-
Notifications
You must be signed in to change notification settings - Fork 1.2k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
added eks-1.0 cfg and modified job-eks.yaml for node checks (#639)
* added eks-1.0 cfg and modified job-eks.yaml for node checks * fixed yamllint errors and README updates
- Loading branch information
1 parent
3e6a41a
commit 20ec5d1
Showing
8 changed files
with
754 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
--- | ||
## Version-specific settings that override the values in cfg/config.yaml |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
--- | ||
controls: | ||
version: "eks-1.0" | ||
id: 2 | ||
text: "Control Plane Configuration" | ||
type: "controlplane" | ||
groups: | ||
- id: 2.1 | ||
text: "Logging" | ||
checks: | ||
- id: 2.1.1 | ||
text: "Enable audit logs" | ||
remediation: "Enable control plane logging for API Server, Audit, Authenticator, Controller Manager, and Scheduler." | ||
scored: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,104 @@ | ||
--- | ||
controls: | ||
version: "eks-1.0" | ||
id: 5 | ||
text: "Managed Services" | ||
type: "managedservices" | ||
groups: | ||
- id: 5.1 | ||
text: "Image Registry and Image Scanning" | ||
checks: | ||
- id: 5.1.1 | ||
text: "Ensure Image Vulnerability Scanning using Amazon ECR image scanning or a third-party provider (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
- id: 5.1.2 | ||
text: "Minimize user access to Amazon ECR (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
- id: 5.1.3 | ||
text: "Minimize cluster access to read-only for Amazon ECR (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
- id: 5.1.4 | ||
text: "Minimize Container Registries to only those approved (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
- id: 5.2 | ||
text: "Identity and Access Management (IAM)" | ||
checks: | ||
- id: 5.2.1 | ||
text: "Prefer using dedicated Amazon EKS Service Accounts (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
- id: 5.3 | ||
text: "AWS Key Management Service (AWS KMS)" | ||
checks: | ||
- id: 5.3.1 | ||
text: "Ensure Kubernetes Secrets are encrypted using Customer Master Keys (CMKs) managed in AWS KMS (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
- id: 5.4 | ||
text: "Cluster Networking" | ||
checks: | ||
- id: 5.4.1 | ||
text: "Restrict Access to the Control Plane Endpoint (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
- id: 5.4.2 | ||
text: "Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
- id: 5.4.3 | ||
text: "Ensure clusters are created with Private Nodes (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
- id: 5.4.4 | ||
text: "Ensure Network Policy is Enabled and set as appropriate (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
- id: 5.4.5 | ||
text: "Encrypt traffic to HTTPS load balancers with TLS certificates (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
|
||
- id: 5.5 | ||
text: "Authentication and Authorization" | ||
checks: | ||
- id: 5.5.1 | ||
text: "Manage Kubernetes RBAC users with AWS IAM Authenticator for Kubernetes (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false | ||
|
||
|
||
- id: 5.6 | ||
text: "Other Cluster Configurations" | ||
checks: | ||
- id: 5.6.1 | ||
text: "Consider Fargate for running untrusted workloads (Not Scored)" | ||
type: "manual" | ||
remediation: | ||
scored: false |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
--- | ||
controls: | ||
version: "eks-1.0" | ||
id: 1 | ||
text: "Control Plane Components" | ||
type: "master" |
Oops, something went wrong.