Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(general): Handle ECS enhanced container insights #7001

Merged
merged 3 commits into from
Feb 13, 2025
Merged

fix(general): Handle ECS enhanced container insights #7001

merged 3 commits into from
Feb 13, 2025

Conversation

mikeurbanski1
Copy link
Contributor

@mikeurbanski1 mikeurbanski1 commented Feb 7, 2025
edited
Loading

User description

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

Description

  • Handle containerInsights = enhanced in the ECS container insights check
  • Update CDK policies to check both L1 and L2 resources correctly

Fixes #7000

New/Edited policies (Delete if not relevant)

CKV_AWS_65 - allow enhanced and enabled as the valid values, in all iterations (including CDK L1 and L2 resources)

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my feature, policy, or fix is effective and works
  • New and existing tests pass locally with my changes

Generated description

Below is a concise technical summary of the changes proposed in this PR:

Updates the ECS container insights check to handle the 'enhanced' setting in addition to 'enabled'. Modifies CDK policies to check both L1 and L2 resources correctly. Implements changes across multiple languages (Python, TypeScript) and frameworks (CDK, CloudFormation, Terraform). Updates test cases to cover new scenarios.

TopicDetails
ECS Insights Update Extends the ECS container insights check to support the 'enhanced' setting alongside 'enabled'
Modified files (5)
  • tests/cloudformation/checks/resource/aws/test_ECSClusterContainerInsights.py
  • tests/terraform/checks/resource/aws/test_ECSClusterContainerInsights.py
  • tests/cloudformation/checks/resource/aws/example_ECSClusterContainerInsights/ECSClusterContainerInsights-PASSED2.yaml
  • checkov/cloudformation/checks/resource/aws/ECSClusterContainerInsights.py
  • checkov/terraform/checks/resource/aws/ECSClusterContainerInsights.py
Latest Contributors(2)
UserCommitDate
gruebelchore-fix-flake8-issue...October 11, 2022
YaaraVernerAdd-evaluated_keys-to-...September 30, 2021
CDK Policy Update Updates CDK policies to correctly check both L1 and L2 resources for ECS container insights
Modified files (6)
  • cdk_integration_tests/src/python/ECSClusterContainerInsights/fail__1__.py
  • checkov/cdk/checks/python/ECSClusterContainerInsights.yaml
  • checkov/cdk/checks/typescript/ECSClusterContainerInsights.yaml
  • cdk_integration_tests/src/typescript/ECSClusterContainerInsights/pass.ts
  • cdk_integration_tests/src/typescript/ECSClusterContainerInsights/fail.ts
  • cdk_integration_tests/src/python/ECSClusterContainerInsights/pass.py
Latest Contributors(2)
UserCommitDate
[email protected]...feat-sast-CDK-TS-polic...April 10, 2024
achiar99feat-sast-Split-sast-a...December 21, 2023
This pull request is reviewed by Baz. Join @mikeurbanski1 and the rest of your team on (Baz).

@mikeurbanski1 mikeurbanski1 changed the title Handle ECS enhanced container insights fix(general): Handle ECS enhanced container insights Feb 7, 2025
@mikeurbanski1 mikeurbanski1 mentioned this pull request Feb 7, 2025
Closed
tsmithv11
tsmithv11 approved these changes Feb 7, 2025
View reviewed changes
Copy link
Collaborator

@tsmithv11 tsmithv11 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚀

kartikp10
kartikp10 approved these changes Feb 10, 2025
View reviewed changes
Copy link
Contributor

@kartikp10 kartikp10 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🍻

@mikeurbanski1 mikeurbanski1 merged commit b845af9 into main Feb 13, 2025
48 of 52 checks passed
@mikeurbanski1 mikeurbanski1 deleted the container-insights-observability branch February 13, 2025 15:31
Saarett pushed a commit that referenced this pull request Feb 13, 2025
@mikeurbanski1 @actions-user
fix(general): Handle ECS enhanced container insights (#7001)
1edcbc6 
* handle containerInsights = enhanced for TF and CFN

* handle python cdk

* add typescript cdk tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kartikp10 kartikp10 kartikp10 approved these changes

@tsmithv11 tsmithv11 tsmithv11 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@mikeurbanski1 @kartikp10 @tsmithv11