LOW
Source
Trivy
ID
AVD-AWS-0034

ECS clusters should have container insights enabled

Cloudwatch Container Insights provide more metrics and logs for container based applications and micro services.

Impact

Not all metrics and logs may be gathered for containers when Container Insights isn’t enabled

Follow the appropriate remediation steps below to resolve the issue.

Enable Container Insights

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
---
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
Resources:
  GoodExample:
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: MyCluster
      ClusterSettings:
        - Name: containerInsights
          Value: enabled

Enable Container Insights

1
2
3
4
5
6
7
8
resource "aws_ecs_cluster" "good_example" {
  name = "services-cluster"
  
  setting {
    name  = "containerInsights"
    value = "enabled"
  }
}