Detections
Analytics

Ensure control plane logging is enabled for all log types for AWS Elastic Kubernetes Service (EKS) clusters

MEDIUM

Description

AWS EKS clusters have control plane logging disabled for all log types which allows detection of anomalous configuration activity by your customer.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and go to the Amazon EKS console.
  2. Select the cluster you want.
  3. Select the Configuration tab.
  4. Under Logging, choose Manage logging.
  5. Select control plane logging and set it as 'Enabled'.
  6. Click Save.

In Terraform -

  1. In the aws_eks_cluster resource, configure the enabled_cluster_log_types list with api and/or audit.

References:
https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/eks_cluster#enabled_cluster_log_types

Policy Details

Rule Reference ID: AC_AWS_0100
CSP: AWS
Remediation Available: Yes
Domain: Logging and Monitoring
Resource: aws_eks_cluster
Resource Category: Compute
Resource Type: Elastic Kubernetes Service (EKS)

Frameworks