ECS Cluster with Container Insights Disabled

  • Query id: abcefee4-a0c1-4245-9f82-a473f79a9e2f
  • Query name: ECS Cluster with Container Insights Disabled
  • Platform: Pulumi
  • Severity: Low
  • Category: Observability
  • CWE: 778
  • URL: Github

Description

ECS Cluster should enable container insights
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  foo:
    type: aws:ecs:Cluster
    properties:
      settings:
        - name: containerInsights
          value: disabled
Positive test num. 2 - yaml file
name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  foo:
    type: aws:ecs:Cluster
    properties:
      settings: []
Positive test num. 3 - yaml file
name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  foo:
    type: aws:ecs:Cluster
    properties:
      description: example

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
name: aws-eks
runtime: yaml
description: An EKS cluster
resources:
  foo:
    type: aws:ecs:Cluster
    properties:
      settings:
        - name: containerInsights
          value: enabled