iCompaas Support

Profile Applicability:

• Level 1
  
  

Description:

The --audit-log-path argument in Kubernetes specifies the file path where audit logs will be written. Audit logs capture all requests made to the Kubernetes API server, providing a record of all user and system activity. Setting this argument ensures that audit logs are stored in a defined location, enabling security monitoring, troubleshooting, and compliance auditing.

Rationale:

Enabling audit logging is crucial for tracking access to the Kubernetes API and monitoring the actions of users and service accounts within the cluster. By setting the --audit-log-path argument, you ensure that audit logs are properly stored and can be used for security investigations, compliance purposes, and debugging.

Impact:

Pros:

• Helps with compliance requirements by maintaining a detailed record of all interactions with the Kubernetes API.
  

• Provides security teams with valuable data to investigate unauthorized access or anomalous activities.
  

Cons:

• Requires disk space to store the audit logs. Improper configuration of the log rotation can lead to excessive disk usage.
  

• Audit logs could potentially contain sensitive information, so they must be protected appropriately.
  

Default Value:

The default value is not set by default, which means audit logging may not be enabled unless explicitly configured.

Pre-requisites:

• Proper storage location should be defined for audit logs.
  

• Adequate access control and retention policies should be in place to protect audit logs.
  

Test Plan:

Using AWS Console:

1. Sign in to the AWS Management Console.
   

2. Navigate to your EKS Cluster.
   

3. Go to the API server configuration and check the --audit-log-path argument to ensure that a valid file path is specified for audit log storage.
   

Using AWS CLI:

Run the following AWS CLI command to describe your EKS cluster's configuration:

aws eks describe-cluster --name <cluster-name> --query "cluster.config"

1. Ensure that the --audit-log-path argument is set to a valid file path for audit log storage.
   

Implementation Plan

Using AWS Console:

1. Navigate to the EKS cluster in the AWS Console.
   

2. Under the Cluster Configuration section, modify the API server's settings.
   

3. Set the --audit-log-path argument to a valid file path where audit logs will be stored.
   

4. Save the configuration and apply the changes.
   

Update the --audit-log-path argument to a valid path:

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --audit-log-path <path-to-audit-log>

Backout Plan

Using AWS Console:

1. Navigate to the EKS cluster's API server configuration.
   

2. If necessary, remove or modify the --audit-log-path argument based on your logging preferences.
   

3. Save the configuration and redeploy the cluster.
   

Using AWS CLI:

If issues occur, revert the change using

aws eks update-cluster-config --name <cluster-name> --kubernetes-version <kubernetes-version> --audit-log-path <previous-log-path>

References:

• Kubernetes API Server Command-Line Flags
  EKS Cluster Management