v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/aws_compliance
Overview
32Dashboards
1295Controls
585Queries
4Variables
GitHub

Control: 2 EKS clusters should run on a supported Kubernetes version

Description

This control checks whether an Amazon EKS cluster is running on a supported Kubernetes version. The control fails if the EKS cluster is running on an unsupported version.

If your application doesn't require a specific version of Kubernetes, we recommend that you use the latest available Kubernetes version that's supported by EKS for your clusters. For more information about supported Kubernetes versions for Amazon EKS, see Amazon EKS Kubernetes release calendar and Amazon EKS version support and FAQ/para> in the Amazon EKS User Guide.

Remediation

To update an EKS cluster, Updating an Amazon EKS cluster Kubernetes version/para> in the Amazon EKS User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_eks_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_eks_2 --share

SQL

This control uses a named query:

eks_cluster_with_latest_kubernetes_version

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = vulnerability_patch_and_version_management
foundational_security_item_id = eks_2
plugin = aws
service = AWS/EKS