Ensure that AWS EKS Cluster control plane logging is enabled

Risk Level: Low
Cloud Entity: EKS Cluster
CloudGuard Rule ID: D9.AWS.LOG.18
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

EksCluster should have logging.clusterLogging with [ enabled=true ]

REMEDIATION

From Portal

Log in to the AWS Management Console at https://console.aws.amazon.com/.
Open the Amazon EKS console.
To display your cluster information, select the cluster's name.
Navigate to Logging and click Update.
For each individual log stream, select if the log type should be Enabled.
Click Update.

From TF

resource "aws_eks_cluster" "example" {
	name_prefix= example_name
	role_arn = aws_iam_role_arn
	vpc_config {
		endpoint_public_access = false
		subnet_ids = var.subnet_ids
	}
	
	tags = {
		pike="permissions"
	}
	encryption_config {
		resources = ["secrets"]
	}
	+  enabled_cluster_log_types = ["api", "audit", "authenticator","controllerManager","scheduler"]
}

From Command Line
Use following command to enable control plane logs with the AWS CLI

aws eks update-cluster-config --region REGION_NAME --name CLUSTER_NAME --logging CLUSTER_LOGGING_TYPE

Note: --logging parameter defines the type of logging enabled for that cluster. For more info, follow the References
section.

References

EKS Cluster

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes.

Compliance Frameworks

AWS CloudGuard Best Practices
AWS CloudGuard SOC2 based on AICPA TSC 2017
AWS HITRUST
AWS HITRUST v11.0.0
AWS ISO27001:2022
AWS ITSG-33
AWS MITRE ATT&CK Framework v10
AWS MITRE ATT&CK Framework v11.3
AWS NIST 800-53 Rev 5
CloudGuard AWS All Rules Ruleset

Updated 7 months ago