Description:
Amazon Elastic Kubernetes Service (EKS) control plane audit logging enables you to collect logs of all control plane API requests and events. This includes requests made by users, administrators, and system components. Audit logs can be used to troubleshoot issues, investigate security incidents, and comply with regulatory requirements.
Rationale:
Audit logging is an important security measure for EKS clusters. It can help you to:
- Identify unauthorized access to the control plane
- Track changes to cluster configuration
- Investigate security incidents
- Comply with regulatory requirements
Impact:
Enabling audit logging for all log types will give you the most comprehensive view of activity on the EKS control plane. This can help you to improve security and compliance, and to troubleshoot issues more effectively.
Default Value:
By default, audit logging is disabled for all log types in EKS clusters.
Pre-Requisite:
To follow this policy, you will need to have access to the AWS Management Console or the AWS CLI. You will also need to know the ID of the EKS cluster that you want to update.
Remediation Steps:
To remediate this issue, you can follow these steps:
- In the AWS Management Console, go to the EKS page.
- Select the cluster that you want to update.
- Click the Logging tab.
- For each log type, select Enabled.
- Click Save.
Test Plan:
To test that the policy has been implemented correctly, you can use the following steps:
- Check the EKS control plane logs to see if they are being generated for all log types.
- Verify that the logs contain information about API requests and events.
Implementation Plan:
The following are the steps on how to implement this policy:
- Identify the EKS clusters that do not have audit logging enabled for all log types.
- Enable audit logging for all log types in the EKS clusters.
- Test that the policy has been implemented correctly.
AWS CLI Process:
To enable audit logging for all log types in an EKS cluster using the AWS CLI, you can use the following command:
aws eks update-cluster-logging --cluster-name my-cluster --enable-audit-logs --all-log-types
Using AWS GUI:
To enable audit logging for all log types in an EKS cluster using the AWS GUI, you can follow these steps:
- Go to the AWS Management Console.
- Click on the EKS service.
- Click on the Clusters tab.
- Select the cluster that you want to update.
- Click on the Logging tab.
- For each log type, select Enabled.
- Click on the Save button.
Backout Plan:
To revoke the changes that you made to the audit logging configuration in an EKS cluster, you can follow these steps:
- In the AWS Management Console, go to the EKS page.
- Select the cluster that you want to update.
- Click the Logging tab.
- For each log type, select Disabled.
- Click Save.
Note:
- You can also use the AWS CLI or the AWS GUI to disable audit logging for all log types in an EKS cluster.
- If you disable audit logging, you will lose the ability to collect logs of all control plane API requests and events.
Reference:
- AWS documentation on EKS control plane audit logging: https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html
Section 2:
- Tags: security, audit logging, EKS
- Keywords: control plane, logs, remediation, backout, policy