Update health check command port from 1234 to 8080

[dylanratcliffe]

No description provided.

[env0]

🚀  env0 had composed a PR Plan for environment Terraform Example / production :

Plan: 1 to add, 2 to change, 1 to destroy.

Plan Details

! update in-place
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # module.scenarios[0].aws_ecs_service.face will be updated in-place
!   resource "aws_ecs_service" "face" {
        id                                 = "arn:aws:ecs:eu-west-2:540044833068:service/example-terraform-example/facial-recognition"
        name                               = "facial-recognition"
        tags                               = {}
!       task_definition                    = "arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:9" -> (known after apply)
        # (15 unchanged attributes hidden)

        # (5 unchanged blocks hidden)
    }

  # module.scenarios[0].aws_ecs_task_definition.face must be replaced
-/+ resource "aws_ecs_task_definition" "face" {
!       arn                      = "arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:9" -> (known after apply)
!       arn_without_revision     = "arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example" -> (known after apply)
!       container_definitions    = jsonencode(
!           [
!               {
!                   healthCheck    = {
!                       command  = [
                            "CMD-SHELL",
-                           "wget -q --spider localhost:1234",
+                           "wget -q --spider localhost:8080",
                        ]
                        # (3 unchanged attributes hidden)
                    }
                    name           = "facial-recognition"
!                   portMappings   = [
!                       {
-                           hostPort      = 1234
-                           protocol      = "tcp"
                            # (2 unchanged attributes hidden)
                        },
                    ]
-                   systemControls = []
                    # (7 unchanged attributes hidden)
                },
            ] # forces replacement
        )
!       enable_fault_injection   = false -> (known after apply)
!       id                       = "facial-recognition-terraform-example" -> (known after apply)
!       revision                 = 9 -> (known after apply)
-       tags                     = {} -> null
!       tags_all                 = {} -> (known after apply)
        # (7 unchanged attributes hidden)
    }

  # module.scenarios[0].aws_rds_cluster.face_database will be updated in-place
!   resource "aws_rds_cluster" "face_database" {
        id                                    = "facial-recognition-terraform-example"
        tags                                  = {}
        # (46 unchanged attributes hidden)

        # (1 unchanged block hidden)
    }

Plan: 1 to add, 2 to change, 1 to destroy.

Failed to calculate cost estimation

Full PR Plan logs on env0

Get instant insights with AI Summary

[github-actions]

Open in Overmind ↗

---

model|risks_v6

🔴 Change Signals

Routine 🔴 ▇▅▃▂▁ ECS task definitions showing first ever modifications across multiple attributes, which is unusual compared to typical patterns.
Policies 🔴 ▃▂▁ Multiple S3 buckets and security groups are showing unusual policy violations, including missing server-side encryption and required tags, and allowing SSH access from anywhere, which is a security risk.

View signals ↗

---

🔥 Risks

Health check changed to 8080 while service and ALB remain on 1234 will cause ECS task failures and ALB target flapping ‼️High Open Risk ↗
The facial-recognition-terraform-example task definition will change its container health check to probe localhost:8080 while the container continues to expose containerPort 1234 and the ALB target group routes to targets on port 1234. Current targets like 10.0.2.147:1234 are healthy, and the running Fargate task is marked HEALTHY with the 1234 mapping.

After deployment, ECS will probe 8080 inside the container where nothing is listening. Containers will repeatedly fail health checks and be restarted, causing deregistration from the ALB target group on port 1234 and target instability. This will result in failed deployments or churned tasks and intermittent or total loss of service behind the load balancer, despite the ALB still expecting port 1234.

---

🟣 Expected Changes

+/- ecs-task-definition › facial-recognition-terraform-example

--- current
+++ proposed
@@ -2,17 +2,23 @@
 id: github.com/overmindtech/terraform-example.ecs-task-definition.module.scenarios[0].aws_ecs_task_definition.face
 attributes:
-  arn: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:9
-  arn_without_revision: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example
-  container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20251117235257281600000001.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:1234"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234,"hostPort":1234,"protocol":"tcp"}],"systemControls":[],"volumesFrom":[]}]'
+  arn: (known after apply)
+  arn_without_revision: (known after apply)
+  container_definitions: '[{"cpu":1024,"environment":[{"name":"DATABASE_URL","value":"tf-20251117235257281600000001.cnx7xf6hwmba.eu-west-2.rds.amazonaws.com"}],"essential":true,"healthCheck":{"command":["CMD-SHELL","wget -q --spider localhost:8080"],"interval":30,"retries":3,"timeout":5},"image":"harshmanvar/face-detection-tensorjs:slim-amd","memory":2048,"mountPoints":[],"name":"facial-recognition","portMappings":[{"appProtocol":"http","containerPort":1234}],"volumesFrom":[]}]'
   cpu: "1024"
-  enable_fault_injection: false
+  enable_fault_injection: (known after apply)
+  execution_role_arn: null
   family: facial-recognition-terraform-example
-  id: facial-recognition-terraform-example
+  id: (known after apply)
+  ipc_mode: null
   memory: "2048"
   network_mode: awsvpc
+  pid_mode: null
   requires_compatibilities:
     - FARGATE
-  revision: 9
+  revision: (known after apply)
   skip_destroy: false
+  tags: null
+  tags_all: (known after apply)
+  task_role_arn: null
   terraform_address: module.scenarios[0].aws_ecs_task_definition.face
   terraform_name: module.scenarios[0].aws_ecs_task_definition.face

---

🟠 Unmapped Changes

~ aws_ecs_service › module.scenarios[0].aws_ecs_service.face

--- current
+++ proposed
@@ -38,5 +38,5 @@
   propagate_tags: NONE
   scheduling_strategy: REPLICA
-  task_definition: arn:aws:ecs:eu-west-2:540044833068:task-definition/facial-recognition-terraform-example:9
+  task_definition: (known after apply)
   terraform_address: module.scenarios[0].aws_ecs_service.face
   terraform_name: module.scenarios[0].aws_ecs_service.face

---

💥 Blast Radius

Items 19

Edges 94

[github-actions]

⛔ Auto-Blocked

---

🔴 Decision

Auto-blocked: Routine score (-5) is below minimum (-1)

---

📊 Signals Summary

Routine 🔴 -5

---

🔥 Risks Summary

High 0 · Medium 1 · Low 0

---

💥 Blast Radius

Items 5 · Edges 5

---

View full analysis in Overmind ↗

[github-actions]

⛔ Auto-Blocked

---

🔴 Decision

Found 1 high risk requiring review

---

📊 Signals Summary

Routine 🔴 -5

Policies 🔴 -3

---

🔥 Risks Summary

High 1 · Medium 0 · Low 0

---

💥 Blast Radius

Items 19 · Edges 94

---

View full analysis in Overmind ↗