AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
EKS Clusters Should Have Logging Enabled
More Info:
EKS clusters should have their control plane logs enabled and publish their API, audit, controller manager, scheduler or authenticator logs to AWS CloudWatch.
Risk Level
Low
Address
Security, Reliability
Compliance Standards
HITRUST, SOC2, NISTCSF, PCIDSS
Triage and Remediation
Remediation
To remediate the issue of EKS clusters not having logging enabled in AWS using the AWS console, please follow the below steps:
- Log in to the AWS Management Console.
- Navigate to the Amazon EKS console.
- Select the EKS cluster that you want to enable logging for.
- Click on the “Configuration” tab.
- Under the “Logging” section, click on the “Edit” button.
- Select the “Enable logging” checkbox.
- Choose the “Create a new S3 bucket” option or select an existing S3 bucket from the dropdown menu.
- Enter a unique name for the S3 bucket.
- Click on the “Save” button to save the changes.
Once the above steps are completed, the EKS cluster will have logging enabled, and logs will be stored in the specified S3 bucket.
To remediate the misconfiguration “EKS Clusters Should Have Logging Enabled” for AWS using AWS CLI, follow the below steps:
-
Open the AWS CLI on your local machine.
-
Check the current status of logging for your EKS cluster by running the following command:
aws eks describe-cluster --name <cluster_name> --query "cluster.logging"This command will return the current logging status of your EKS cluster.
-
If the logging is not enabled, run the following command to update the logging status:
aws eks update-cluster-config --name <cluster_name> --logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'This command will enable logging for your EKS cluster.
-
Verify that the logging is enabled by running the following command again:
aws eks describe-cluster --name <cluster_name> --query "cluster.logging"This command should return the updated logging status of your EKS cluster.
By following these steps, you can remediate the misconfiguration “EKS Clusters Should Have Logging Enabled” for AWS using AWS CLI.
To remediate the misconfiguration of EKS clusters not having logging enabled, you can use the following steps in Python:
- First, you need to import the necessary libraries for AWS SDK for Python (Boto3) and EKS service:
import boto3
from botocore.exceptions import ClientError
- Next, you need to create an AWS session and EKS client:
session = boto3.session.Session(region_name='your_region')
eks_client = session.client('eks')
- Then, you can use the
describe_clusterfunction to get the logging configuration of the EKS cluster:
response = eks_client.describe_cluster(name='your_cluster_name')
logging_enabled = response['cluster']['logging']['clusterLogging'][0]['enabled']
- If
logging_enabledisFalse, you can use theupdate_cluster_configfunction to enable logging:
if not logging_enabled:
logging_config = {
'types': ['api', 'audit', 'authenticator', 'controllerManager', 'scheduler'],
'enabled': True
}
update_config = {
'logging': logging_config
}
eks_client.update_cluster_config(name='your_cluster_name', resourcesVpcConfig=update_config)
- Finally, you can print a message to confirm that logging has been enabled:
print('Logging has been enabled for the EKS cluster.')
Note: Make sure you have the necessary permissions and credentials to access the EKS cluster and enable logging.