292
290293 # forms-runner-seeding
291294 {
292- name = " forms-runner-seeding"
293- image = var.forms_runner_container_image
294- command = [" rake" " db:setup"
295- essential = false
296- environment = local.forms_runner_env_vars
295+ name = " forms-runner-seeding"
296+ image = var.forms_runner_container_image
297+ command = [" rake" " db:create" " db:migrate" " db:seed"
298+ essential = false
299+ environment = local.forms_runner_env_vars
300+ readonlyRootFilesystem = true
297301
298302 logConfiguration = {
299303 logDriver = " awslogs"
@@ -314,11 +318,12 @@ resource "aws_ecs_task_definition" "task" {
314318
315319 # forms-api-seeding
316320 {
317- name = " forms-api-seeding"
318- image = " 711966560482.dkr.ecr.eu-west-2.amazonaws.com/forms-api-deploy:latest"
319- command = [" rake" " db:setup"
320- essential = false
321- environment = local.forms_api_env_vars
321+ name = " forms-api-seeding"
322+ image = " 711966560482.dkr.ecr.eu-west-2.amazonaws.com/forms-api-deploy:latest"
323+ command = [" rake" " db:setup"
324+ essential = false
325+ environment = local.forms_api_env_vars
326+ readonlyRootFilesystem = true
322327
323328 logConfiguration = {
324329 logDriver = " awslogs"
@@ -339,11 +344,12 @@ resource "aws_ecs_task_definition" "task" {
339344
340345 # forms-admin-seeding
341346 {
342- name = " forms-admin-seeding"
343- image = " 711966560482.dkr.ecr.eu-west-2.amazonaws.com/forms-admin-deploy:latest"
344- command = [" rake" " db:setup"
345- essential = false
346- environment = local.forms_admin_env_vars
347+ name = " forms-admin-seeding"
348+ image = " 711966560482.dkr.ecr.eu-west-2.amazonaws.com/forms-admin-deploy:latest"
349+ command = [" rake" " db:setup"
350+ essential = false
351+ environment = local.forms_admin_env_vars
352+ readonlyRootFilesystem = true
347353
348354 logConfiguration = {
349355 logDriver = " awslogs"
0 commit comments