Amazon ECS allows you to run and maintain a specified number of instances of a task definition simultaneously in an Amazon ECS cluster. This is called a service. If any of your tasks should fail or stop for any reason, the Amazon ECS service scheduler launches another instance of your task definition to replace it and maintain the desired count of tasks in the service depending on the scheduling strategy used.

In addition to maintaining the desired count of tasks in your service, you can optionally run your service behind a load balancer. The load balancer distributes traffic across the tasks that are associated with the service.

Below are a few queries that you could to analyze your ECS service in your infrastructure:

GSL Queries

Making sure that at least one LB is attached to the service

EcsService should have loadBalancers length()>0

2. Make sure that there is at least one task in the deployment in RUNNING status

EcsService should have deployments contain [runningCount>0]

3. Role related queries, i.e. making sure no inline policies are attached to the service

EcsService should not have role.inlinePolicies

For more information, check out the Amazon ECS documentation and Dome9 Helpcenter