DNXLabs · leeserpa · Sep 8, 2025 · Sep 5, 2025 · Sep 5, 2025 · amazon-q-developer
diff --git a/README.md b/README.md
@@ -93,7 +93,7 @@ module "ecs_apps" {
 | certificate\_arn | n/a | `any` | n/a | yes |
 | certificate\_internal\_arn | certificate arn for internal ALB. | `string` | `""` | no |
 | code\_deploy | Enables CodeDeploy role to be used for deployment | `bool` | `true` | no |
-| container\_insights | Enables CloudWatch Container Insights for a cluster. | `bool` | `false` | no |
+| container\_insights | Enables CloudWatch Container Insights for a cluster. | `string` | `"disabled"` | no |
 | create\_efs | Enables creation of EFS volume for cluster | `bool` | `true` | no |
 | create\_iam\_service\_linked\_role | Create iam\_service\_linked\_role for ECS or not. | `bool` | `false` | no |
 | ebs\_key\_arn | ARN of a KMS Key to use on EBS volumes | `string` | `""` | no |

diff --git a/_variables.tf b/_variables.tf
@@ -368,9 +368,13 @@ variable "extra_task_policies_arn" {
 }
 
 variable "container_insights" {
-  type        = bool
-  default     = false
+  type        = string
-
-variable "container_insights" {
-  type        = bool
-  default     = false
-  type        = string
+variable "container_insights" {
+  type        = string
+  default     = "disabled"
+  description = <<-EOT
+    Enables CloudWatch Container Insights for a cluster.
+    Valid values:
+    - "enhanced": Enables enhanced container insights with additional metrics
+    - "enabled": Enables basic container insights
+    - "disabled": Disables container insights
+  EOT
+  validation {
+    condition = contains(["enhanced", "enabled", "disabled"], var.container_insights)
+    error_message = "Container Insights must be one of: enhanced, enabled, disabled."
+  }
+}
-
-variable "container_insights" {
-  type        = bool
-  default     = false
-  type        = string
+variable "container_insights" {
+  type        = string
+  default     = "disabled"
+  description = <<-EOT
+    Enables CloudWatch Container Insights for a cluster.
+    Valid values:
+    - "enhanced": Enables enhanced container insights with additional metrics
+    - "enabled": Enables basic container insights
+    - "disabled": Disables container insights
+  EOT
+  validation {
+    condition = contains(["enhanced", "enabled", "disabled"], var.container_insights)
+    error_message = "Container Insights must be one of: enhanced, enabled, disabled."
+  }
+}
+  default     = "disabled"
   description = "Enables CloudWatch Container Insights for a cluster."
+  validation {
+    condition = contains(["enhanced", "enabled", "disabled"], var.container_insights)
+    error_message = "Container Insights must be one of: enhanced, enabled, disabled."
+  }
 }
 
 variable "alb_test_listener" {

diff --git a/ecs.tf b/ecs.tf
@@ -3,7 +3,7 @@ resource "aws_ecs_cluster" "ecs" {
 
   setting {
     name  = "containerInsights"
-    value = var.container_insights ? "enabled" : "disabled"
+    value = var.container_insights
   }
 
   tags = merge(
@@ -13,7 +13,7 @@ resource "aws_ecs_cluster" "ecs" {
     },
   )
   lifecycle {
-    ignore_changes = []
+    ignore_changes = [service_connect_defaults]
 
-  lifecycle {
-    ignore_changes = []
-    ignore_changes = [service_connect_defaults]
-    
+  lifecycle {
+    # Ignore changes to service connect defaults as they may be modified outside of Terraform
+    ignore_changes = [service_connect_defaults]
+  }
-  lifecycle {
-    ignore_changes = []
-    ignore_changes = [service_connect_defaults]
-    
+  lifecycle {
+    # Ignore changes to service connect defaults as they may be modified outside of Terraform
+    ignore_changes = [service_connect_defaults]
+  }
   }
 }