ECS Cluster with Container Insights Disabled

Query id: ab759fde-e1e8-4b0e-ad73-ba856e490ed8
Query name: ECS Cluster with Container Insights Disabled
Platform: CloudFormation
Severity: Low
Category: Observability
CWE: 778
URL: Github

Description¶

ECS Cluster should enable container insights
Documentation

Code samples¶

Code samples with security vulnerabilities¶

Positive test num. 1 - yaml file

Positive test num. 2 - json file

Positive test num. 3 - json file

/span>

Resources: ECSCluster: Type: 'AWS::ECS::Cluster' class="w">    Properties: ClusterName: MyCluster Tags: - Key: environment Value: production /span>{ "Resources": { "ECSCluster": { "Type": "AWS::ECS::Cluster", "Properties": { "ClusterName": "MyCluster", class="w">        "ClusterSettings": [], "Tags": [ { "Key": "environment", "Value": "production" } ] } } } } /span>{ "Resources": { "ECSCluster": { "Type": "AWS::ECS::Cluster", "Properties": { "ClusterName": "MyCluster", class="w">        "ClusterSettings": [ { "Name": "containerInsights", "Value": "disabled" } ], "Tags": [ { "Key": "environment", "Value": "production" } ] } } } }
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml fileResources:
  ECSCluster:
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: MyCluster
      ClusterSettings:
        - Name: containerInsights
          Value: enabled
      Tags:
        - Key: environment
          Value: production

Negative test num. 2 - json file{
  "Resources": {
    "ECSCluster": {
      "Type": "AWS::ECS::Cluster",
      "Properties": {
        "ClusterName": "MyCluster",
        "ClusterSettings": [
          {
              "Name": "containerInsights",
              "Value": "enabled"
          }
        ],
        "Tags": [
          {
              "Key": "environment",
              "Value": "production"
          }
        ]
      }
    }
  }
}