github.com/khulnasoft-lab/kube-bench@v0.2.1-0.20240330183753-9df52345ae58/cfg/eks-1.0.1/managedservices.yaml

github.com/khulnasoft-lab/kube-bench@v0.2.1-0.20240330183753-9df52345ae58/cfg/eks-1.0.1/managedservices.yaml (about)

     1  ---
     2  controls:
     3  version: "eks-1.0.1"
     4  id: 5
     5  text: "Managed Services"
     6  type: "managedservices"
     7  groups:
     8    - id: 5.1
     9      text: "Image Registry and Image Scanning"
    10      checks:
    11        - id: 5.1.1
    12          text: "Ensure Image Vulnerability Scanning using Amazon ECR image scanning or a third-party provider (Manual)"
    13          type: "manual"
    14          remediation: "No remediation"
    15          scored: false
    16  
    17        - id: 5.1.2
    18          text: "Minimize user access to Amazon ECR (Manual)"
    19          type: "manual"
    20          remediation: "No remediation"
    21          scored: false
    22  
    23        - id: 5.1.3
    24          text: "Minimize cluster access to read-only for Amazon ECR (Manual)"
    25          type: "manual"
    26          remediation: "No remediation"
    27          scored: false
    28  
    29        - id: 5.1.4
    30          text: "Minimize Container Registries to only those approved (Manual)"
    31          type: "manual"
    32          remediation: "No remediation"
    33          scored: false
    34  
    35    - id: 5.2
    36      text: "Identity and Access Management (IAM)"
    37      checks:
    38        - id: 5.2.1
    39          text: "Prefer using dedicated Amazon EKS Service Accounts (Manual)"
    40          type: "manual"
    41          remediation: "No remediation"
    42          scored: false
    43  
    44    - id: 5.3
    45      text: "AWS Key Management Service (KMS)"
    46      checks:
    47        - id: 5.3.1
    48          text: "Ensure Kubernetes Secrets are encrypted using Customer Master Keys (CMKs) managed in AWS KMS (Manual)"
    49          type: "manual"
    50          remediation: "No remediation"
    51          scored: false
    52  
    53    - id: 5.4
    54      text: "Cluster Networking"
    55      checks:
    56        - id: 5.4.1
    57          text: "Restrict Access to the Control Plane Endpoint (Manual)"
    58          type: "manual"
    59          remediation: "No remediation"
    60          scored: false
    61  
    62        - id: 5.4.2
    63          text: "Ensure clusters are created with Private Endpoint Enabled and Public Access Disabled (Manual)"
    64          type: "manual"
    65          remediation: "No remediation"
    66          scored: false
    67  
    68        - id: 5.4.3
    69          text: "Ensure clusters are created with Private Nodes (Manual)"
    70          type: "manual"
    71          remediation: "No remediation"
    72          scored: false
    73  
    74        - id: 5.4.4
    75          text: "Ensure Network Policy is Enabled and set as appropriate (Manual)"
    76          type: "manual"
    77          remediation: "No remediation"
    78          scored: false
    79  
    80        - id: 5.4.5
    81          text: "Encrypt traffic to HTTPS load balancers with TLS certificates (Manual)"
    82          type: "manual"
    83          remediation: "No remediation"
    84          scored: false
    85  
    86  
    87    - id: 5.5
    88      text: "Authentication and Authorization"
    89      checks:
    90        - id: 5.5.1
    91          text: "Manage Kubernetes RBAC users with AWS IAM Authenticator for Kubernetes (Manual)"
    92          type: "manual"
    93          remediation: "No remediation"
    94          scored: false
    95  
    96  
    97    - id: 5.6
    98      text: "Other Cluster Configurations"
    99      checks:
   100        - id: 5.6.1
   101          text: "Consider Fargate for running untrusted workloads (Manual)"
   102          type: "manual"
   103          remediation: "No remediation"
   104          scored: false