Query AWS EKS Clusters
Now that you have an introduction to querying your AWS account with cnquery and have explored EC2 queries, let's dive deeper and explore EKS clusters.
We'll continue working in the cnquery shell, which makes running individual queries easy. If it's not already open, enter cnquery shell aws in your terminal. To learn about accessing your AWS account with cnquery, read Query AWS Infrastructure.
EKS resources
cnquery provides answers to any question about your EKS clusters. To discover all the resources and fields you can query, read aws.eks. You can also use the help command in the shell:
help aws.eks
In this tutorial we'll explore just a few of the possibilities.
Run simple queries on EKS clusters
This query gathers all your EKS clusters:
aws.eks.clusters
It returns each cluster's ARN and current state:
aws.eks.clusters: [
0: aws.eks.cluster arn="arn:aws:eks:us-east-1:177043759486:cluster/eks-cluster" version="1.22" status="FAILED"
1: aws.eks.cluster arn="arn:aws:eks:us-east-2:177043759486:cluster/online-shop-eks-cluster-byh8" version="1.22" status="ACTIVE"
]
For all details on a single cluster, specify the cluster's number in the output sequence and include { * }:
aws.eks.clusters[1] { * }
cnquery returns the cluster's version, logging, encryption, and more:
aws.eks.clusters[1]: {
logging: {
ClusterLogging: [
0: {
Enabled: true
Types: [
0: "api"
1: "audit"
2: "authenticator"
]
}
1: {
Enabled: false
Types: [
0: "controllerManager"
1: "scheduler"
]
}
]
}
encryptionConfig: [
0: {
Provider: {
KeyArn: "arn:aws:kms:us-east-2:177043759486:key/35f97e4d-3076-494e-bd27-9e9936c9f3ba"
}
Resources: [
0: "secrets"
]
}
]
tags: {
GitHubOrg: "lunalectric"
GitHubRepo: "online-shop"
Name: "scottford-dev-online-shop-eks-byh8"
Terraform: "true"
}
resourcesVpcConfig: {
ClusterSecurityGroupId: "sg-0ad9d888e7bfba23b"
EndpointPrivateAccess: false
EndpointPublicAccess: true
PublicAccessCidrs: [
0: "0.0.0.0/0"
]
SecurityGroupIds: [
0: "sg-0563bb225870357ef"
]
SubnetIds: [
0: "subnet-032c68d4a5e512171"
1: "subnet-0fdd8fcbf1ca3f071"
2: "subnet-0d87da610b71436de"
]
VpcId: "vpc-05905b857f7424833"
}
version: "1.22"
name: "online-shop-eks-cluster-byh8"
networkConfig: {
IpFamily: "ipv4"
ServiceIpv4Cidr: "172.20.0.0/16"
ServiceIpv6Cidr: null
}
createdAt: 2022-10-23 23:12:54.304 +0000 UTC
arn: "arn:aws:eks:us-east-2:177043759486:cluster/online-shop-eks-cluster-byh8"
region: "us-east-2"
endpoint: "https://8D2087DAD267CF9F24358D00F7553B84.gr7.us-east-2.eks.amazonaws.com"
platformVersion: "eks.6"
status: "ACTIVE"
}
Specify fields to include in results
You can request specific data by including the field names. For example, this query collects the ARN and any assigned tags for each cluster:
aws.eks.clusters { arn createdAt }
It returns a list with only the information you asked for:
aws.eks.clusters: [
0: {
arn: "arn:aws:eks:us-east-1:177043759486:cluster/eks-cluster"
createdAt: 2022-09-08 09:41:11.26 +0000 UTC
}
1: {
arn: "arn:aws:eks:us-east-2:177043759486:cluster/online-shop-eks-cluster-byh8"
createdAt: 2022-10-23 23:12:54.304 +0000 UTC
}
]
Filter results
You can filter results based on any fields. Specify the criteria using the where function and standard boolean operators.
For example, this query requests only EKS clusters created more than 60 days ago:
aws.eks.clusters.where(createdAt < time.today - 60*time.day) { arn createdAt }
It lists each cluster's ARN and creation date:
aws.eks.clusters.where: [
0: {
createdAt: 2022-09-08 09:41:11.26 +0000 UTC
arn: "arn:aws:eks:us-east-1:177043759486:cluster/eks-cluster"
}
1: {
createdAt: 2021-12-08 09:03:22.44 +0000 UTC
arn: "arn:aws:eks:us-west-1:177043759533:cluster/lunashop-eks-cluster"
}
]
Learn more about querying EKS clusters
- To learn more about how the MQL query language works, read Write Effective MQL.
- For a list of all the AWS resources and fields you can query, read the Mondoo Amazon Web Services (AWS) Resource Pack Reference.