Triage and Remediation
Remediation
Using Console
Using Console
To remediate the issue of EKS clusters not having logging enabled in AWS using the AWS console, please follow the below steps:
- Log in to the AWS Management Console.
- Navigate to the Amazon EKS console.
- Select the EKS cluster that you want to enable logging for.
- Click on the “Configuration” tab.
- Under the “Logging” section, click on the “Edit” button.
- Select the “Enable logging” checkbox.
- Choose the “Create a new S3 bucket” option or select an existing S3 bucket from the dropdown menu.
- Enter a unique name for the S3 bucket.
- Click on the “Save” button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration “EKS Clusters Should Have Logging Enabled” for AWS using AWS CLI, follow the below steps:
- Open the AWS CLI on your local machine.
-
Check the current status of logging for your EKS cluster by running the following command:
This command will return the current logging status of your EKS cluster.
-
If the logging is not enabled, run the following command to update the logging status:
This command will enable logging for your EKS cluster.
-
Verify that the logging is enabled by running the following command again:
This command should return the updated logging status of your EKS cluster.
Using Python
Using Python
To remediate the misconfiguration of EKS clusters not having logging enabled, you can use the following steps in Python:Note: Make sure you have the necessary permissions and credentials to access the EKS cluster and enable logging.
- First, you need to import the necessary libraries for AWS SDK for Python (Boto3) and EKS service:
- Next, you need to create an AWS session and EKS client:
- Then, you can use the
describe_clusterfunction to get the logging configuration of the EKS cluster:
- If
logging_enabledisFalse, you can use theupdate_cluster_configfunction to enable logging:
- Finally, you can print a message to confirm that logging has been enabled: