Only check latest version of task definition

checks/check_extra768

@@ -23,10 +23,13 @@ extra768(){
     # this folder is deleted once this check is finished
     mkdir $SECRETS_TEMP_FOLDER
   fi
-
+  DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
   textInfo "Looking for secrets in ECS task definitions' environment variables across all regions... "
   for regx in $REGIONS; do
-    LIST_OF_TASK_DEFINITIONS=$($AWSCLI ecs list-task-definitions $PROFILE_OPT --region $regx --query taskDefinitionArns[*] --output text)
+    # Get a list of ALL Task Definitions:
+    $AWSCLI ecs list-task-definitions $PROFILE_OPT --region $regx | jq -r .taskDefinitionArns[] > ALL_TASK_DEFINITIONS.txt
+    # Filter it down to ONLY the latest version of that task definition:
+    LIST_OF_TASK_DEFINITIONS=$(python ${DIR}/get_latest_ecs_task_definition_version.py -f ALL_TASK_DEFINITIONS.txt)
     if [[ $LIST_OF_TASK_DEFINITIONS ]]; then
       for taskDefinition in $LIST_OF_TASK_DEFINITIONS;do
         IFS='/' read -r -a splitArn <<< "$taskDefinition"

checks/get_latest_ecs_task_definition_version.py

@@ -0,0 +1,23 @@
+import argparse
+
+def parseArgs():
+    parser = argparse.ArgumentParser(formatter_class=argparse.ArgumentDefaultsHelpFormatter)
+    parser.add_argument('-f', help='file containing list of ecs task definitions', required=True)
+    args = parser.parse_args()
+    return args
+
+
+if __name__ == '__main__':
+    args = parseArgs()
+    family = {}
+    with open(args.f, 'r') as fd:
+        for line in fd:
+            l = line.strip()
+            family_name = l[:l.rfind(':')]
+            version_int = int(l[l.rfind(':') + 1:])
+            if family_name not in family:
+                family[family_name] = version_int
+            if family[family_name] < version_int:
+                family[family_name] = version_int
+    for family, version in family.items():
+        print('{}:{}'.format(family, version))