Amazon ECS CloudWatch Container Insights
CloudWatch Container Insights collects, aggregates, and summarizes metrics and logs from your containerized applications and microservices. The metrics include utilization for resources such as CPU, memory, disk, and network. The metrics are available in CloudWatch automatic dashboards. For a full list of Amazon ECS Container Insights metrics, see Amazon ECS Container Insights Metrics in the Amazon CloudWatch User Guide.
Operational data is collected as performance log events. These are entries that use a structured JSON schema that enables high-cardinality data to be ingested and stored at scale. From this data, CloudWatch creates higher-level aggregated metrics at the cluster, service, and task level as CloudWatch metrics. For more information, see Amazon ECS Container Insights metrics; in the Amazon CloudWatch User Guide.
Metrics collected by CloudWatch Container Insights are charged as custom metrics. For more
information about CloudWatch pricing, see CloudWatch Pricing
Container Insights considerations
The following should be considered when using CloudWatch Container Insights.
-
CloudWatch Container Insights metrics only reflect the resources with running tasks during the specified time range. For example, if you have a cluster with one service in it but that service has no tasks in a
RUNNING
state, there will be no metrics sent to CloudWatch. If you have two services and one of them has running tasks and the other doesn't, only the metrics for the service with running tasks will be sent. -
Network metrics are available for all tasks run on Fargate and tasks run on Amazon EC2 instances that use either the
bridge
orawsvpc
network modes.
Setting up CloudWatch Container Insights for cluster and service level metrics
Container Insights can be enabled for all new clusters created by opting in to the
containerInsights
account setting, on individual clusters by
enabling it using the cluster settings during cluster creation, or on existing
clusters by using the UpdateClusterSettings API.
Opting in to the containerInsights
account setting can be done with
both the Amazon ECS console and the AWS CLI. You must be running version
1.16.200
or later of the AWS CLI to use this feature. For more
information on creating Amazon ECS clusters, see Creating a cluster using the classic console.
For clusters containing tasks or services using the EC2 launch type, your container instances must be running version 1.29.0 or later of the Amazon ECS agent. For more information, see Amazon ECS Linux container agent versions.
To opt in all IAM users or roles on your account to Container Insights-enabled clusters using the console
-
As the root user of the account, open the Amazon ECS console at https://console.aws.amazon.com/ecs/
. -
In the navigation bar at the top of the screen, select the Region for which to opt in to Container Insights-enabled clusters.
-
From the dashboard, choose Account Settings.
-
For IAM user or role, ensure your root user or container instance IAM role is selected.
-
For Container Insights, select the check box. Choose Save once finished.
Important IAM users and IAM roles need the
ecs:PutAccountSetting
permission to perform this action. -
On the confirmation screen, choose Confirm to save the selection.
To opt in all IAM users or roles on your account to Container Insights-enabled clusters using the command line
Any user on an account can use one of the following commands to modify the default account setting for all IAM users or roles on your account. These changes apply to the entire AWS account unless an IAM user or role explicitly overrides these settings for themselves.
-
put-account-setting-default (AWS CLI)
aws ecs put-account-setting-default --name
containerInsights
--valueenabled
--regionus-east-1
-
Write-ECSAccountSettingDefault (AWS Tools for Windows PowerShell)
Write-ECSAccountSettingDefault -Name
containerInsights
-Valueenabled
-Regionus-east-1
-Force
To opt in an IAM user or container instance IAM role to Container Insights-enabled clusters as the root user using the command line
The root user on an account can use one of the following commands and specify the ARN of the principal IAM user or container instance IAM role in the request to modify the account settings.
-
put-account-setting (AWS CLI)
The following example is for modifying the account setting of a specific IAM user:
aws ecs put-account-setting --name
containerInsights
--valueenabled
--principal-arn arn:aws:iam::aws_account_id
:user/userName
--regionus-east-1
-
Write-ECSAccountSetting (AWS Tools for Windows PowerShell)
The following example is for modifying the account setting of a specific IAM user:
Write-ECSAccountSetting -Name
containerInsights
-Valueenabled
-PrincipalArn arn:aws:iam::aws_account_id
:user/userName
-Regionus-east-1
-Force
To update the settings for an existing cluster using the command line
Use one of the following commands to update the setting for a cluster.
-
update-cluster-settings (AWS CLI)
aws ecs update-cluster-settings --cluster
cluster_name_or_arn
--settings name=containerInsights,value=enabled|disabled
--regionus-east-1