ECS clusters should have container insights enabled

Explanation

Cloudwatch Container Insights provide more metrics and logs for container based applications and micro services.

Possible Impact

Not all metrics and logs may be gathered for containers when Container Insights isn’t enabled

Suggested Resolution

Enable Container Insights

Insecure Example

The following example will fail the AVD-AWS-0034 check.

---
Resources:
  BadExample:
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: MyCluster

Secure Example

The following example will pass the AVD-AWS-0034 check.

---
Resources:
  GoodExample:
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: MyCluster
      ClusterSettings:
        - Name: containerInsights
          Value: enabled


Getting Started
Services