I am using cloud custodian policy to filter AWS ECS resources with Container Insights enabled. I have run the policy without filters, but I am unable to see the containerInsights field in the resources.json file
policies:
- name: my-policy
resource: aws.ecs
I tried to investigate this by running aws cli command aws ecs describe-clusters --cluster my-cluster, but output json of this shows "settings": []. However there is a flag --include SETTINGS which needs to be passed in order for the settings to show. So now when I run the command aws ecs describe-clusters --include SETTINGS --cluster my-cluster, it shows the containerInsights field
{
"clusters": [
{
"clusterName": "my-cluster",
"status": "ACTIVE",
...
"settings": [
{
"name": "containerInsights",
"value": "enabled"
}
],
...
}
],
"failures": []
}
I want to include this filter in my cloud custodian policy but somehow I am unable to get the hidden settings field, I have tried the following in my policy but it hasn't worked out yet and gives count: 0, I have clusters with container insights enabled and disabled as well.
policies:
- name: my-policy
resource: aws.ecs
filters:
# - "settings.name.containerInsights": enabled
- type: value
key: "settings[].name.containerInsights"
op: eq
value: enabled
I think your value filter JMESPath should be similar to the below:
I would experiment personally and it is usually a combination of community docs and AWS API references that gets me to the bottom of it in general.
Also if you enable
--verboseon run, you could get valuable details to, if any.