EKS Clusters Should Have Logging Enabled

More Info:

EKS clusters should have their control plane logs enabled and publish their API, audit, controller manager, scheduler or authenticator logs to AWS CloudWatch.

Risk Level

Low

Address

Security, Reliability

Compliance Standards

HITRUST, SOC2, NISTCSF, PCIDSS

Triage and Remediation

Remediation

Using Console

Using CLI

To remediate the misconfiguration “EKS Clusters Should Have Logging Enabled” for AWS using AWS CLI, follow the below steps:

Open the AWS CLI on your local machine.
Check the current status of logging for your EKS cluster by running the following command:
```
aws eks describe-cluster --name <cluster_name> --query "cluster.logging"
```
This command will return the current logging status of your EKS cluster.

If the logging is not enabled, run the following command to update the logging status:

aws eks update-cluster-config --name <cluster_name> --logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'

This command will enable logging for your EKS cluster.

Verify that the logging is enabled by running the following command again:
```
aws eks describe-cluster --name <cluster_name> --query "cluster.logging"
```
This command should return the updated logging status of your EKS cluster.

By following these steps, you can remediate the misconfiguration “EKS Clusters Should Have Logging Enabled” for AWS using AWS CLI.

Using Python

To remediate the misconfiguration of EKS clusters not having logging enabled, you can use the following steps in Python:

First, you need to import the necessary libraries for AWS SDK for Python (Boto3) and EKS service:

import boto3
from botocore.exceptions import ClientError

Next, you need to create an AWS session and EKS client:

session = boto3.session.Session(region_name='your_region')
eks_client = session.client('eks')

Then, you can use the describe_cluster function to get the logging configuration of the EKS cluster:

response = eks_client.describe_cluster(name='your_cluster_name')
logging_enabled = response['cluster']['logging']['clusterLogging'][0]['enabled']

If logging_enabled is False, you can use the update_cluster_config function to enable logging:

if not logging_enabled:
    logging_config = {
        'types': ['api', 'audit', 'authenticator', 'controllerManager', 'scheduler'],
        'enabled': True
    }
    update_config = {
        'logging': logging_config
    }
    eks_client.update_cluster_config(name='your_cluster_name', resourcesVpcConfig=update_config)

Finally, you can print a message to confirm that logging has been enabled:

print('Logging has been enabled for the EKS cluster.')

Note: Make sure you have the necessary permissions and credentials to access the EKS cluster and enable logging.

Additional Reading:

https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

EKS Clusters Should Have Logging Enabled

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading:

AWS Introduction

AWS Pricing

AWS Threats

AWS Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation

​Remediation

​Additional Reading:

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Additional Reading: