Update health check command port from 1234 to 8080

[dylanratcliffe]

No description provided.

[env0]

🚀  env0 had composed a PR Plan for environment Terraform Example / production :

Plan: 1 to add, 2 to change, 1 to destroy.

Plan Details

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
!   update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:


  # module.scenarios[0].aws_ecs_service.face will be updated in-place
!   resource "aws_ecs_service" "face" {
        id                                 = "arn:aws:ecs:eu-west-2:540044833068:service/example-terraform-example/facial-recognition"
        name                               = "facial-recognition"
        tags                               = {}
!       task_definition                    = "arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:9" -> (known after apply)
        # (15 unchanged attributes hidden)

        # (5 unchanged blocks hidden)
    }

  # module.scenarios[0].aws_ecs_task_definition.face must be replaced
-/+ resource "aws_ecs_task_definition" "face" {
!       arn                      = "arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:9" -> (known after apply)
!       arn_without_revision     = "arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example" -> (known after apply)
!       container_definitions    = jsonencode(
!           [
!               {
!                   healthCheck    = {
!                       command  = [
                            "CMD-SHELL",
-                           "wget -q --spider localhost:1234",
+                           "wget -q --spider localhost:8080",
                        ]
                        # (3 unchanged attributes hidden)
                    }
                    name           = "facial-recognition"
!                   portMappings   = [
!                       {
-                           hostPort      = 1234
-                           protocol      = "tcp"
                            # (2 unchanged attributes hidden)
                        },
                    ]
-                   systemControls = []
                    # (7 unchanged attributes hidden)
                },
            ] # forces replacement
        )
!       enable_fault_injection   = false -> (known after apply)
!       id                       = "facial-recognition-terraform-example" -> (known after apply)
!       revision                 = 9 -> (known after apply)
-       tags                     = {} -> null
!       tags_all                 = {} -> (known after apply)
        # (7 unchanged attributes hidden)
    }

  # module.scenarios[0].module.cloudfront.aws_cloudfront_distribution.this[0] will be updated in-place
!   resource "aws_cloudfront_distribution" "this" {
        id                             = "EX4HFUQMZ2ULI"
        tags                           = {}
        # (20 unchanged attributes hidden)

-       custom_error_response {
-           error_caching_min_ttl = 0 -> null
-           error_code            = 403 -> null
-           response_code         = 403 -> null
-           response_page_path    = "/errors/403.html" -> null
        }
-       custom_error_response {
-           error_caching_min_ttl = 0 -> null
-           error_code            = 404 -> null
-           response_code         = 404 -> null
-           response_page_path    = "/errors/404.html" -> null
        }
+       custom_error_response {
+           error_code         = 404
+           response_code      = 404
+           response_page_path = "/errors/403.html"
        }
+       custom_error_response {
+           error_code         = 404
+           response_code      = 404
+           response_page_path = "/errors/404.html"
        }

        # (8 unchanged blocks hidden)
    }

Plan: 1 to add, 2 to change, 1 to destroy.

Failed to calculate cost estimation

Full PR Plan logs on env0

Get instant insights with AI Summary

[github-actions]

Open in Overmind ↗

---

model|risks_v6

🔴 Change Signals

Routine 🔴 ▇▅▃▂▁ AWS ECS task definitions showing first ever modifications across multiple attributes, which is unusual compared to typical patterns.

View signals ↗

---

🔥 Risks

Changing container health check to 8080 while service and ALB remain on 1234 will cause ECS to mark tasks unhealthy and drop ALB targets ‼️High Open Risk ↗
The ECS task definition facial-recognition-terraform-example will change its container health check to probe localhost:8080 while the service continues to listen and be exposed on port 1234. The current task definition maps containerPort/hostPort 1234 and the ALB target group facerec-terraform-example routes and health-checks on port 1234, with target 10.0.1.185:1234 currently healthy.

When the new task definition deploys, the container health check on 8080 will fail because nothing is listening on that port. ECS will mark the container unhealthy and stop/restart tasks, causing the ALB target on 10.0.1.185:1234 to churn or drop to zero healthy targets. This will interrupt traffic and can cause service downtime during and after the rollout until ports are aligned.

CloudFront error response change will remove 403 custom page and enable error caching for 404s, serving wrong pages and caching negative responses ❗Medium Open Risk ↗
The CloudFront distribution 540044833068.cloudfront-distribution.EX4HFUQMZ2ULI is changing its custom error responses so that the 403 mapping is removed and two 404 mappings are defined, one of which points to /errors/403.html. This will cause 404 responses to render the wrong error page and 403 responses to lose their current custom page, altering what end users see.

Additionally, ErrorCachingMinTTL is being changed from 0 to unset (null). With the explicit zero removed, CloudFront’s default error caching will apply, so 404 responses will be cached rather than bypassed. Users can continue seeing stale 404s for objects that appear shortly after first request, and origin S3 access patterns will change due to negative caching at the edge.

---

🟣 Expected Changes

+/- ecs-task-definition › facial-recognition-terraform-example

--- current
+++ proposed
@@ -2,17 +2,23 @@
 id: github.com/overmindtech/terraform-example.ecs-task-definition.module.scenarios[0].aws_ecs_task_definition.face
 attributes:
-  arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:9
-  arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example
-  container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20251117235257281600000001.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:1234"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234,"hostPort":1234,"protocol":"tcp"}],"systemControls":[],"volumesFrom":[]}]'
+  arn: (known after apply)
+  arn_without_revision: (known after apply)
+  container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20251117235257281600000001.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:8080"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234}],"volumesFrom":[]}]'
   cpu: "1024"
-  enable_fault_injection: false
+  enable_fault_injection: (known after apply)
+  execution_role_arn: null
   family: facial-recognition-terraform-example
-  id: facial-recognition-terraform-example
+  id: (known after apply)
+  ipc_mode: null
   memory: "2048"
   network_mode: awsvpc
+  pid_mode: null
   requires_compatibilities:
     - FARGATE
-  revision: 9
+  revision: (known after apply)
   skip_destroy: false
+  tags: null
+  tags_all: (known after apply)
+  task_role_arn: null
   terraform_address: module.scenarios[0].aws_ecs_task_definition.face
   terraform_name: module.scenarios[0].aws_ecs_task_definition.face

~ cloudfront-distribution › EX4HFUQMZ2ULI

--- current
+++ proposed
@@ -6,9 +6,9 @@
   comment: My awesome CloudFront
   custom_error_response:
-    - error_caching_min_ttl: 0
-      error_code: 403
-      response_code: 403
+    - error_caching_min_ttl: null
+      error_code: 404
+      response_code: 404
       response_page_path: /errors/403.html
-    - error_caching_min_ttl: 0
+    - error_caching_min_ttl: null
       error_code: 404
       response_code: 404

---

🟠 Unmapped Changes

~ aws_ecs_service › module.scenarios[0].aws_ecs_service.face

--- current
+++ proposed
@@ -38,5 +38,5 @@
   propagate_tags: NONE
   scheduling_strategy: REPLICA
-  task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:9
+  task_definition: (known after apply)
   terraform_address: module.scenarios[0].aws_ecs_service.face
   terraform_name: module.scenarios[0].aws_ecs_service.face

---

💥 Blast Radius

Items 19

Edges 84