Skip to main content

Assess an AWS EKS Cluster

Now that you have an introduction to assessing your AWS account with cnspec and have tried an EC2 test, let's dive deeper and test EKS clusters.

We'll continue working in the cnspec shell, which makes running individual queries easy. If it's not already open, enter cnspec shell aws in your terminal. To learn about accessing your AWS account with cnspec, read Assess AWS Security.

EKS resources

cnspec provides answers to any question about your EKS clusters. To discover all the resources and fields you can query, read aws.eks. You can also use the help command in the shell:

help aws.eks

Run a simple test on EKS clusters

This test ensures that all EKS clusters use encryption:

aws.eks.clusters.all( encryptionConfig != null )

If the test passes (all EKS clusters use encryption) then cnspec returns ok:

[ok] value: true`

If the test fails (one or more EKS clusters do not use encryption) then cnspec provides details about the failure:

[failed] [].all()
actual: [
0: aws.ec2.instance id = arn:aws:ec2:us-east-1:177043751234:instance/i-0fde6c8e0210b7i26
1: aws.ec2.instance id = arn:aws:ec2:us-east-1:177043751234:instance/i-01d9ac4d064722qa4

Learn more about querying EKS clusters