🚀Launch Week 07, January 27th - 31st, 2025🚀
Powerpipe Hub 
Hub
Mods
turbot/steampipe-mod-aws-compliance
Overview
32Dashboards
1295Benchmarks
585Queries
4Variables
GitHub

Control: 2 EKS clusters should run on a supported Kubernetes version

Description

This control checks whether an Amazon EKS cluster is running on a supported Kubernetes version. The control fails if the EKS cluster is running on an unsupported version.

If your application doesn't require a specific version of Kubernetes, we recommend that you use the latest available Kubernetes version that's supported by EKS for your clusters. For more information about supported Kubernetes versions for Amazon EKS, see Amazon EKS Kubernetes release calendar and Amazon EKS version support and FAQ/para> in the Amazon EKS User Guide.

Remediation

To update an EKS cluster, Updating an Amazon EKS cluster Kubernetes version/para> in the Amazon EKS User Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_eks_2

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_eks_2 --share

SQL

This control uses a named query:

select
  arn as resource,
  case
    -- eks:oldestVersionSupported (Current oldest supported version is 1.19)
    when (version)::decimal >= 1.19 then 'ok'
    else 'alarm'
  end as status,
  case
    when (version)::decimal >= 1.19 then title || ' runs on a supported kubernetes version.'
    else title || ' does not run on a supported kubernetes version.'
  end as reason
  
  , region, account_id
from
  aws_eks_cluster;

Tags

aws_foundational_security = true
category = Compliance
foundational_security_category = vulnerability_patch_and_version_management
foundational_security_item_id = eks_2
plugin = aws
service = AWS/EKS