AWS Misconfigurations
Kubernetes Audit
AWS Misconfigurations
Kubernetes Audit
Checks performed
- ECR Repository Tag Should Be Immutable
- Endpoints Should Not Be Publicly Accessible
- ECS Tasks Should Have Network Mode Set To AWSVPC
- ECS Container Insights Should Be Enabled
- ECS Tasks Should Be Configured To Run As Non-Privileged
- ECS Should Have Readonly Access For Containers
- Secrets in Container Environment Variables
- ECS Task Definition Log Configuration Should Be Enabled
- ECS Task Definitions Has Memory Limit Set
- ECS Tasks Should Not Have Root As User
- ECS Tasks Should Not Have PidMode As Host
- ECS Tasks With Network Mode Host Should Have Limited Permissions
- EFS Access Point Should Enforce Root Directory
- EFS Access Points User Identity Should Be Enforced
- EKS Clusters Encryption Of Secrets Should Be Enabled
- Latest ECS Fargate Platform Version Should Be Set
- ECR Image Repositories Should Have A Lifecycle Policy Attached
- ECR Repositories Should Be Private
- Image Vulnerability Scanning Should Be Enabled For Amazon ECR
- EKS Clusters Should Have High Availability
- EKS Clusters Should Have Logging Enabled
- EKS Clusters Should Use The Latest Stable Version of Kubernetes
- EKS Cluster Should Allow Inbound Traffic only from Port 443(HTTPS)