AWS Config Rule: EKS Cluster Logging

Description: Checks whether EKS Clusters have Logging Enabled.

Trigger type: Periodic

AWS Region: All supported AWS regions

Your Amazon Elastic Kubernetes Service (EKS) Clusters have 5 different components which can be logged from the Amazon EKS control plane to CloudWatch Logs. They are as follows;

• Kubernetes API server logs
• Audit logs
• Authenticator logs
• Controller Manager logs
• Scheduler logs

You can enable 1 or all five of these within your Cluster. If you have at minimum one enabled and logging, the AWS Config Rule will be marked as COMPLIANT with this regard.

To enable this for your EKS Cluster, head on over to the EKS Dashboard within your AWS Console. From here, select your desired cluster. In the Configuration tab across the top bar, you will then see a second row of tabs further down which drill down into different aspects of the cluster.

Here, you want the Logging tab. From here, you can "Manage Logging" to enable to disable any of the above logging aspects of your EKS Cluster.

Amazon EKS control plane logging provides audit and diagnostic logs directly from the Amazon EKS control plane to CloudWatch Logs in your account. To learn more about these components, see the Kubernetes documentation: Kubernetes Components.

StackZone will be able to automatically enable Control Plane Logging for your Amazon EKS Clusters by enabling this remediation. 

StackZone will enable all 5 logging aspects as shown above, as part of the auto-remediation.

To enable this in your StackZone deployment, head on over to BaseLine Services / AWS Config Rules Regional / Check for Cluster Logging and enable the remediation.

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here