Best practice rules for Amazon Elastic Container Service (ECS)
Trend Micro Cloud One™ – Conformity monitors Amazon Elastic Container Service (ECS) with the following rules:
- Amazon ECS Task Log Driver in Use
Ensure that a log driver has been defined for each active Amazon ECS task definition.
- Check for Amazon ECS Service Placement Strategy
Ensure that your Amazon ECS cluster services are using optimal placement strategies.
- Check for ECS Container Instance Agent Version
Ensure that your Amazon ECS instances are using the latest ECS container agent version.
- Check for Fargate Platform Version
Ensure that your Amazon ECS cluster services are using the latest Fargate platform version.
- Enable CloudWatch Container Insights
Ensure that CloudWatch Container Insights feature is enabled for your AWS ECS clusters.
- Monitor Amazon ECS Configuration Changes
Amazon Elastic Container Service (ECS) configuration changes have been detected in your AWS account.