Ensure AWS ECS Cluster enables logging of ECS Exec
Error: AWS ECS Cluster does not enable logging of ECS Exec
Bridgecrew Policy ID: BC_AWS_GENERAL_171
Checkov Check ID: CKV_AWS_223
Severity: LOW
AWS ECS Cluster does not enable logging of ECS Exec
Description
It is recommended to have a proper logging process for AWS ECS Cluster in order to track configuration changes conducted manually and programmatically and trace back unapproved changes.
Fix - Runtime
Fix - Buildtime
Terraform
resource "aws_ecs_cluster" "pass2" {
name = "white-hart"
configuration {
execute_command_configuration {
# kms_key_id = aws_kms_key.example.arn
logging = "DEFAULT"
log_configuration {
# cloud_watch_encryption_enabled = true
# cloud_watch_log_group_name = aws_cloudwatch_log_group.example.name
# or
# s3_bucket_name= and
# s3_bucket_encryption_enabled =true
}
}
}
tags = { test = "fail" }
}
Updated 9 months ago