Benchmark: EKS
Description
This section contains recommendations for configuring EKS resources.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-aws-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select EKS.
Run this benchmark in your terminal:
powerpipe benchmark run aws_compliance.benchmark.all_controls_eksSnapshot and share results via Turbot Pipes:
powerpipe benchmark run aws_compliance.benchmark.all_controls_eks --shareControls
- EKS clusters should have control plane audit logging enabled
- EKS clusters endpoint public access should be restricted
- EKS clusters endpoint should restrict public access
- EKS clusters should not be configured within a default VPC
- EKS clusters should not use multiple security groups
- EKS clusters should be configured to have kubernetes secrets encrypted using KMS
- EKS clusters should run on a supported Kubernetes version