From 478cee6a4c31afdc966280f35e6b7c7dc0e404d2 Mon Sep 17 00:00:00 2001 From: A-Ashiq Date: Mon, 16 Dec 2024 16:04:08 +0000 Subject: [PATCH] Set file systems to be read only, rely on mounted volume for any write needs --- terraform/20-app/ecs.service.cms-admin.tf | 2 +- terraform/20-app/ecs.service.feedback-api.tf | 2 +- terraform/20-app/ecs.service.private-api.tf | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/terraform/20-app/ecs.service.cms-admin.tf b/terraform/20-app/ecs.service.cms-admin.tf index a4fea18f..760420f4 100644 --- a/terraform/20-app/ecs.service.cms-admin.tf +++ b/terraform/20-app/ecs.service.cms-admin.tf @@ -35,7 +35,7 @@ module "ecs_service_cms_admin" { cpu = local.use_prod_sizing ? 2048 : 512 memory = local.use_prod_sizing ? 4096 : 1024 essential = true - readonly_root_filesystem = false + readonly_root_filesystem = true image = module.ecr_back_end_ecs.image_uri mount_points = [ { diff --git a/terraform/20-app/ecs.service.feedback-api.tf b/terraform/20-app/ecs.service.feedback-api.tf index 9d7d8c4f..067be90c 100644 --- a/terraform/20-app/ecs.service.feedback-api.tf +++ b/terraform/20-app/ecs.service.feedback-api.tf @@ -35,7 +35,7 @@ module "ecs_service_feedback_api" { cpu = local.use_prod_sizing ? 1024 : 512 memory = local.use_prod_sizing ? 2048 : 1024 essential = true - readonly_root_filesystem = false + readonly_root_filesystem = true image = module.ecr_back_end_ecs.image_uri mount_points = [ { diff --git a/terraform/20-app/ecs.service.private-api.tf b/terraform/20-app/ecs.service.private-api.tf index 4acc4dd2..8a270000 100644 --- a/terraform/20-app/ecs.service.private-api.tf +++ b/terraform/20-app/ecs.service.private-api.tf @@ -37,7 +37,7 @@ module "ecs_service_private_api" { cpu = local.use_prod_sizing ? 2048 : 512 memory = local.use_prod_sizing ? 4096 : 1024 essential = true - readonly_root_filesystem = false + readonly_root_filesystem = true image = module.ecr_back_end_ecs.image_uri mount_points = [ {