Control: EKS clusters should have control plane audit logging enabled
Description
AWS EKS clusters should have control plane audit logging enabled. These logs make it easy to secure and run clusters.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.eks_cluster_control_plane_audit_logging_enabledSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.eks_cluster_control_plane_audit_logging_enabled --shareSQL
This control uses a named query:
with control_panel_audit_logging as ( select distinct arn, log -> 'Types' as log_type from aws_eks_cluster, jsonb_array_elements(logging -> 'ClusterLogging') as log where log ->> 'Enabled' = 'true' and (log -> 'Types') @> '["api", "audit", "authenticator", "controllerManager", "scheduler"]')select c.arn as resource, case when l.arn is not null then 'ok' else 'alarm' end as status, case when l.arn is not null then c.title || ' control plane audit logging enabled for all log types.' else case when logging -> 'ClusterLogging' @> '[{"Enabled": true}]' then c.title || ' control plane audit logging not enabled for all log types.' else c.title || ' control plane audit logging not enabled.' end end as reason , c.region, c.account_idfrom aws_eks_cluster as c left join control_panel_audit_logging as l on l.arn = c.arn;