diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ec2.DescribeVolumes_1.json b/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ec2.DescribeVolumes_1.json
deleted file mode 100644
index fd18e2bb5..000000000
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ec2.DescribeVolumes_1.json
+++ /dev/null
@@ -1,48 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "Volumes": [
-            {
-                "Attachments": [
-                    {
-                        "AttachTime": {
-                            "__class__": "datetime",
-                            "year": 2021,
-                            "month": 10,
-                            "day": 6,
-                            "hour": 11,
-                            "minute": 56,
-                            "second": 8,
-                            "microsecond": 0
-                        },
-                        "Device": "/dev/xvda",
-                        "InstanceId": "i-07028fc32d50d31d3",
-                        "State": "attached",
-                        "VolumeId": "vol-050e930cdd8e359e8",
-                        "DeleteOnTermination": true
-                    }
-                ],
-                "AvailabilityZone": "us-east-1a",
-                "CreateTime": {
-                    "__class__": "datetime",
-                    "year": 2021,
-                    "month": 10,
-                    "day": 6,
-                    "hour": 11,
-                    "minute": 56,
-                    "second": 8,
-                    "microsecond": 839000
-                },
-                "Encrypted": true,
-                "KmsKeyId": "arn:aws:kms:us-east-1:644160558196:key/d790d044-f208-4947-a2d3-8622db8d40b4",
-                "Size": 30,
-                "SnapshotId": "snap-077bd5ecac9ecd22f",
-                "State": "in-use",
-                "VolumeId": "vol-050e930cdd8e359e8",
-                "VolumeType": "standard",
-                "MultiAttachEnabled": false
-            }
-        ],
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.DescribeClusters_1.json b/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.DescribeClusters_1.json
deleted file mode 100644
index c7dad4dba..000000000
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.DescribeClusters_1.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "clusters": [
-            {
-                "clusterArn": "arn:aws:ecs:us-east-1:644160558196:cluster/110_ecs_cluster_green",
-                "clusterName": "110_ecs_cluster_green",
-                "status": "ACTIVE",
-                "registeredContainerInstancesCount": 1,
-                "runningTasksCount": 0,
-                "pendingTasksCount": 0,
-                "activeServicesCount": 0,
-                "statistics": [],
-                "tags": [],
-                "settings": [],
-                "capacityProviders": [],
-                "defaultCapacityProviderStrategy": []
-            }
-        ],
-        "failures": [],
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.DescribeContainerInstances_1.json b/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.DescribeContainerInstances_1.json
deleted file mode 100644
index 1f4feaab8..000000000
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.DescribeContainerInstances_1.json
+++ /dev/null
@@ -1,314 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "containerInstances": [
-            {
-                "containerInstanceArn": "arn:aws:ecs:us-east-1:644160558196:container-instance/110_ecs_cluster_green/ef6d637d5e444e12aba2931f28c1d3eb",
-                "ec2InstanceId": "i-07028fc32d50d31d3",
-                "version": 10,
-                "versionInfo": {
-                    "agentVersion": "1.55.3",
-                    "agentHash": "67d8b9ab",
-                    "dockerVersion": "DockerVersion: 20.10.7"
-                },
-                "remainingResources": [
-                    {
-                        "name": "CPU",
-                        "type": "INTEGER",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 1024
-                    },
-                    {
-                        "name": "MEMORY",
-                        "type": "INTEGER",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 983
-                    },
-                    {
-                        "name": "PORTS",
-                        "type": "STRINGSET",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 0,
-                        "stringSetValue": [
-                            "22",
-                            "2376",
-                            "2375",
-                            "51678",
-                            "51679"
-                        ]
-                    },
-                    {
-                        "name": "PORTS_UDP",
-                        "type": "STRINGSET",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 0,
-                        "stringSetValue": []
-                    }
-                ],
-                "registeredResources": [
-                    {
-                        "name": "CPU",
-                        "type": "INTEGER",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 1024
-                    },
-                    {
-                        "name": "MEMORY",
-                        "type": "INTEGER",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 983
-                    },
-                    {
-                        "name": "PORTS",
-                        "type": "STRINGSET",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 0,
-                        "stringSetValue": [
-                            "22",
-                            "2376",
-                            "2375",
-                            "51678",
-                            "51679"
-                        ]
-                    },
-                    {
-                        "name": "PORTS_UDP",
-                        "type": "STRINGSET",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 0,
-                        "stringSetValue": []
-                    }
-                ],
-                "status": "ACTIVE",
-                "agentConnected": false,
-                "runningTasksCount": 0,
-                "pendingTasksCount": 0,
-                "attributes": [
-                    {
-                        "name": "ecs.capability.secrets.asm.environment-variables"
-                    },
-                    {
-                        "name": "ecs.capability.branch-cni-plugin-version",
-                        "value": "199bfc65-"
-                    },
-                    {
-                        "name": "ecs.ami-id",
-                        "value": "ami-004bf28d7e5cfae00"
-                    },
-                    {
-                        "name": "ecs.capability.secrets.asm.bootstrap.log-driver"
-                    },
-                    {
-                        "name": "ecs.capability.task-eia.optimized-cpu"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.none"
-                    },
-                    {
-                        "name": "ecs.capability.ecr-endpoint"
-                    },
-                    {
-                        "name": "ecs.capability.docker-plugin.local"
-                    },
-                    {
-                        "name": "ecs.capability.task-cpu-mem-limit"
-                    },
-                    {
-                        "name": "ecs.capability.secrets.ssm.bootstrap.log-driver"
-                    },
-                    {
-                        "name": "ecs.capability.efsAuth"
-                    },
-                    {
-                        "name": "ecs.capability.full-sync"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.30"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.31"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.32"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.fluentd"
-                    },
-                    {
-                        "name": "ecs.capability.firelens.options.config.file"
-                    },
-                    {
-                        "name": "ecs.availability-zone",
-                        "value": "us-east-1a"
-                    },
-                    {
-                        "name": "ecs.capability.aws-appmesh"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.24"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.25"
-                    },
-                    {
-                        "name": "ecs.capability.task-eni-trunking"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.26"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.27"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.28"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.privileged-container"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
-                    },
-                    {
-                        "name": "ecs.cpu-architecture",
-                        "value": "x86_64"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.ecr-auth"
-                    },
-                    {
-                        "name": "ecs.capability.firelens.fluentbit"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.20"
-                    },
-                    {
-                        "name": "ecs.os-type",
-                        "value": "linux"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.22"
-                    },
-                    {
-                        "name": "ecs.capability.task-eia"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.23"
-                    },
-                    {
-                        "name": "ecs.capability.private-registry-authentication.secretsmanager"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.syslog"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.awsfirelens"
-                    },
-                    {
-                        "name": "ecs.capability.firelens.options.config.s3"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.json-file"
-                    },
-                    {
-                        "name": "ecs.capability.execution-role-awslogs"
-                    },
-                    {
-                        "name": "ecs.vpc-id",
-                        "value": "vpc-034c6ca7fddd1f0e4"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
-                    },
-                    {
-                        "name": "ecs.capability.docker-plugin.amazon-ecs-volume-plugin"
-                    },
-                    {
-                        "name": "ecs.capability.task-eni"
-                    },
-                    {
-                        "name": "ecs.capability.firelens.fluentd"
-                    },
-                    {
-                        "name": "ecs.capability.efs"
-                    },
-                    {
-                        "name": "ecs.capability.execution-role-ecr-pull"
-                    },
-                    {
-                        "name": "ecs.capability.task-eni.ipv6"
-                    },
-                    {
-                        "name": "ecs.capability.container-health-check"
-                    },
-                    {
-                        "name": "ecs.capability.execute-command"
-                    },
-                    {
-                        "name": "ecs.subnet-id",
-                        "value": "subnet-07b9e16ef922b19f2"
-                    },
-                    {
-                        "name": "ecs.instance-type",
-                        "value": "t2.micro"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.task-iam-role-network-host"
-                    },
-                    {
-                        "name": "ecs.capability.container-ordering"
-                    },
-                    {
-                        "name": "ecs.capability.cni-plugin-version",
-                        "value": "55b2ae77-2020.09.0"
-                    },
-                    {
-                        "name": "ecs.capability.env-files.s3"
-                    },
-                    {
-                        "name": "ecs.capability.pid-ipc-namespace-sharing"
-                    },
-                    {
-                        "name": "ecs.capability.secrets.ssm.environment-variables"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.task-iam-role"
-                    }
-                ],
-                "registeredAt": {
-                    "__class__": "datetime",
-                    "year": 2021,
-                    "month": 10,
-                    "day": 6,
-                    "hour": 11,
-                    "minute": 58,
-                    "second": 17,
-                    "microsecond": 974000
-                },
-                "attachments": [],
-                "tags": []
-            }
-        ],
-        "failures": [],
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.ListContainerInstances_1.json b/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.ListContainerInstances_1.json
deleted file mode 100644
index 1eb820330..000000000
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.ListContainerInstances_1.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "containerInstanceArns": [
-            "arn:aws:ecs:us-east-1:644160558196:container-instance/110_ecs_cluster_green/ef6d637d5e444e12aba2931f28c1d3eb"
-        ],
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ec2.DescribeVolumes_1.json b/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ec2.DescribeVolumes_1.json
deleted file mode 100644
index 5b089bdf0..000000000
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ec2.DescribeVolumes_1.json
+++ /dev/null
@@ -1,47 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "Volumes": [
-            {
-                "Attachments": [
-                    {
-                        "AttachTime": {
-                            "__class__": "datetime",
-                            "year": 2021,
-                            "month": 10,
-                            "day": 6,
-                            "hour": 10,
-                            "minute": 39,
-                            "second": 19,
-                            "microsecond": 0
-                        },
-                        "Device": "/dev/xvda",
-                        "InstanceId": "i-0013be46659940d18",
-                        "State": "attached",
-                        "VolumeId": "vol-0d3016024cc52a36d",
-                        "DeleteOnTermination": true
-                    }
-                ],
-                "AvailabilityZone": "us-east-1a",
-                "CreateTime": {
-                    "__class__": "datetime",
-                    "year": 2021,
-                    "month": 10,
-                    "day": 6,
-                    "hour": 10,
-                    "minute": 39,
-                    "second": 19,
-                    "microsecond": 566000
-                },
-                "Encrypted": false,
-                "Size": 30,
-                "SnapshotId": "snap-077bd5ecac9ecd22f",
-                "State": "in-use",
-                "VolumeId": "vol-0d3016024cc52a36d",
-                "VolumeType": "standard",
-                "MultiAttachEnabled": false
-            }
-        ],
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.DescribeClusters_1.json b/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.DescribeClusters_1.json
deleted file mode 100644
index ec82bacce..000000000
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.DescribeClusters_1.json
+++ /dev/null
@@ -1,23 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "clusters": [
-            {
-                "clusterArn": "arn:aws:ecs:us-east-1:this:cluster/110_ecs_cluster_red",
-                "clusterName": "110_ecs_cluster_red",
-                "status": "ACTIVE",
-                "registeredContainerInstancesCount": 1,
-                "runningTasksCount": 0,
-                "pendingTasksCount": 0,
-                "activeServicesCount": 0,
-                "statistics": [],
-                "tags": [],
-                "settings": [],
-                "capacityProviders": [],
-                "defaultCapacityProviderStrategy": []
-            }
-        ],
-        "failures": [],
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.DescribeContainerInstances_1.json b/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.DescribeContainerInstances_1.json
deleted file mode 100644
index 2e9565642..000000000
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.DescribeContainerInstances_1.json
+++ /dev/null
@@ -1,314 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "containerInstances": [
-            {
-                "containerInstanceArn": "arn:aws:ecs:us-east-1:this:container-instance/110_ecs_cluster_red/fdf2e5e02ef0495b8a1242f25fb0292a",
-                "ec2InstanceId": "i-0013be46659940d18",
-                "version": 8,
-                "versionInfo": {
-                    "agentVersion": "1.55.3",
-                    "agentHash": "67d8b9ab",
-                    "dockerVersion": "DockerVersion: 20.10.7"
-                },
-                "remainingResources": [
-                    {
-                        "name": "CPU",
-                        "type": "INTEGER",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 1024
-                    },
-                    {
-                        "name": "MEMORY",
-                        "type": "INTEGER",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 983
-                    },
-                    {
-                        "name": "PORTS",
-                        "type": "STRINGSET",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 0,
-                        "stringSetValue": [
-                            "22",
-                            "2376",
-                            "2375",
-                            "51678",
-                            "51679"
-                        ]
-                    },
-                    {
-                        "name": "PORTS_UDP",
-                        "type": "STRINGSET",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 0,
-                        "stringSetValue": []
-                    }
-                ],
-                "registeredResources": [
-                    {
-                        "name": "CPU",
-                        "type": "INTEGER",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 1024
-                    },
-                    {
-                        "name": "MEMORY",
-                        "type": "INTEGER",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 983
-                    },
-                    {
-                        "name": "PORTS",
-                        "type": "STRINGSET",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 0,
-                        "stringSetValue": [
-                            "22",
-                            "2376",
-                            "2375",
-                            "51678",
-                            "51679"
-                        ]
-                    },
-                    {
-                        "name": "PORTS_UDP",
-                        "type": "STRINGSET",
-                        "doubleValue": 0.0,
-                        "longValue": 0,
-                        "integerValue": 0,
-                        "stringSetValue": []
-                    }
-                ],
-                "status": "ACTIVE",
-                "agentConnected": false,
-                "runningTasksCount": 0,
-                "pendingTasksCount": 0,
-                "attributes": [
-                    {
-                        "name": "ecs.capability.secrets.asm.environment-variables"
-                    },
-                    {
-                        "name": "ecs.capability.branch-cni-plugin-version",
-                        "value": "199bfc65-"
-                    },
-                    {
-                        "name": "ecs.ami-id",
-                        "value": "ami-004bf28d7e5cfae00"
-                    },
-                    {
-                        "name": "ecs.capability.secrets.asm.bootstrap.log-driver"
-                    },
-                    {
-                        "name": "ecs.capability.task-eia.optimized-cpu"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.none"
-                    },
-                    {
-                        "name": "ecs.capability.ecr-endpoint"
-                    },
-                    {
-                        "name": "ecs.capability.docker-plugin.local"
-                    },
-                    {
-                        "name": "ecs.capability.task-cpu-mem-limit"
-                    },
-                    {
-                        "name": "ecs.capability.secrets.ssm.bootstrap.log-driver"
-                    },
-                    {
-                        "name": "ecs.capability.efsAuth"
-                    },
-                    {
-                        "name": "ecs.capability.full-sync"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.30"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.31"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.32"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.fluentd"
-                    },
-                    {
-                        "name": "ecs.capability.firelens.options.config.file"
-                    },
-                    {
-                        "name": "ecs.availability-zone",
-                        "value": "us-east-1a"
-                    },
-                    {
-                        "name": "ecs.capability.aws-appmesh"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.awslogs"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.24"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.25"
-                    },
-                    {
-                        "name": "ecs.capability.task-eni-trunking"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.26"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.27"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.28"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.privileged-container"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.29"
-                    },
-                    {
-                        "name": "ecs.cpu-architecture",
-                        "value": "x86_64"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.ecr-auth"
-                    },
-                    {
-                        "name": "ecs.capability.firelens.fluentbit"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.20"
-                    },
-                    {
-                        "name": "ecs.os-type",
-                        "value": "linux"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.22"
-                    },
-                    {
-                        "name": "ecs.capability.task-eia"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.23"
-                    },
-                    {
-                        "name": "ecs.capability.private-registry-authentication.secretsmanager"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.syslog"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.awsfirelens"
-                    },
-                    {
-                        "name": "ecs.capability.firelens.options.config.s3"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.logging-driver.json-file"
-                    },
-                    {
-                        "name": "ecs.capability.execution-role-awslogs"
-                    },
-                    {
-                        "name": "ecs.vpc-id",
-                        "value": "vpc-013fb4cef3fd4b4fb"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.17"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19"
-                    },
-                    {
-                        "name": "ecs.capability.docker-plugin.amazon-ecs-volume-plugin"
-                    },
-                    {
-                        "name": "ecs.capability.task-eni"
-                    },
-                    {
-                        "name": "ecs.capability.firelens.fluentd"
-                    },
-                    {
-                        "name": "ecs.capability.efs"
-                    },
-                    {
-                        "name": "ecs.capability.execution-role-ecr-pull"
-                    },
-                    {
-                        "name": "ecs.capability.task-eni.ipv6"
-                    },
-                    {
-                        "name": "ecs.capability.container-health-check"
-                    },
-                    {
-                        "name": "ecs.capability.execute-command"
-                    },
-                    {
-                        "name": "ecs.subnet-id",
-                        "value": "subnet-0198d7dcfc9d29c1f"
-                    },
-                    {
-                        "name": "ecs.instance-type",
-                        "value": "t2.micro"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.task-iam-role-network-host"
-                    },
-                    {
-                        "name": "ecs.capability.container-ordering"
-                    },
-                    {
-                        "name": "ecs.capability.cni-plugin-version",
-                        "value": "55b2ae77-2020.09.0"
-                    },
-                    {
-                        "name": "ecs.capability.env-files.s3"
-                    },
-                    {
-                        "name": "ecs.capability.pid-ipc-namespace-sharing"
-                    },
-                    {
-                        "name": "ecs.capability.secrets.ssm.environment-variables"
-                    },
-                    {
-                        "name": "com.amazonaws.ecs.capability.task-iam-role"
-                    }
-                ],
-                "registeredAt": {
-                    "__class__": "datetime",
-                    "year": 2021,
-                    "month": 10,
-                    "day": 6,
-                    "hour": 10,
-                    "minute": 42,
-                    "second": 6,
-                    "microsecond": 420000
-                },
-                "attachments": [],
-                "tags": []
-            }
-        ],
-        "failures": [],
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.ListContainerInstances_1.json b/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.ListContainerInstances_1.json
deleted file mode 100644
index 95cd30f77..000000000
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.ListContainerInstances_1.json
+++ /dev/null
@@ -1,9 +0,0 @@
-{
-    "status_code": 200,
-    "data": {
-        "containerInstanceArns": [
-            "arn:aws:ecs:us-east-1:644160558196:container-instance/110_ecs_cluster_red/fdf2e5e02ef0495b8a1242f25fb0292a"
-        ],
-        "ResponseMetadata": {}
-    }
-}
\ No newline at end of file
diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/red_policy_test.py b/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/red_policy_test.py
deleted file mode 100644
index d7ec25c22..000000000
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/red_policy_test.py
+++ /dev/null
@@ -1,11 +0,0 @@
-class PolicyTest(object):
-
-    def test_resources_with_client(self, base_test, resources, local_session):
-        base_test.assertEqual(len(resources), 1)
-        encryption = local_session.client('ec2').describe_volumes()['Volumes'][0]
-        volumeInstance = encryption['Attachments'][0]['InstanceId']
-        container = local_session.client('ecs').describe_container_instances(containerInstances = volumeInstance.split())
-        containerInstance = container['containerInstances'][0]['ec2InstanceId']
-        base_test.assertNotEqual(resources[0]['registeredContainerInstancesCount'], 0)
-        base_test.assertEqual(containerInstance, volumeInstance)
-        base_test.assertFalse(encryption['Encrypted'])
\ No newline at end of file
diff --git a/non-compatible/policies/ecc-aws-110-ecs_cluster_at_rest_encryption.yml b/policies/ecc-aws-110-ecs_cluster_at_rest_encryption.yml
similarity index 53%
rename from non-compatible/policies/ecc-aws-110-ecs_cluster_at_rest_encryption.yml
rename to policies/ecc-aws-110-ecs_cluster_at_rest_encryption.yml
index 1b981b32f..93a2c6d07 100644
--- a/non-compatible/policies/ecc-aws-110-ecs_cluster_at_rest_encryption.yml
+++ b/policies/ecc-aws-110-ecs_cluster_at_rest_encryption.yml
@@ -8,10 +8,13 @@ policies:
   - name: ecc-aws-110-ecs_cluster_at_rest_encryption
     comment: '010043082000'
     description: |
-      ECS Cluster At-Rest Encryption is disabled
+      ECS cluster with disabled encryption for managed storage or ephemeral storage for Fargate
     resource: ecs
     filters:
-      - type: encryption-instance-id-ecs-filter
-        key: Encrypted
-        op: eq
-        value: false
+    - or:
+      - type: value
+        key: configuration.managedStorageConfiguration.kmsKeyId
+        value: empty
+      - type: value
+        key: configuration.managedStorageConfiguration.fargateEphemeralStorageKmsKeyId
+        value: empty
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/ecs.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/ecs.tf
deleted file mode 100644
index 502683a29..000000000
--- a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/ecs.tf
+++ /dev/null
@@ -1,123 +0,0 @@
-resource "aws_ecs_cluster" "this" {
-  name = "110_ecs_cluster_green"
-}
-
-resource "aws_iam_role" "this" {
-  name               = "110_role_green"
-  path               = "/"
-  assume_role_policy = data.aws_iam_policy_document.this.json
-}
-
-data "aws_iam_policy_document" "this" {
-  statement {
-    actions = ["sts:AssumeRole"]
-
-    principals {
-      type        = "Service"
-      identifiers = ["ec2.amazonaws.com"]
-    }
-  }
-}
-
-resource "aws_iam_role_policy_attachment" "this" {
-  role       = aws_iam_role.this.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
-}
-
-resource "aws_iam_instance_profile" "this" {
-  name = "110_ecs-instance_profile_green"
-  path = "/"
-  role = aws_iam_role.this.id
-}
-
-resource "aws_vpc" "this" {
-  cidr_block           = "10.0.0.0/16"
-  instance_tenancy     = "default"
-  enable_dns_hostnames = true
-}
-
-resource "aws_subnet" "this" {
-  vpc_id            = aws_vpc.this.id
-  cidr_block        = "10.0.1.0/24"
-  availability_zone = "us-east-1a"
-}
-
-resource "aws_security_group" "this" {
-  name   = "110_security_group_green"
-  vpc_id = aws_vpc.this.id
-
-  ingress {
-    description = "SSH from VPC"
-    from_port   = 22
-    to_port     = 22
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-
-resource "aws_internet_gateway" "this" {
-  vpc_id = aws_vpc.this.id
-}
-
-resource "aws_route_table" "this" {
-  vpc_id = aws_vpc.this.id
-
-  route {
-    cidr_block = "0.0.0.0/0"
-    gateway_id = aws_internet_gateway.this.id
-  }
-}
-
-resource "aws_route_table_association" "this" {
-  subnet_id      = aws_subnet.this.id
-  route_table_id = aws_route_table.this.id
-}
-
-resource "aws_instance" "this" {
-  ami                         = data.aws_ami.this.id
-  instance_type               = "t2.micro"
-  associate_public_ip_address = true
-  security_groups             = [aws_security_group.this.id]
-  subnet_id                   = aws_subnet.this.id
-  iam_instance_profile        = aws_iam_instance_profile.this.name
-  user_data                   = <<EOF
-                                  #!/bin/bash
-                                  echo ECS_CLUSTER=110_ecs_cluster_green >> /etc/ecs/ecs.config
-                                  EOF
-
-  root_block_device {
-    volume_type           = "standard"
-    volume_size           = 30
-    delete_on_termination = true
-    encrypted             = true
-  }
-
-  tags = {
-    Name = "110_ec2_instance_green"
-  }
-}
-
-data "aws_ami" "this" {
-  most_recent = true
-
-  filter {
-    name = "name"
-    values = ["amzn2-ami-ecs-*"] # ECS optimized image
-  }
-
-  filter {
-    name = "virtualization-type"
-    values = ["hvm"]
-  }
-
-  owners = [
-    "amazon"
-  ]
-}
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/ec2.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/ec2.tf
new file mode 100644
index 000000000..f7e0c5b95
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/ec2.tf
@@ -0,0 +1,75 @@
+resource "aws_launch_template" "this" {
+  name                                 = "110_launch-template_green1"
+  image_id                             = data.aws_ami.this.id
+  instance_type                        = "t3.nano"
+  instance_initiated_shutdown_behavior = "terminate"
+  user_data                            = base64encode("#!/bin/bash\necho ECS_CLUSTER=${local.cluster_name} >> /etc/ecs/ecs.config")
+  iam_instance_profile {
+    name = aws_iam_instance_profile.ecs_agent.name
+  }
+  network_interfaces {
+    associate_public_ip_address = true
+    device_index                = 0
+    security_groups             = [data.aws_security_group.this.id]
+    delete_on_termination       = true
+  }
+  placement {
+    availability_zone = data.aws_availability_zones.this.names[0]
+  }
+  tag_specifications {
+    resource_type = "instance"
+    tags = {
+      Name = "110_ec2_instance_green1"
+    }
+  }
+}
+
+resource "aws_autoscaling_group" "this" {
+  name               = "110_autoscaling-group_green1"
+  availability_zones = [data.aws_availability_zones.this.names[0]]
+  launch_template {
+    id      = aws_launch_template.this.id
+    version = "$Latest"
+  }
+  lifecycle {
+    create_before_destroy = true
+  }
+  desired_capacity          = 1
+  min_size                  = 1
+  max_size                  = 1
+  health_check_grace_period = 300
+  health_check_type         = "EC2"
+  force_delete              = true
+  tag {
+    key                 = "AmazonECSManaged"
+    value               = true
+    propagate_at_launch = true
+  }
+  tag {
+    key                 = "CustodianRule"
+    value               = "ecc-aws-110-ecs_cluster_at_rest_encryption"
+    propagate_at_launch = true
+  }
+  tag {
+    key                 = "ComplianceStatus"
+    value               = "Green1"
+    propagate_at_launch = true
+  }
+}
+
+data "aws_ami" "this" {
+  most_recent = true
+  owners      = ["amazon"]
+  filter {
+    name   = "name"
+    values = ["amzn2-ami-ecs-hvm-*-x86_64-ebs"]
+  }
+  filter {
+    name   = "architecture"
+    values = ["x86_64"]
+  }
+  filter {
+    name   = "virtualization-type"
+    values = ["hvm"]
+  }
+}
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/ecs.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/ecs.tf
new file mode 100644
index 000000000..69b5ec273
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/ecs.tf
@@ -0,0 +1,125 @@
+resource "aws_ecs_cluster" "this" {
+  name = local.cluster_name
+  configuration {
+    managed_storage_configuration {
+      kms_key_id = data.aws_kms_key.this.id
+    }
+  }
+}
+
+data "aws_kms_key" "this" {
+  key_id = "alias/aws/ebs"
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "/ecs/110_ecs-logs_green1"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "110_task_green1"
+  requires_compatibilities = ["EC2"]
+  runtime_platform {
+    operating_system_family = "LINUX"
+    cpu_architecture        = "X86_64"
+  }
+  volume {
+    name                = local.volume_name
+    configure_at_launch = true
+  }
+  cpu                = 128
+  memory             = 256
+  execution_role_arn = aws_iam_role.this.arn
+  task_role_arn      = aws_iam_role.this.arn
+
+  container_definitions = <<DEFINITION
+[
+  {
+    "name": "sample-app",
+    "image":  "public.ecr.aws/docker/library/nginx:latest",
+    "portMappings": [
+        {
+          "containerPort": 80,
+          "hostPort": 80,
+          "protocol": "tcp"
+        }
+    ],
+    "mountPoints": [
+      {
+        "sourceVolume": "${local.volume_name}",
+        "containerPath": "/foo"
+      }
+    ],
+    "logConfiguration": {
+                "logDriver": "awslogs",
+                "options": {
+                    "awslogs-group": "/ecs/110_ecs-logs_green1",
+                    "awslogs-region": "${var.default-region}",
+                    "awslogs-stream-prefix": "ecs"
+                }
+            }
+  }
+]
+DEFINITION
+}
+resource "aws_ecs_service" "this" {
+  name                    = "110_ecs-service_green1"
+  cluster                 = aws_ecs_cluster.this.id
+  task_definition         = aws_ecs_task_definition.this.arn
+  enable_ecs_managed_tags = true
+  enable_execute_command  = true
+  desired_count           = 1
+  launch_type             = "EC2"
+  scheduling_strategy     = "REPLICA"
+  force_delete            = true
+  volume_configuration {
+    name = local.volume_name
+    managed_ebs_volume {
+      role_arn         = aws_iam_role.ecs_volume_role.arn
+      encrypted        = true
+      volume_type      = "gp3"
+      size_in_gb       = 1
+      file_system_type = "ext4"
+      tag_specifications {
+        resource_type  = "volume"
+        propagate_tags = "TASK_DEFINITION"
+      }
+    }
+  }
+  deployment_circuit_breaker {
+    enable   = true
+    rollback = true
+  }
+  depends_on = [aws_iam_role_policy_attachment.this1, aws_iam_role_policy_attachment.this2, aws_iam_role_policy_attachment.this3, aws_iam_role_policy_attachment.this4, aws_iam_role_policy_attachment.this5, time_sleep.wait_60_seconds, aws_ecs_cluster_capacity_providers.this, aws_ecs_capacity_provider.this, aws_autoscaling_group.this]
+}
+
+resource "time_sleep" "wait_60_seconds" {
+  create_duration = "60s"
+  depends_on      = [aws_autoscaling_group.this]
+}
+
+resource "aws_ecs_cluster_capacity_providers" "this" {
+  cluster_name = aws_ecs_cluster.this.name
+
+  capacity_providers = [aws_ecs_capacity_provider.this.name]
+
+  default_capacity_provider_strategy {
+    base              = 1
+    weight            = 1
+    capacity_provider = aws_ecs_capacity_provider.this.name
+  }
+}
+
+resource "aws_ecs_capacity_provider" "this" {
+  name = "110_capacity-provider_green1"
+  auto_scaling_group_provider {
+    auto_scaling_group_arn         = aws_autoscaling_group.this.arn
+    managed_termination_protection = "DISABLED"
+    managed_scaling {
+      maximum_scaling_step_size = 1
+      minimum_scaling_step_size = 1
+      status                    = "ENABLED"
+      target_capacity           = 100
+      instance_warmup_period    = 300
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/iam.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/iam.tf
new file mode 100644
index 000000000..8003b3e3a
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/iam.tf
@@ -0,0 +1,109 @@
+resource "aws_iam_role" "this" {
+  name                 = "110_iam-role_green1"
+  assume_role_policy   = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ecs-tasks.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_policy" "this" {
+  name = "110_iam-policy_green1"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "logs:CreateLogStream",
+        "logs:PutLogEvents",
+        "logs:DescribeLogStreams"
+      ],
+      "Resource": "${aws_cloudwatch_log_group.this.arn}/*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this1" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
+}
+
+resource "aws_iam_role_policy_attachment" "this2" {
+  role       = aws_iam_role.this.name
+  policy_arn = aws_iam_policy.this.arn
+}
+
+resource "aws_iam_role" "ecs_agent" {
+  name                 = "110_iam-role-ecs_agent_green1"
+  assume_role_policy   = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ec2.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this3" {
+  role       = aws_iam_role.ecs_agent.name
+  policy_arn = "arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore"
+}
+
+resource "aws_iam_role_policy_attachment" "this4" {
+  role       = aws_iam_role.ecs_agent.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
+}
+
+resource "aws_iam_instance_profile" "ecs_agent" {
+  name = "110_iam-instance-profile_green1"
+  role = aws_iam_role.ecs_agent.name
+}
+
+resource "aws_iam_role" "ecs_volume_role" {
+  name                 = "110_iam-role-ecs_volume_green1"
+  assume_role_policy   = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllowAccessToECSForInfrastructureManagement", 
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ecs.amazonaws.com" 
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this5" {
+  role       = aws_iam_role.ecs_volume_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSInfrastructureRolePolicyForVolumes"
+}
+
+data "aws_caller_identity" "this" {}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/provider.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/provider.tf
similarity index 84%
rename from terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/provider.tf
rename to terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/provider.tf
index 95503a75d..093209482 100644
--- a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/provider.tf
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/provider.tf
@@ -14,7 +14,7 @@ provider "aws" {
   default_tags {
     tags = {
       CustodianRule    = "ecc-aws-110-ecs_cluster_at_rest_encryption"
-      ComplianceStatus = "Green"
+      ComplianceStatus = "Green1"
     }
   }
 }
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/terraform.tfvars b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/terraform.tfvars
similarity index 100%
rename from terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/terraform.tfvars
rename to terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/terraform.tfvars
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/variables.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/variables.tf
similarity index 65%
rename from terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/variables.tf
rename to terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/variables.tf
index 09e482677..386ee4c4d 100644
--- a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green/variables.tf
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/variables.tf
@@ -6,4 +6,9 @@ variable "default-region" {
 variable "profile" {
   type        = string
   description = "Profile name configured before running apply"
+}
+
+locals {
+  cluster_name = "110_ecs_cluster_green1"
+  volume_name  = "110_service-ebs-volume_green1"
 }
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/vpc.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/vpc.tf
new file mode 100644
index 000000000..11dcb1cdc
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green1/vpc.tf
@@ -0,0 +1,34 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_availability_zones" "this" {
+  state = "available"
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+  filter {
+    name   = "availability-zone"
+    values = data.aws_availability_zones.this.names
+  }
+  filter {
+    name   = "map-public-ip-on-launch"
+    values = ["true"]
+  }
+}
+
+data "aws_security_group" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+
+  filter {
+    name   = "group-name"
+    values = ["default"]
+  }
+}
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/ecs.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/ecs.tf
new file mode 100644
index 000000000..7ae9d2837
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/ecs.tf
@@ -0,0 +1,99 @@
+resource "aws_ecs_cluster" "this" {
+  name = local.cluster_name
+  configuration {
+    managed_storage_configuration {
+      kms_key_id                           = data.aws_kms_key.this_default.id
+      fargate_ephemeral_storage_kms_key_id = aws_kms_key.this.id
+    }
+  }
+}
+
+data "aws_kms_key" "this_default" {
+  key_id = "alias/aws/ebs"
+}
+
+resource "aws_cloudwatch_log_group" "this" {
+  name = "/ecs/110_ecs-logs_green2"
+}
+
+resource "aws_ecs_task_definition" "this" {
+  family                   = "110_task_green2"
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+  runtime_platform {
+    operating_system_family = "LINUX"
+    cpu_architecture        = "X86_64"
+  }
+  volume {
+    name                = local.volume_name
+    configure_at_launch = true
+  }
+  ephemeral_storage {
+    size_in_gib = 21
+  }
+  cpu                = 256
+  memory             = 512
+  task_role_arn      = aws_iam_role.this.arn
+  execution_role_arn = aws_iam_role.this.arn
+
+  container_definitions = <<DEFINITION
+[
+  {
+    "name": "sample-app",
+    "image":  "public.ecr.aws/docker/library/nginx:latest",
+    "portMappings": [
+        {
+          "containerPort": 80,
+          "hostPort": 80,
+          "protocol": "tcp"
+        }
+    ],
+    "mountPoints": [
+      {
+        "sourceVolume": "${local.volume_name}",
+        "containerPath": "/foo"
+      }
+    ],
+    "logConfiguration": {
+                "logDriver": "awslogs",
+                "options": {
+                    "awslogs-group": "/ecs/110_ecs-logs_green2",
+                    "awslogs-region": "${var.default-region}",
+                    "awslogs-stream-prefix": "ecs"
+                }
+            }
+  }
+]
+DEFINITION
+}
+
+resource "aws_ecs_service" "this" {
+  name                    = "110_ecs-service_green2"
+  cluster                 = aws_ecs_cluster.this.id
+  task_definition         = aws_ecs_task_definition.this.arn
+  enable_ecs_managed_tags = true
+  enable_execute_command  = true
+  desired_count           = 1
+  launch_type             = "FARGATE"
+  platform_version        = "LATEST"
+  volume_configuration {
+    name = local.volume_name
+    managed_ebs_volume {
+      role_arn         = aws_iam_role.ecs_volume_role.arn
+      encrypted        = true
+      volume_type      = "gp3"
+      size_in_gb       = 1
+      file_system_type = "ext4"
+      tag_specifications {
+        resource_type  = "volume"
+        propagate_tags = "TASK_DEFINITION"
+      }
+    }
+  }
+  network_configuration {
+    security_groups  = [data.aws_security_group.this.id]
+    subnets          = data.aws_subnets.this.ids
+    assign_public_ip = true
+  }
+  depends_on = [aws_iam_role_policy_attachment.this1, aws_iam_role_policy_attachment.this2, aws_iam_role_policy_attachment.this3]
+}
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/iam.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/iam.tf
new file mode 100644
index 000000000..3e8a59958
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/iam.tf
@@ -0,0 +1,75 @@
+resource "aws_iam_role" "this" {
+  name                 = "110_iam-role_green2"
+  assume_role_policy   = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ecs-tasks.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_policy" "this" {
+  name = "110_iam-policy_green2"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "logs:CreateLogStream",
+        "logs:PutLogEvents",
+        "logs:DescribeLogStreams"
+      ],
+      "Resource": "${aws_cloudwatch_log_group.this.arn}/*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this1" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
+}
+
+resource "aws_iam_role_policy_attachment" "this2" {
+  role       = aws_iam_role.this.name
+  policy_arn = aws_iam_policy.this.arn
+}
+
+resource "aws_iam_role" "ecs_volume_role" {
+  name                 = "110_iam-role-ecs_volume_green2"
+  assume_role_policy   = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllowAccessToECSForInfrastructureManagement", 
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ecs.amazonaws.com" 
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this3" {
+  role       = aws_iam_role.ecs_volume_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSInfrastructureRolePolicyForVolumes"
+}
+
+data "aws_caller_identity" "this" {}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/kms.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/kms.tf
new file mode 100644
index 000000000..96b19994f
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/kms.tf
@@ -0,0 +1,62 @@
+resource "aws_kms_key" "this" {
+  description             = "CustodianRule ecc-aws-110-ecs_cluster_at_rest_encryption"
+  enable_key_rotation     = true
+  deletion_window_in_days = 20
+}
+
+resource "aws_kms_alias" "this" {
+  name          = "alias/110-key-green2"
+  target_key_id = aws_kms_key.this.key_id
+}
+
+resource "aws_kms_key_policy" "this" {
+  key_id = aws_kms_key.this.id
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Id      = "key-default-1"
+    Statement = [
+      {
+        Sid    = "Enable IAM User Permissions"
+        Effect = "Allow"
+        Principal = {
+          AWS = "arn:aws:iam::${data.aws_caller_identity.this.account_id}:root"
+        }
+        Action   = "kms:*"
+        Resource = "*"
+      },
+      {
+        Sid    = "Allow generate data key access for Fargate tasks"
+        Effect = "Allow"
+        Principal = {
+          Service = "fargate.amazonaws.com"
+        }
+        Action   = "kms:GenerateDataKeyWithoutPlaintext"
+        Resource = "*"
+        Condition = {
+          "StringEquals" : {
+            "kms:EncryptionContext:aws:ecs:clusterAccount" : [data.aws_caller_identity.this.account_id],
+            "kms:EncryptionContext:aws:ecs:clusterName" : [local.cluster_name]
+          }
+        }
+      },
+      {
+        Sid    = "Allow grant creation permission for Fargate tasks"
+        Effect = "Allow"
+        Principal = {
+          Service = "fargate.amazonaws.com"
+        }
+        Action   = "kms:CreateGrant"
+        Resource = "*"
+        Condition = {
+          "StringEquals" : {
+            "kms:EncryptionContext:aws:ecs:clusterAccount" : [data.aws_caller_identity.this.account_id],
+            "kms:EncryptionContext:aws:ecs:clusterName" : [local.cluster_name]
+          },
+          "ForAllValues:StringEquals" : {
+            "kms:GrantOperations" : ["Decrypt"]
+          }
+        }
+      }
+    ]
+  })
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/provider.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/provider.tf
new file mode 100644
index 000000000..a7e7db762
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/provider.tf
@@ -0,0 +1,20 @@
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5"
+    }
+  }
+}
+
+provider "aws" {
+  profile = var.profile
+  region  = var.default-region
+
+  default_tags {
+    tags = {
+      CustodianRule    = "ecc-aws-110-ecs_cluster_at_rest_encryption"
+      ComplianceStatus = "Green2"
+    }
+  }
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/terraform.tfvars b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/terraform.tfvars
new file mode 100644
index 000000000..e1e2d2fa8
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/terraform.tfvars
@@ -0,0 +1,2 @@
+profile        = "c7n"
+default-region = "us-east-1"
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/variables.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/variables.tf
new file mode 100644
index 000000000..2e3035057
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/variables.tf
@@ -0,0 +1,14 @@
+variable "default-region" {
+  type        = string
+  description = "Default region for resources will be created"
+}
+
+variable "profile" {
+  type        = string
+  description = "Profile name configured before running apply"
+}
+
+locals {
+  cluster_name = "110_ecs_cluster_green2"
+  volume_name  = "110_service-ebs-volume_green2"
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/vpc.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/vpc.tf
new file mode 100644
index 000000000..2f74753bf
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/green2/vpc.tf
@@ -0,0 +1,35 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_availability_zones" "this" {
+  state            = "available"
+  exclude_zone_ids = ["use1-az3"]
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+  filter {
+    name   = "availability-zone"
+    values = data.aws_availability_zones.this.names
+  }
+  filter {
+    name   = "map-public-ip-on-launch"
+    values = ["true"]
+  }
+}
+
+data "aws_security_group" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+
+  filter {
+    name   = "group-name"
+    values = ["default"]
+  }
+}
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/iam/110-policy.json b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/iam/110-policy.json
index ad24edd92..22c9b1d4a 100644
--- a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/iam/110-policy.json
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/iam/110-policy.json
@@ -4,12 +4,7 @@
         {
             "Effect": "Allow",
             "Action": [ 
-                "ec2:DescribeRegions",
                 "ecs:ListClusters",
-                "ecs:ListContainerInstances",
-                "ecs:DescribeContainerInstances",
-                "ec2:DescribeInstances",
-                "ec2:DescribeVolumes",
                 "ecs:DescribeClusters"
             ],
             "Resource": "*"
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/ecs.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/ecs.tf
index 192fb24d1..d79b7ac0b 100644
--- a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/ecs.tf
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/ecs.tf
@@ -1,121 +1,98 @@
 resource "aws_ecs_cluster" "this" {
-  name = "110_ecs_cluster_red"
-}
-
-resource "aws_iam_role" "this" {
-  name               = "110_role_red"
-  path               = "/"
-  assume_role_policy = data.aws_iam_policy_document.this.json
-}
-
-data "aws_iam_policy_document" "this" {
-  statement {
-    actions = ["sts:AssumeRole"]
-
-    principals {
-      type        = "Service"
-      identifiers = ["ec2.amazonaws.com"]
+  name = local.cluster_name
+  configuration {
+    managed_storage_configuration {
+      kms_key_id = data.aws_kms_key.this_default.id
     }
   }
 }
 
-resource "aws_iam_role_policy_attachment" "this" {
-  role       = aws_iam_role.this.name
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
-}
-
-resource "aws_iam_instance_profile" "this" {
-  name = "110_ecs-instance_profile_red"
-  path = "/"
-  role = aws_iam_role.this.id
+data "aws_kms_key" "this_default" {
+  key_id = "alias/aws/ebs"
 }
 
-resource "aws_vpc" "this" {
-  cidr_block           = "10.0.0.0/16"
-  instance_tenancy     = "default"
-  enable_dns_hostnames = true
+resource "aws_cloudwatch_log_group" "this" {
+  name = "/ecs/110_ecs-logs_red"
 }
 
-resource "aws_subnet" "this" {
-  vpc_id            = aws_vpc.this.id
-  cidr_block        = "10.0.1.0/24"
-  availability_zone = "us-east-1a"
-}
-
-resource "aws_security_group" "this" {
-  name   = "110_security_group_red"
-  vpc_id = aws_vpc.this.id
-
-  ingress {
-    description = "SSH from VPC"
-    from_port   = 22
-    to_port     = 22
-    protocol    = "tcp"
-    cidr_blocks = ["0.0.0.0/0"]
+resource "aws_ecs_task_definition" "this" {
+  family                   = "110_task_red"
+  requires_compatibilities = ["FARGATE"]
+  network_mode             = "awsvpc"
+  runtime_platform {
+    operating_system_family = "LINUX"
+    cpu_architecture        = "X86_64"
   }
-
-  egress {
-    from_port   = 0
-    to_port     = 0
-    protocol    = "-1"
-    cidr_blocks = ["0.0.0.0/0"]
-  }
-}
-
-resource "aws_internet_gateway" "this" {
-  vpc_id = aws_vpc.this.id
-}
-
-resource "aws_route_table" "this" {
-  vpc_id = aws_vpc.this.id
-
-  route {
-    cidr_block = "0.0.0.0/0"
-    gateway_id = aws_internet_gateway.this.id
+  volume {
+    name                = local.volume_name
+    configure_at_launch = true
   }
-}
-
-resource "aws_route_table_association" "this" {
-  subnet_id      = aws_subnet.this.id
-  route_table_id = aws_route_table.this.id
-}
-
-resource "aws_instance" "red-instance-110" {
-  ami                         = data.aws_ami.this.id
-  instance_type               = "t2.micro"
-  associate_public_ip_address = true
-  security_groups             = [aws_security_group.this.id]
-  subnet_id                   = aws_subnet.this.id
-  iam_instance_profile        = aws_iam_instance_profile.this.name
-  user_data                   = <<EOF
-                                  #!/bin/bash
-                                  echo ECS_CLUSTER=110_ecs_cluster_red >> /etc/ecs/ecs.config
-                                  EOF
-
-  root_block_device {
-    volume_type           = "standard"
-    volume_size           = 30
-    delete_on_termination = true
+  ephemeral_storage {
+    size_in_gib = 21
   }
-  tags = {
-    Name = "110_ec2_instance_red"
+  cpu                = 256
+  memory             = 512
+  task_role_arn      = aws_iam_role.this.arn
+  execution_role_arn = aws_iam_role.this.arn
+
+  container_definitions = <<DEFINITION
+[
+  {
+    "name": "sample-app",
+    "image":  "public.ecr.aws/docker/library/nginx:latest",
+    "portMappings": [
+        {
+          "containerPort": 80,
+          "hostPort": 80,
+          "protocol": "tcp"
+        }
+    ],
+    "mountPoints": [
+      {
+        "sourceVolume": "${local.volume_name}",
+        "containerPath": "/foo"
+      }
+    ],
+    "logConfiguration": {
+                "logDriver": "awslogs",
+                "options": {
+                    "awslogs-group": "/ecs/110_ecs-logs_red",
+                    "awslogs-region": "${var.default-region}",
+                    "awslogs-stream-prefix": "ecs"
+                }
+            }
   }
+]
+DEFINITION
 }
 
-data "aws_ami" "this" {
-  most_recent = true
-
-  filter {
-    name   = "name"
-    values = ["amzn2-ami-ecs-*"] # ECS optimized image
+resource "aws_ecs_service" "this" {
+  name                    = "110_ecs-service_red"
+  cluster                 = aws_ecs_cluster.this.id
+  task_definition         = aws_ecs_task_definition.this.arn
+  enable_ecs_managed_tags = true
+  enable_execute_command  = true
+  desired_count           = 1
+  launch_type             = "FARGATE"
+  platform_version        = "LATEST"
+  volume_configuration {
+    name = local.volume_name
+    managed_ebs_volume {
+      role_arn         = aws_iam_role.ecs_volume_role.arn
+      encrypted        = true
+      volume_type      = "gp3"
+      size_in_gb       = 1
+      file_system_type = "ext4"
+      tag_specifications {
+        resource_type  = "volume"
+        propagate_tags = "TASK_DEFINITION"
+      }
+    }
   }
-
-  filter {
-    name   = "virtualization-type"
-    values = ["hvm"]
+  network_configuration {
+    security_groups  = [data.aws_security_group.this.id]
+    subnets          = data.aws_subnets.this.ids
+    assign_public_ip = true
   }
-
-  owners = [
-    "amazon"
-  ]
+  depends_on = [aws_iam_role_policy_attachment.this1, aws_iam_role_policy_attachment.this2, aws_iam_role_policy_attachment.this3]
 }
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/iam.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/iam.tf
new file mode 100644
index 000000000..cbafc3e73
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/iam.tf
@@ -0,0 +1,75 @@
+resource "aws_iam_role" "this" {
+  name                 = "110_iam-role_red"
+  assume_role_policy   = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ecs-tasks.amazonaws.com"
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_policy" "this" {
+  name = "110_iam-policy_red"
+
+  policy = <<EOF
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "logs:CreateLogStream",
+        "logs:PutLogEvents",
+        "logs:DescribeLogStreams"
+      ],
+      "Resource": "${aws_cloudwatch_log_group.this.arn}/*"
+    }
+  ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this1" {
+  role       = aws_iam_role.this.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
+}
+
+resource "aws_iam_role_policy_attachment" "this2" {
+  role       = aws_iam_role.this.name
+  policy_arn = aws_iam_policy.this.arn
+}
+
+resource "aws_iam_role" "ecs_volume_role" {
+  name                 = "110_iam-role-ecs_volume_red"
+  assume_role_policy   = <<EOF
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllowAccessToECSForInfrastructureManagement", 
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "ecs.amazonaws.com" 
+            },
+            "Action": "sts:AssumeRole"
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_iam_role_policy_attachment" "this3" {
+  role       = aws_iam_role.ecs_volume_role.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonECSInfrastructureRolePolicyForVolumes"
+}
+
+data "aws_caller_identity" "this" {}
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/variables.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/variables.tf
index 09e482677..6160674ea 100644
--- a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/variables.tf
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/variables.tf
@@ -6,4 +6,9 @@ variable "default-region" {
 variable "profile" {
   type        = string
   description = "Profile name configured before running apply"
+}
+
+locals {
+  cluster_name = "110_ecs_cluster_red"
+  volume_name  = "110_service-ebs-volume_red"
 }
\ No newline at end of file
diff --git a/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/vpc.tf b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/vpc.tf
new file mode 100644
index 000000000..2f74753bf
--- /dev/null
+++ b/terraform/ecc-aws-110-ecs_cluster_at_rest_encryption/red/vpc.tf
@@ -0,0 +1,35 @@
+data "aws_vpc" "default" {
+  default = true
+}
+
+data "aws_availability_zones" "this" {
+  state            = "available"
+  exclude_zone_ids = ["use1-az3"]
+}
+
+data "aws_subnets" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+  filter {
+    name   = "availability-zone"
+    values = data.aws_availability_zones.this.names
+  }
+  filter {
+    name   = "map-public-ip-on-launch"
+    values = ["true"]
+  }
+}
+
+data "aws_security_group" "this" {
+  filter {
+    name   = "vpc-id"
+    values = [data.aws_vpc.default.id]
+  }
+
+  filter {
+    name   = "group-name"
+    values = ["default"]
+  }
+}
diff --git a/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.DescribeClusters_1.json b/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.DescribeClusters_1.json
new file mode 100644
index 000000000..69d537b6f
--- /dev/null
+++ b/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.DescribeClusters_1.json
@@ -0,0 +1,43 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusters": [
+            {
+                "clusterArn": "arn:aws:ecs:us-east-1:644160558196:cluster/110_ecs_cluster_green2",
+                "clusterName": "110_ecs_cluster_green2",
+                "configuration": {
+                    "managedStorageConfiguration": {
+                        "kmsKeyId": "c40f-49f8-9efd",
+                        "fargateEphemeralStorageKmsKeyId": "arn:aws:kms:us-east-1:644160558196:key/f43b-410d-937f"
+                    }
+                },
+                "status": "ACTIVE",
+                "registeredContainerInstancesCount": 0,
+                "runningTasksCount": 1,
+                "pendingTasksCount": 0,
+                "activeServicesCount": 1,
+                "statistics": [],
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "value": "ecc-aws-110-ecs_cluster_at_rest_encryption"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Green2"
+                    }
+                ],
+                "settings": [
+                    {
+                        "name": "containerInsights",
+                        "value": "disabled"
+                    }
+                ],
+                "capacityProviders": [],
+                "defaultCapacityProviderStrategy": []
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.ListClusters_1.json b/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.ListClusters_1.json
similarity index 88%
rename from non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.ListClusters_1.json
rename to tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.ListClusters_1.json
index 8a85c2d81..00bcb057d 100644
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.ListClusters_1.json
+++ b/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-green/ecs.ListClusters_1.json
@@ -1,9 +1,9 @@
-{
-    "status_code": 200,
-    "data": {
-        "clusterArns": [
-            "arn:aws:ecs:us-east-1:644160558196:cluster/110_ecs_cluster_green"
-        ],
-        "ResponseMetadata": {}
-    }
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:644160558196:cluster/110_ecs_cluster_green2"
+        ],
+        "ResponseMetadata": {}
+    }
 }
\ No newline at end of file
diff --git a/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.DescribeClusters_1.json b/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.DescribeClusters_1.json
new file mode 100644
index 000000000..1227bdaa5
--- /dev/null
+++ b/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.DescribeClusters_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "clusters": [
+            {
+                "clusterArn": "arn:aws:ecs:us-east-1:644160558196:cluster/110_ecs_cluster_red",
+                "clusterName": "110_ecs_cluster_red",
+                "configuration": {
+                    "managedStorageConfiguration": {
+                        "kmsKeyId": "c40f-49f8-9efd"
+                    }
+                },
+                "status": "ACTIVE",
+                "registeredContainerInstancesCount": 0,
+                "runningTasksCount": 1,
+                "pendingTasksCount": 0,
+                "activeServicesCount": 1,
+                "statistics": [],
+                "tags": [
+                    {
+                        "key": "CustodianRule",
+                        "value": "ecc-aws-110-ecs_cluster_at_rest_encryption"
+                    },
+                    {
+                        "key": "ComplianceStatus",
+                        "value": "Red"
+                    }
+                ],
+                "settings": [
+                    {
+                        "name": "containerInsights",
+                        "value": "disabled"
+                    }
+                ],
+                "capacityProviders": [],
+                "defaultCapacityProviderStrategy": []
+            }
+        ],
+        "failures": [],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.ListClusters_1.json b/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.ListClusters_1.json
similarity index 95%
rename from non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.ListClusters_1.json
rename to tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.ListClusters_1.json
index 1287dd18c..619d865de 100644
--- a/non-compatible/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.ListClusters_1.json
+++ b/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/placebo-red/ecs.ListClusters_1.json
@@ -1,9 +1,9 @@
-{
-    "status_code": 200,
-    "data": {
-        "clusterArns": [
-            "arn:aws:ecs:us-east-1:644160558196:cluster/110_ecs_cluster_red"
-        ],
-        "ResponseMetadata": {}
-    }
+{
+    "status_code": 200,
+    "data": {
+        "clusterArns": [
+            "arn:aws:ecs:us-east-1:644160558196:cluster/110_ecs_cluster_red"
+        ],
+        "ResponseMetadata": {}
+    }
 }
\ No newline at end of file
diff --git a/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/red_policy_test.py b/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/red_policy_test.py
new file mode 100644
index 000000000..5e772a9b3
--- /dev/null
+++ b/tests/ecc-aws-110-ecs_cluster_at_rest_encryption/red_policy_test.py
@@ -0,0 +1,7 @@
+class PolicyTest(object):
+
+    def test_resources_with_client(self, base_test, resources, local_session):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertIn("kmsKeyId", resources[0]["configuration"]["managedStorageConfiguration"])
+        base_test.assertIsNotNone("kmsKeyId", resources[0]["configuration"]["managedStorageConfiguration"])
+        base_test.assertNotIn("fargateEphemeralStorageKmsKeyId", resources[0]["configuration"]["managedStorageConfiguration"])
\ No newline at end of file