Control: 2 EKS clusters should run on a supported Kubernetes version
Description
This control checks whether an Amazon EKS cluster is running on a supported Kubernetes version. The control fails if the EKS cluster is running on an unsupported version.
If your application doesn't require a specific version of Kubernetes, we recommend that you use the latest available Kubernetes version that's supported by EKS for your clusters. For more information about supported Kubernetes versions for Amazon EKS, see Amazon EKS Kubernetes release calendar and Amazon EKS version support and FAQ/para> in the Amazon EKS User Guide.
Remediation
To update an EKS cluster, Updating an Amazon EKS cluster Kubernetes version/para> in the Amazon EKS User Guide.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_eks_2Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_eks_2 --shareSQL
This control uses a named query:
select  arn as resource,  case    -- eks:oldestVersionSupported (Current oldest supported version is 1.19)    when (version)::decimal >= 1.19 then 'ok'    else 'alarm'  end as status,  case    when (version)::decimal >= 1.19 then title || ' runs on a supported kubernetes version.'    else title || ' does not run on a supported kubernetes version.'  end as reason    , region, account_idfrom  aws_eks_cluster;