iCompaas Support

Profile Applicability:

• Level 1
  

Description:

The --audit-log-maxbackup argument specifies the maximum number of backup files to retain for audit logs. Setting this argument to a value like 10 ensures that Kubernetes maintains up to 10 backup copies of the audit logs before older backups are deleted. This helps in managing backup space while ensuring that a reasonable number of previous log backups are available for disaster recovery or compliance auditing.

Rationale:

Limiting the number of backup files ensures that Kubernetes does not accumulate excessive backups, which could consume storage. Retaining a fixed number of backups, such as 10, helps ensure that logs are available for troubleshooting or security investigations without overwhelming disk space. This is particularly important for clusters with high logging activity.

Impact:

Pros:

• Helps manage disk space by limiting the number of backup files.
  

• Ensures sufficient backup retention for audit purposes, compliance, and recovery needs.
  

Cons:

• If set too low, the number of backups may not be sufficient for future investigations or compliance audits.
  

• Mismanagement of backup rotation could result in the loss of valuable audit logs.
  

Default Value:

The default value is typically not set, meaning no backup retention is configured by default unless explicitly defined.

Pre-requisites:

• Ensure that appropriate backup retention policies are in place and comply with organizational or regulatory requirements.
  

• Ensure that log rotation is configured correctly to prevent unexpected data loss.
  

Test Plan:

Using AWS Console:

1. Sign in to the AWS Management Console.
   

2. Navigate to your EKS Cluster.
   

3. Go to the API server configuration and verify that the --audit-log-maxbackup argument is set to 10 or an appropriate value in the configuration.
   

Using AWS CLI:

Run the following AWS CLI command to describe your EKS cluster's configuration:

aws eks describe-cluster --name <cluster-name> --query "cluster.config"

1. Ensure that the --audit-log-maxbackup argument is set to 10 or an appropriate value.
   

Implementation Plan

Using AWS Console:

1. Navigate to the EKS cluster in the AWS Console.
   

2. Under the Cluster Configuration section, modify the API server's settings.
   

3. Set the --audit-log-maxbackup argument to 10 or another appropriate value.
   

4. Save the configuration and apply the changes.
   

Using AWS CLI:

Update the --audit-log-maxbackup argument to 10 or an appropriate value:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --audit-log-maxbackup 10

Backout Plan

Using AWS Console:

1. Navigate to the EKS cluster's API server configuration.
   

2. If necessary, revert the --audit-log-maxbackup argument to a previous value.
   

3. Save the configuration and redeploy the cluster.
   

Using AWS CLI:

If issues occur, revert the change using:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --audit-log-maxbackup <previous-maxbackup-value>

References:

• EKS Cluster Management