---
title: ECS cluster with Container Insights disabled
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > ECS cluster with Container Insights disabled
---

# ECS cluster with Container Insights disabled

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ({% placeholder "user-datadog-site-name" /%}).
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `cloudformation-aws-ecs-cluster-container-insights-disabled` 

**Provider:** AWS

**Platform:** CloudFormation

**Severity:** Low

**Category:** Observability

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-clustersettings)

### Description{% #description %}

Amazon ECS clusters should have Container Insights enabled to collect container-level metrics and logs for monitoring, performance troubleshooting, and security visibility.

The `ClusterSettings` property in `AWS::ECS::Cluster` resources must include a `ClusterSetting` with `Name` set to `containerInsights` and `Value` set to `enabled`. Resources missing `ClusterSettings` or without an entry setting `containerInsights` to `enabled` will be flagged.

Secure configuration example:

```yaml
MyCluster:
  Type: AWS::ECS::Cluster
  Properties:
    ClusterSettings:
      - Name: containerInsights
        Value: enabled
```

## Compliant Code Examples{% #compliant-code-examples %}

```yaml
Resources:
  ECSCluster:
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: MyCluster
      ClusterSettings:
        - Name: containerInsights
          Value: enabled
      Tags:
        - Key: environment
          Value: production
```

```json
{
  "Resources": {
    "ECSCluster": {
      "Type": "AWS::ECS::Cluster",
      "Properties": {
        "ClusterName": "MyCluster",
        "ClusterSettings": [
          {
              "Name": "containerInsights",
              "Value": "enabled"
          }
        ],
        "Tags": [
          {
              "Key": "environment",
              "Value": "production"
          }
        ]
      }
    }
  }
}
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```yaml
Resources:
  ECSCluster:
    Type: 'AWS::ECS::Cluster'
    Properties:
      ClusterName: MyCluster
      Tags:
        - Key: environment
          Value: production
```

```json
{
  "Resources": {
    "ECSCluster": {
      "Type": "AWS::ECS::Cluster",
      "Properties": {
        "ClusterName": "MyCluster",
        "ClusterSettings": [],
        "Tags": [
          {
              "Key": "environment",
              "Value": "production"
          }
        ]
      }
    }
  }
}
```

```json
{
  "Resources": {
    "ECSCluster": {
      "Type": "AWS::ECS::Cluster",
      "Properties": {
        "ClusterName": "MyCluster",
        "ClusterSettings": [
          {
              "Name": "containerInsights",
              "Value": "disabled"
          }
        ],
        "Tags": [
          {
              "Key": "environment",
              "Value": "production"
          }
        ]
      }
    }
  }
}
```