Amazon ECS CloudWatch Container Insights
CloudWatch Container Insights collects, aggregates, and summarizes metrics and logs from your containerized applications and microservices. The metrics include utilization for resources such as CPU, memory, disk, and network. The metrics are available in CloudWatch automatic dashboards. For a full list of Amazon ECS Container Insights metrics, see Amazon ECS Container Insights Metrics in the Amazon CloudWatch User Guide.
Operational data is collected as performance log events. These are entries that use a structured JSON schema for high-cardinality data to be ingested and stored at scale. From this data, CloudWatch creates higher-level aggregated metrics at the cluster, service, and task level as CloudWatch metrics. For more information, see Amazon ECS Container Insights metrics; in the Amazon CloudWatch User Guide.
Metrics collected by CloudWatch Container Insights are charged as custom metrics. For more
information about CloudWatch pricing, see CloudWatch Pricing
Container Insights considerations
The following should be considered when using CloudWatch Container Insights.
-
CloudWatch Container Insights metrics only reflect the resources with running tasks during the specified time range. For example, if you have a cluster with one service in it but that service has no tasks in a
RUNNINGstate, there will be no metrics sent to CloudWatch. If you have two services and one of them has running tasks and the other doesn't, only the metrics for the service with running tasks will be sent. -
Network metrics are available for all tasks run on Fargate and tasks run on Amazon EC2 instances that use either the
bridgeorawsvpcnetwork modes.
Setting up CloudWatch Container Insights for cluster and service level metrics
Container Insights can be turned on for all new clusters created by opting in to the
containerInsights account setting, on individual clusters by
turning it on during cluster creation, or on existing
clusters by using the UpdateClusterSettings API.
Opting in to the containerInsights account setting can be done with
both the Amazon ECS console and the AWS CLI. You must be running version
1.16.200 or later of the AWS CLI to use this feature. For more
information on creating Amazon ECS clusters, see Creating a cluster using the classic console.
For clusters containing tasks or services using the EC2 launch type, your container instances must be running version 1.29.0 or later of the Amazon ECS agent. For more information, see Amazon ECS Linux container agent versions.
To change the default for Container Insights for all users using the console
You can make all new clusters turn on Container Insights when they are created by all IAM users and roles. These changes apply to the entire AWS account unless an IAM user or role explicitly overrides these settings for themselves. Any user on an account can use one of the following steps to modify the default account setting for all IAM users or roles on your account. The following steps show how to set this default using the AWS Management Console.
-
As the root user of the account, open the Amazon ECS console at https://console.aws.amazon.com/ecs/
. -
In the navigation bar at the top of the screen, select the Region for which to opt in to Container Insights-default clusters.
-
From the dashboard, choose Account Settings.
-
For IAM user or role, ensure your root user or container instance IAM role is selected.
-
For Container Insights, select the check box. Choose Save once finished.
Important IAM users and IAM roles need the
ecs:PutAccountSettingpermission to perform this action. -
On the confirmation screen, choose Confirm to save the selection.
To change the default for Container Insights for all users using the command line
You can make all new clusters turn on Container Insights when they are created by all IAM users and roles. These changes apply to the entire AWS account unless an IAM user or role explicitly overrides these settings for themselves. Any user on an account can use one of the following steps to modify the default account setting for all IAM users or roles on your account. The following steps show how to set this default using the AWS Command Line Interface.
-
put-account-setting-default (AWS CLI)
aws ecs put-account-setting-default --namecontainerInsights--valueenabled--regionus-east-1 -
Write-ECSAccountSettingDefault (AWS Tools for Windows PowerShell)
Write-ECSAccountSettingDefault -NamecontainerInsights-Valueenabled-Regionus-east-1-Force
To change the default for Container Insights for a specific user using the command line
You can make all new clusters turn on Container Insights when they are created by a specific IAM user or role. This is useful when a specific role is used by AWS CloudFormation to make all changes in a production account, for example. The root user on an account can use one of the following commands and specify the ARN of the principal IAM user or container instance IAM role in the request to modify the account settings.
-
put-account-setting (AWS CLI)
The following example is for modifying the account setting of a specific IAM user:
aws ecs put-account-setting --namecontainerInsights--valueenabled--principal-arn arn:aws:iam::aws_account_id:user/userName--regionus-east-1 -
Write-ECSAccountSetting (AWS Tools for Windows PowerShell)
The following example is for modifying the account setting of a specific IAM user:
Write-ECSAccountSetting -NamecontainerInsights-Valueenabled-PrincipalArn arn:aws:iam::aws_account_id:user/userName-Regionus-east-1-Force
To turn on Container Insights for a specific cluster using the command line
Use one of the following commands to turn on Container Insights for a cluster.
-
update-cluster-settings (AWS CLI)
aws ecs update-cluster-settings --clustercluster_name_or_arn--settings name=containerInsights,value=enabled|disabled--regionus-east-1
