Cis benchmark for aws eks8/17/2023 ![]() The JSON results output file can be loaded into heimdall-lite for a user-interactive, graphical view of the InSpec results. Using Heimdall for Viewing the JSON Results Sudo inspec exec -input-file -reporter cli json:cluster-results.json Inspec archive eks-cis-cluster-baseline -overwrite You can test if the runner host has access to the Kubernetes API by running kubectl from the command line: See the Kubernetes documentation for kubeconfig for details. For the profile to use the Kubernetes API, the runner host must either have a valid kubeconfig file either in the default location ($HOME/.kube/config) or have designated a file as the kubeconfig file using the $KUBECONFIG environment variable. The runner host must have kubectl installed - see the Kubernetes documentation for tools for details.Ī host's connection to the Kubernetes API is established using credentials recorded in the kubeconfig file. ![]() The profile makes use of the kubectl utility to access the Kubernetes API. The profile assumes that the runner is authenticated as an AWS role permitted to run the kubectl utility against the cluster and run queries using the aws eks CLI command. This profile is executed against an AWS EKS cluster via the Kubernetes API and the AWS CLI. Latest versions and installation options are available at the InSpec site. The runner host must have InSpec installed.įor the best security of the runner, always install on the runner the latest version of InSpec and supporting Ruby language components. This profile should be executed from a runner host with network access to the EKS cluster under test. This profile handles only the cluster tests, and is intended to be run alongside the EKS CIS Node Baseline profile. The baseline includes tests that must be executed against the Kubernetes API and tests that must be executed against the underlying nodes over SSH. InSpec profile to validate the secure configuration of AWS EKS, against CIS's CIS Amazon Elastic Kubernetes Service (EKS) Benchmark version 1.0.1 (Cluster requirements).
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |