'Custom AWS Config rule for EKS
I'm trying to create an AWS Config custom rule to check the compliance of my clusters. For example I would like to check if they have the control plane logging enabled. I've check the AWS::EKS::Cluster documentation reference and I expected those properties to be present in the event received in my lambda, but when AWS Config executes my lambda and prints the event, it looks very different:
console.info("EVENT\n" + JSON.stringify(event, null, 2))
Print:
{
"configurationItemDiff":null,
"configurationItem":{
"relatedEvents":[
],
"relationships":[
],
"configuration":{
"Arn":"arn:aws:eks:eu-west-2:XXXXXXX:cluster/eks-cluster",
"CertificateAuthorityData":"LS0tLS1....",
"Endpoint":"https://xxxxx.gr7.eu-west-2.eks.amazonaws.com",
"Name":"eks-cluster",
"ResourcesVpcConfig":{
"SecurityGroupIds":[
"sg-0999999352ef8963b"
],
"SubnetIds":[
"subnet-08e9879878977832c",
"subnet-022c665678587c77d",
"subnet-0143345543345af8c"
]
},
"RoleArn":"arn:aws:iam::xxxxxx:role/eks-cluster-role",
"Version":"1.21",
"Tags":[
]
},
"supplementaryConfiguration":{
},
"tags":{
},
"configurationItemVersion":"1.3",
"configurationItemCaptureTime":"2022-02-15T03:04:01.223Z",
"configurationStateId":1644894241223,
"awsAccountId":"xxxxxxx",
"configurationItemStatus":"OK",
"resourceType":"AWS::EKS::Cluster",
"resourceId":"eks-cluster",
"resourceName":"eks-cluster",
"ARN":"arn:aws:eks:eu-west-2:xxxxxxxx:cluster/eks-cluster",
"awsRegion":"eu-west-2",
"availabilityZone":"Regional",
"configurationStateMd5Hash":"",
"resourceCreationTime":null
},
"notificationCreationTime":"2022-02-15T10:36:01.432Z",
"messageType":"ConfigurationItemChangeNotification",
"recordVersion":"1.3"
}
Is there any way to check those AWS::EKS::Cluster properties (KubernetesNetworkConfig, Logging...) with a custom Lambda in AWS Config?
amazon-web-servicesSources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|