ECS container HTTP modify body

Last updated on Jun 5, 2026

ECS container HTTP modify body is an AWS chaos fault that replaces the HTTP response body of every request served on TARGET_SERVICE_PORT inside a percentage of running ECS tasks (EC2 launch type) with the value of RESPONSE_BODY for a configurable duration. The fault interposes a transparent HTTP proxy on the container instance, scoped to the target container via ECS container metadata and dispatched via AWS Systems Manager Run Command. The status code is preserved; only the body is rewritten.

Use this fault to test how HTTP clients behave when they receive a syntactically or semantically wrong body (corrupt JSON, missing fields, unexpected content type): whether deserialization fails cleanly, whether contract tests catch the discrepancy, and whether downstream consumers degrade gracefully.

Run your first experiment

If you have not configured the chaos infrastructure yet, go to Quickstart to install the chaos infrastructure and run an experiment end to end.

Use cases

Run this fault when you want to answer concrete questions like:

Deserialization safety: When the body is malformed, does the client return a clear error to its caller, or does it crash on a parse exception?
Schema contract tests: Do contract or schema-validation gates in your CI detect the same break?
Downstream consumer behaviour: Does the modified body break a downstream consumer that assumes specific fields, and is the failure surfaced via logs and metrics?
Cache poisoning risk: Do downstream caches store the chaos body, and is that risk understood?
Recovery time: When the chaos ends, do clients clear stale state and recover within SLO?

Prerequisites

Kubernetes version: 1.21 or later for the chaos infrastructure cluster. Go to What's supported to confirm distribution support.
Target ECS service or cluster: CLUSTER_NAME exists in REGION and uses the EC2 launch type.
Container instances are SSM-managed.
ECS container metadata enabled.
AWS credentials available: Either an AWS credentials file uploaded as a File Secret in Harness Secret Manager (see Authentication below) or an IAM role for service accounts (IRSA) bound to the chaos infrastructure service account.
IAM permissions granted: The credentials or role include the permissions listed below.

Supported environments

Platform	Support status
Amazon ECS on EC2 launch type	Supported
Amazon ECS on Fargate launch type	Not supported
HTTP/1.1 and HTTP/2 traffic on `TARGET_SERVICE_PORT`	Supported
HTTPS terminated inside the container	Not supported
Linux container instances	Supported
Windows container instances	Not supported
AWS regions	Supported in every commercial region; pass the region in `REGION`

Permissions required

The IAM principal that the chaos pod uses (the credentials mounted from the Harness Secret Manager file secret, the IRSA role on the chaos service account, or the role assumed via ASSUME_ROLE_ARN) needs the following AWS actions.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ecs:DescribeClusters",
        "ecs:DescribeServices",
        "ecs:DescribeTasks",
        "ecs:ListTasks",
        "ecs:ListContainerInstances",
        "ecs:DescribeContainerInstances"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ssm:SendCommand",
        "ssm:CancelCommand",
        "ssm:GetCommandInvocation",
        "ssm:DescribeInstanceInformation"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances",
        "ec2messages:AcknowledgeMessage",
        "ec2messages:DeleteMessage",
        "ec2messages:FailMessage",
        "ec2messages:GetEndpoint",
        "ec2messages:GetMessages",
        "ec2messages:SendReply"
      ],
      "Resource": "*"
    }
  ]
}

Go to common policy for all AWS faults to use a single superset IAM policy across every AWS fault.

Authentication

The fault supports three credential delivery models. Pick one based on how your chaos infrastructure is deployed.

Method	When to use it	How to configure
Harness Secret Manager file secret	Chaos infrastructure runs outside EKS, or you want explicit static credentials	Upload the AWS credentials file as a File Secret in Harness Secret Manager and reference its identifier via `AWS_AUTHENTICATION_SECRET`
IAM Roles for Service Accounts (IRSA)	Chaos infrastructure runs in EKS and uses an OIDC-bound service account	No tunable changes; the chaos pod inherits the role automatically. Go to AWS IAM integration to set it up
Assume role	The fault needs to act in a different account or with elevated permissions	Set `ASSUME_ROLE_ARN` to the role ARN; the chaos pod assumes the role on top of its base credentials

When using the Harness Secret Manager method, the contents of the File Secret should be the AWS credentials file in the standard ~/.aws/credentials format:

[default]
aws_access_key_id = REPLACE_WITH_ACCESS_KEY_ID
aws_secret_access_key = REPLACE_WITH_SECRET_ACCESS_KEY

Upload this file as a File Secret in Harness Secret Manager (Project Setup → Secrets → New File Secret), and pass the secret identifier in AWS_AUTHENTICATION_SECRET when configuring the fault.

Go to AWS named profile for chaos to switch between profiles inside a single credentials file.

Fault tunables

Configure the following fault parameters when you add ECS container HTTP modify body to an experiment in Chaos Studio. Defaults are shown for reference.

Required parameters

Tunable	Description	Default
`CLUSTER_NAME`	Name of the target ECS cluster.	(required)
`REGION`	AWS region that hosts the ECS cluster (for example `us-east-1`).	(required)

Targeting parameters

Tunable	Description	Default
`SERVICE_NAME`	Name of the target ECS service. When set, the fault selects `TASK_REPLICA_AFFECTED_PERC` of the service's running tasks.	`""`
`TASK_REPLICA_ID`	ID of a specific task replica to target.	`""`
`TASK_REPLICA_AFFECTED_PERC`	Percentage of running tasks to affect when `SERVICE_NAME` is set.	`100`

Chaos parameters

Tunable	Description	Default
`RESPONSE_BODY`	String the proxy returns as the HTTP response body for every intercepted request.	`This is a modified response body by chaos`
`TARGET_SERVICE_PORT`	TCP port the affected container serves on.	`80`
`PROXY_PORT`	Port the chaos proxy listens on inside the container.	`20000`
`NETWORK_INTERFACE`	Network interface inside the container on which to install the redirect rules. `auto` discovers the primary interface.	`auto`
`TOTAL_CHAOS_DURATION`	Duration of the fault in seconds.	`60`
`INSTALL_DEPENDENCIES`	Install the proxy and networking tooling on each container instance if missing.	`true`
`SEQUENCE`	Order in which multiple tasks are affected: `parallel` installs the proxy on all selected tasks at once; `serial` does so one at a time.	`parallel`
`RAMP_TIME`	Wait period in seconds before and after the fault. Go to ramp time to read how it is applied.	`0`

Authentication

Tunable	Description	Default
`ASSUME_ROLE_ARN`	ARN of an IAM role to assume on top of the base credentials. Leave empty to use the base credentials directly.	`""`
`AWS_AUTHENTICATION_SECRET`	Identifier of the File Secret in Harness Secret Manager that contains the AWS credentials file. Not required when using IRSA.	`""`

Tunables that apply to every fault are documented in common tunables for all faults. AWS-specific shared tunables are documented in common AWS fault tunables.

Fault execution in brief

Resolves the running tasks for SERVICE_NAME (or the explicit TASK_REPLICA_ID), picks TASK_REPLICA_AFFECTED_PERC of them, and dispatches a transparent HTTP proxy via AWS Systems Manager Run Command into the affected container. New HTTP requests on TARGET_SERVICE_PORT are redirected through the proxy on PROXY_PORT, the proxy forwards the request to the application, then replaces the response body with RESPONSE_BODY (preserving status code and content length recalculation) before returning to the client. After TOTAL_CHAOS_DURATION seconds the proxy is stopped and the redirect rules are removed.

Expected behavior during fault execution

HTTP clients of the affected containers receive responses with the original status code and headers, but the body is replaced by RESPONSE_BODY.
Clients that expect a specific schema (JSON, XML, Protobuf) likely fail deserialization and surface errors to their callers.
Downstream caches that key on URL may cache the chaos body until they expire.
Application logs on the server side are unaffected; the chaos is invisible from inside the application.

When the fault ends

The chaos pod stops the proxy and removes the redirect rules. New requests get the real body again. Downstream caches keep the chaos body until they expire or are invalidated.

Signals to watch

Attach resilience probes to assert each layer:

Response body assertion: Use an HTTP probe and assert the body matches the expected schema; the probe should fail during the chaos window and pass afterwards.
Client deserialization errors: Use a Prometheus probe on client-side parse-error counters.
Downstream error rate: Use a Prometheus probe on application-level error counters to confirm the chaos surfaces as visible errors.

Verify the fault execution effect

While the experiment is running, confirm the modified body is returned:

Curl the endpoint.
```
curl -i http://<service-endpoint>:<port>/some-endpoint
```
The body should match RESPONSE_BODY during the chaos window; the status code is unchanged.

Inspect the redirect rules on the host (via SSM).

aws ssm send-command \
  --region <region> \
  --document-name AWS-RunShellScript \
  --instance-ids <container-instance-id> \
  --parameters 'commands=["iptables -t nat -L PREROUTING -n"]'

Inspect SSM command status.

aws ssm list-command-invocations --region <region> --details --filters "key=Status,value=InProgress"

Recovery and cleanup

End of duration: The chaos pod stops the proxy and removes the redirect rules on each host.
Abort the experiment: Stopping the experiment from Chaos Studio cancels the SSM command and removes the proxy.
Manual recovery: If the fault exits before cleanup, remove the redirect rules and kill the proxy process via SSM.
Workload recovery: Downstream caches that stored the chaos body may need to be flushed explicitly.

Limitations

EC2 launch type only.
Container metadata must be enabled.
SSM-managed hosts only.
Linux-only.
HTTPS terminated inside the container is not supported.
One port per experiment: The proxy intercepts only TARGET_SERVICE_PORT.
Cross-region targeting: A single experiment targets one region (the value of REGION).
Downstream cache pollution: Caches that key on URL may cache the chaos body for their TTL; account for this when planning the experiment.

Troubleshooting

ECS container HTTP modify body fails with AccessDeniedException in Harness Chaos Engineering

The credentials supplied to the chaos pod do not have the required ECS or SSM permissions. Confirm the IAM policy attached to the user, role, or IRSA service account includes ecs:DescribeServices, ecs:DescribeTasks, ssm:SendCommand, and ssm:GetCommandInvocation.

Body modification not observed by client

The most common causes are: the client connects on a port other than TARGET_SERVICE_PORT (set the correct port); the client speaks HTTPS to the container and the proxy cannot decrypt; the request bypassed the affected tasks because the load balancer routed elsewhere; or the proxy could not install the iptables redirect rule (check NETWORK_INTERFACE). Inspect the chaos pod logs for proxy startup errors.

Downstream cache returned the chaos body after the experiment

CDNs and reverse proxies cache responses keyed on URL. Even after the experiment ends, the chaos body remains cached until the cache entry expires. Flush the affected cache entries explicitly, or design the experiment to use cache-busting query parameters.

Redirect rules remain after the chaos window

If the cleanup SSM command failed, the iptables PREROUTING redirect rules may persist on the container instance. Send an SSM AWS-RunShellScript command to the affected container instance that flushes the iptables NAT PREROUTING chain. Be cautious if the host has other iptables rules in PREROUTING. The exact command is recorded in the chaos pod logs.

ECS container HTTP latency: Delay the response instead of modifying the body.
ECS container HTTP status code: Return a chaos status code instead of modifying the body.
ECS container HTTP reset peer: Reset the connection instead of returning a chaos body.
Common AWS fault tunables: Shared environment variables for AWS faults.

Use cases​

Prerequisites​

Supported environments​

Permissions required​

Authentication​

Fault tunables​

Fault execution in brief​

Expected behavior during fault execution​

Signals to watch​

Verify the fault execution effect​

Recovery and cleanup​

Limitations​

Troubleshooting​

Related faults​