MEDIUM
Source
Trivy/CSPM
CSPM ID
eks-logging-enabled
ID
AVD-AWS-0038

EKS Clusters should have cluster control plane logging turned on

By default cluster control plane logging is not turned on. Logging is available for audit, api, authenticator, controllerManager and scheduler. All logging should be turned on for cluster control plane.

Impact

Logging provides valuable information about access and usage

Follow the appropriate remediation steps below to resolve the issue.

Enable logging for the EKS control plane

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
resource "aws_eks_cluster" "good_example" {
  encryption_config {
    resources = [ "secrets" ]
    provider {
      key_arn = var.kms_arn
    }
  }
  
  enabled_cluster_log_types = ["api", "authenticator", "audit", "scheduler", "controllerManager"]
  
  name = "good_example_cluster"
  role_arn = var.cluster_arn
  vpc_config {
    endpoint_public_access = false
  }
}