Ensure Audit Logging is Enabled
An XCCDF Rule
Description
The audit logs are part of the EKS managed Kubernetes control plane logs that are managed by Amazon EKS. Amazon EKS is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service in Amazon EKS. CloudTrail captures all API calls for Amazon EKS as events. The calls captured include calls from the Amazon EKS console and code calls to the Amazon EKS API operations.
Rationale
Exporting logs and metrics to a dedicated, persistent datastore such as CloudTrail ensures availability of audit data following a cluster security event, and provides a central location for analysis of log and metric data collated from multiple sources.
- ID
- xccdf_org.ssgproject.content_rule_audit_logging
- Severity
- Unknown
- References
- Updated