Risk Level: Medium
Description:
This plugin guarantees that all logs from EKS clusters are forwarded to CloudWatch. EKS may provide cluster event and audit logs, as well as control plane logs, to CloudWatch. For security analysis, all logs should be transmitted to CloudWatch.
About the Service :
Amazon Elastic Kubernetes Service (Amazon EKS) is a managed container service for running and scaling Kubernetes applications in the cloud or on-premises. With Amazon EKS, you can take advantage of all the performance, scale, reliability, and availability of AWS infrastructure, as well as integrations with AWS networking and security services.
Impact :
Disabled logs make the EKS cluster insecure and hinder the efficient running of your EKS cluster.
Steps to reproduce :
- Log In to your AWS Console.
- Open the Amazon EKS console. You can use this link (https://console.aws.amazon.com/eks) to navigate directly if already logged in.
- From the list of clusters available, click on the Cluster name of the cluster you wish to investigate.
- Move to the Logging tab of the cluster configuration page.
- Check if the log types are enabled or not.
- We can see that all the log types are disabled, this suggests that the EKS logging are disabled.
- Repeat the same steps for other clusters as well.
Steps for remediation :
- Log In to your AWS Console.
- Open the Amazon EKS console. You can use this link (https://console.aws.amazon.com/eks) to navigate directly if already logged in.
- From the list of clusters available, click on the Cluster name of the cluster you wish to investigate.
- Move to the Logging tab of the cluster configuration page.
- Check if the log types are enabled or not.
- We can see that all the log types are disabled, this suggests that the EKS logging are disabled.
- We will click on the Manage logging button and enable the logging type that we want to and click Update to save the settings.
- Repeat the same steps for other clusters as well.
References: