EKS clusters should have audit logs enabled

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

This control checks if an Amazon EKS cluster has audit logging enabled. It fails if the audit logging is not activated for the cluster. EKS control plane logging sends audit and diagnostic logs directly from the EKS control plane to Amazon CloudWatch Logs in your account. You can choose specific log types, and logs will be sent as log streams to a group for each EKS cluster within CloudWatch. Logging offers insight into the access and performance of EKS clusters. By routing EKS control plane logs for your clusters to CloudWatch Logs, you can centrally record operations for auditing and diagnostic purposes.

Remediation

To enable audit logs for your EKS cluster, see Enabling and disabling control plane logs in the Amazon EKS User Guide.

PREVIEWING: rtrieu/product-analytics-ui-changes