PlatformResourcesSign inSign Up

Ensure AWS ECS Cluster enables logging of ECS Exec

Error: AWS ECS Cluster does not enable logging of ECS Exec

Bridgecrew Policy ID: BC_AWS_GENERAL_171
Checkov Check ID: CKV_AWS_223
Severity: LOW

Suggest Edits

AWS ECS Cluster does not enable logging of ECS Exec

Description

It is recommended to have a proper logging process for AWS ECS Cluster in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.

Fix - Runtime

Fix - Buildtime

Terraform

resource "aws_ecs_cluster" "pass2" {
  name = "white-hart"
  configuration {
    execute_command_configuration {
      # kms_key_id = aws_kms_key.example.arn
      logging = "DEFAULT"

      log_configuration {
        # cloud_watch_encryption_enabled = true
        # cloud_watch_log_group_name     = aws_cloudwatch_log_group.example.name

        # or
        # s3_bucket_name=   and
        # s3_bucket_encryption_enabled =true
      }
    }
  }
  tags = { test = "fail" }
}

Updated 9 months ago