ECS Container Insights Should Be Enabled

​

More Info:

Ensure ECS container insights are enabled

​

Risk Level

Low

​

Address

Security, Reliability

​

Compliance Standards

CBP,GDPR,HIPAA,ISO27001

​

Remediation

​

Using Console

To remediate the misconfiguration of ECS Container Insights not being enabled for AWS EKS using the AWS console, follow these steps:

1. Sign in to the AWS Management Console: Go to https://aws.amazon.com/ and sign in to your AWS account.

2. Navigate to Amazon EKS Console: Go to the Amazon EKS console by searching for “EKS” in the AWS Management Console search bar and selecting Amazon EKS.

3. Select your EKS Cluster: From the list of EKS clusters, select the cluster for which you want to enable ECS Container Insights.

4. Click on Add-ons: In the cluster details page, click on the “Add-ons” tab.

5. Enable Container Insights: Under the “Add-ons” tab, you will see a list of available add-ons. Look for “Container Insights” and click on the “Enable” button next to it.

6. Configure Container Insights: Follow the on-screen instructions to configure ECS Container Insights for your EKS cluster. You may need to specify the log group and other configurations as required.

7. Verify Configuration: Once the configuration is complete, verify that ECS Container Insights is enabled for your EKS cluster by checking the status in the console.

By following these steps, you should be able to remediate the misconfiguration of ECS Container Insights not being enabled for your AWS EKS cluster using the AWS console.

​

Using CLI

To enable ECS Container Insights for AWS EKS clusters using AWS CLI, follow these steps:

1. Install and configure AWS CLI: Make sure you have AWS CLI installed and configured with appropriate credentials that have permissions to modify EKS clusters.

2. Enable Container Insights: Run the following AWS CLI command to enable Container Insights for your EKS cluster:

aws eks update-cluster-config --name YOUR_CLUSTER_NAME --logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":false},{"types":["*"],"enabled":true}]}'

Replace YOUR_CLUSTER_NAME with the name of your EKS cluster.

3. Verify Container Insights: To verify that Container Insights is enabled, you can run the following command:

aws eks describe-cluster --name YOUR_CLUSTER_NAME --query "cluster.logging"

Make sure that the output shows Container Insights enabled for the cluster.

4. Monitor Container Insights: Once Container Insights is enabled, you can monitor your EKS cluster using Amazon CloudWatch Container Insights.

By following these steps, you can successfully enable ECS Container Insights for your AWS EKS cluster using AWS CLI.

​

Using Python

To remediate the misconfiguration of ECS Container Insights not being enabled for AWS Kubernetes using Python, follow these steps:

1. Install the AWS SDK for Python (Boto3) if you haven’t already. You can install it using pip:

   pip install boto3
   

2. Create a Python script with the following code to enable ECS Container Insights for your AWS EKS cluster:

import boto3

def enable_ecs_container_insights(cluster_name):
    client = boto3.client('eks')

    # Describe the cluster to get the ARN
    response = client.describe_cluster(name=cluster_name)
    cluster_arn = response['cluster']['arn']

    # Enable Container Insights for the cluster
    response = client.update_cluster_config(
        name=cluster_name,
        logging={
            'clusterLogging': [
                {
                    'types': ['api', 'audit', 'authenticator', 'controllerManager', 'scheduler'],
                    'enabled': True
                },
                {
                    'types': ['fluentd', 'kubelet'],
                    'enabled': True
                }
            ]
        }
    )

    print(f"ECS Container Insights enabled for cluster: {cluster_name}")

# Replace 'your_cluster_name' with the name of your AWS EKS cluster
enable_ecs_container_insights('your_cluster_name')

3. Replace 'your_cluster_name' in the script with the name of your AWS EKS cluster.

4. Run the Python script using the command:

   python enable_ecs_container_insights.py
   

5. The script will enable ECS Container Insights for your AWS EKS cluster, and you should see the message “ECS Container Insights enabled for cluster: your_cluster_name” upon successful completion.

By following these steps, you can remediate the misconfiguration of ECS Container Insights not being enabled for AWS Kubernetes using Python.