Ensure that your Amazon Elastic Kubernetes Service (EKS) clusters have control plane logs enabled in order to publish API, audit, controller manager, scheduler or authenticator logs to AWS CloudWatch Logs. Amazon EKS control plane logging feature supports the following log types (each log type corresponds to a component within the Kubernetes control plane):
API server logs – these logs refer to the API requests made to your Amazon EKS cluster.
Audit logs – Kubernetes audit logs provide a record of the individual users, administrators, or system components that have interacted with your cluster via the Kubernetes API.
Authenticator logs – authenticator logs are unique to AWS EKS service. These logs to refer to authentication requests performed to the EKS cluster.
Controller manager logs – these logs contain information about the controller manager that handles the core control loopsthat are shipped with Kubernetes.
Scheduler logs – scheduler logs record when and where Kubernetes pods are running within your cluster.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Once EKS Control Plane Logging feature is enabled, Amazon EKS sends audit and diagnostic logs directly to AWS CloudWatch Logs. These logs can help you to secure and efficiently run your EKS clusters. You can select the exact log types you need, and the logging data is sent as log streams to the AWS CloudWatch log group created for the specified Amazon EKS cluster.
To determine if control plane logging is enabled for your AWS EKS clusters in order to publish API, audit, controller manager, scheduler or authenticator logs to Amazon CloudWatch, perform the following actions:
Remediation / Resolution
To enable EKS control plane logging for your Amazon Elastic Kubernetes Service (EKS) clusters, perform the following instructions:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Kubernetes Cluster Logging
Risk level: Low