Enable Container Insights for ECS Clusters
Ensures ECS clusters are configured with Container Insights for advanced monitoring and performance analytics.
| Rule | ECS clusters should use Container Insights |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
ECS clusters should use Container Insights for AWS Foundational Security Best Practices to monitor, analyze, and troubleshoot the performance of containerized applications in Amazon ECS. Container Insights provides detailed insights into resource utilization, operational performance, and logs for containers running on ECS clusters.
Troubleshooting Steps:
If Container Insights is not enabled for an ECS cluster, follow the steps below for remediation:
- 1.
Check Container Insights Status: Run the following AWS CLI command to check if Container Insights is enabled for the ECS cluster:
aws ecs describe-container-instances --cluster <cluster-name> --container-instances <instance-id> - 2.
Enable Container Insights: If Container Insights is not enabled, use the AWS CLI to enable it for the ECS cluster:
aws ecs put-account-setting --name containerInsights --value enabled --region <region> - 3.
Verify Configuration: Validate that Container Insights is successfully enabled by checking the configuration details:
aws ecs describe-account-settings --name containerInsights --region <region> - 4.
Restart Container Instances: Restart the ECS container instances to apply the changes and start collecting metrics and logs:
aws ecs update-container-agent --cluster <cluster-name> --container-instance <instance-id> - 5.
Monitor Container Insights: Once enabled, monitor Container Insights metrics and logs through the AWS Management Console or CloudWatch.
Remediation Steps:
To enable Container Insights for an ECS cluster, follow the steps below:
- 1.
Enable Container Insights via AWS Management Console:
- Navigate to the Amazon ECS console.
- Select the target ECS cluster.
- Click on the "Configure" tab.
- Under "Container Insights," click "Edit."
- Toggle the switch to enable Container Insights.
- Save the configuration.
- 2.
Enable Container Insights via AWS CLI: Use the AWS CLI to enable Container Insights for the ECS cluster:
aws ecs put-account-setting --name containerInsights --value enabled --region <region> - 3.
Restart Container Instances: Restart the ECS container instances to apply the changes:
aws ecs update-container-agent --cluster <cluster-name> --container-instance <instance-id> - 4.
Monitor Container Insights: Utilize the Amazon CloudWatch console to monitor and analyze Container Insights metrics and logs for the ECS cluster.