iCompaas Support

Profile Applicability:

• Level 1
  
  

Description:

The --audit-log-maxage argument specifies the maximum number of days to retain audit logs before they are deleted. Setting this argument to a value such as 30 ensures that audit logs are retained for a reasonable period, complying with security and compliance requirements while preventing excessive accumulation of old logs that could consume storage.

Rationale:

Limiting the retention of audit logs helps ensure that logs are available for investigation and compliance purposes, while also managing disk space and preventing the build-up of outdated data. A value like 30 days is typically recommended for most environments, balancing the need for log retention with storage management.

Impact:

Pros:

• Helps manage disk space by automatically deleting old audit logs.
  

• Ensures that logs are retained for a sufficient period for troubleshooting, compliance audits, and security investigations.
  

Cons:

• If the retention period is too short, audit logs may not be available for longer-term investigations or compliance reporting.
  

• Requires careful management of log rotation to avoid accidental log loss before the retention period ends.
  

Default Value:

The default value is typically not set, meaning there is no log retention configured by default unless explicitly defined.

Pre-requisites:

• Ensure that log rotation and storage management practices are in place to handle audit logs.
  

• Consider regulatory and organizational requirements when setting the log retention period.
  

Test Plan:

Using AWS Console:

1. Sign in to the AWS Management Console.
   

2. Navigate to your EKS Cluster.
   

3. Go to the API server configuration and check the --audit-log-maxage argument to ensure it is set to 30 or another appropriate value based on your retention policy.
   

Using AWS CLI:

Run the following AWS CLI command to describe your EKS cluster's configuration:

aws eks describe-cluster --name <cluster-name> --query "cluster.config"

1. Ensure that the --audit-log-maxage argument is set to 30 or an appropriate value in the configuration.
   

Implementation Plan:

Using AWS Console:

1. Navigate to the EKS cluster in the AWS Console.
   

2. Under the Cluster Configuration section, modify the API server's settings.
   

3. Set the --audit-log-maxage argument to 30 or another appropriate value based on your retention policy.
   

4. Save the configuration and apply the changes.
   

Using AWS CLI:

Update the --audit-log-maxage argument to 30 or an appropriate value:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --audit-log-maxage 30

Backout Plan

Using AWS Console:

1. Navigate to the EKS cluster's API server configuration.
   

2. If necessary, revert the --audit-log-maxage argument to a previous retention period.
   

3. Save the configuration and redeploy the cluster.
   

Using AWS CLI:

If issues occur, revert the change using:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --audit-log-maxage <previous-maxage-value>

References:

• EKS Cluster Management