bug(cloudformation): false positive for: ECS Cluster should enable container insights #7338
Description
Expected Behavior
KICS recognise "enhanced" as "enabled"
Actual Behavior
Kics report an info
{
"id": "be8f2aeb2e221eaa9dbbb2fd4c608a1a6d4df6bec5fc8112c8aff05d73c92ce5",
"category": "sast",
"name": "ECS Cluster with Container Insights Disabled",
"description": "ECS Cluster should enable container insights",
"cve": "kics_id:ab759fde-e1e8-4b0e-ad73-ba856e490ed8:26:0",
"severity": "Info",
"scanner": {
"id": "kics",
"name": "kics"
},
"location": {
"file": "src/infra.yaml",
"start_line": 26
},
"identifiers": [
{
"type": "kics_id",
"name": "ECS Cluster with Container Insights Disabled",
"value": "ab759fde-e1e8-4b0e-ad73-ba856e490ed8",
"url": "https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ecs-cluster.html#cfn-ecs-cluster-clustersettings"
}
]
}Steps to Reproduce the Problem
Example of cloudformation yaml
AWSTemplateFormatVersion: "2010-09-09"
Resources:
# ECS Resources
ECSCluster:
Type: AWS::ECS::Cluster
Properties:
ClusterName: mycluster
ClusterSettings:
- Name: containerInsights
Value: enhanced
Configuration:
ExecuteCommandConfiguration:
Logging: DEFAULT
ServiceConnectDefaults:
Namespace: ecsSpecifications
- Version: v2.1.3
- Platform: Gitlab