Assess an AWS EKS Cluster

Now that you have an introduction to assessing your AWS account with cnspec and have tried an EC2 test, let's dive deeper and test EKS clusters.

We'll continue working in the cnspec shell, which makes running individual queries easy. If it's not already open, enter cnspec shell aws in your terminal. To learn about accessing your AWS account with cnspec, read Assess AWS Security.

EKS resources

cnspec provides answers to any question about your EKS clusters. To discover all the resources and fields you can query, read aws.eks. You can also use the help command in the shell:

help aws.eks

Run a simple test on EKS clusters

This test ensures that all EKS clusters use encryption:

aws.eks.clusters.all( encryptionConfig != null )

If the test passes (all EKS clusters use encryption) then cnspec returns ok:

[ok] value: true`

If the test fails (one or more EKS clusters do not use encryption) then cnspec provides details about the failure:

[failed] [].all()
  actual:   [
    0: aws.ec2.instance id = arn:aws:ec2:us-east-1:177043751234:instance/i-0fde6c8e0210b7i26
    1: aws.ec2.instance id = arn:aws:ec2:us-east-1:177043751234:instance/i-01d9ac4d064722qa4
  ]

Learn more about querying EKS clusters

To learn more about how the MQL query language works, read Write Effective MQL.
For a list of all the AWS resources and fields you can query, read the Mondoo Amazon Web Services (AWS) Resource Pack Reference.
For a list of all the Kubernetes resources and fields you can query, read the Mondoo Kubernetes (K8s) Resource Pack Reference.

EKS resources​

Run a simple test on EKS clusters​

Learn more about querying EKS clusters​

EKS resources

Run a simple test on EKS clusters

Learn more about querying EKS clusters