EKS Cluster Are Not Encrypted Using Customer Master Keys (CMKs)

Overview

This check verifies that Kubernetes Secrets are encrypted using Customer Master Keys (CMKs). Adopting envelope encryption is regarded as a security best practice for applications that store sensitive data, forming an essential component of a defense-in-depth security approach.

Vendor

AWS

Cloud Service

EKS

References

https://docs.aws.amazon.com/eks/latest/APIReference/API_Cluster.html, https://docs.aws.amazon.com/eks/latest/userguide/enable-kms.html, https://docs.aws.amazon.com/eks/latest/APIReference/API_AssociateEncryptionConfig.html#:~:text=Amazon%20EKS%20clusters.-,Request%20Syntax,-POST%20/clusters/

Severity

Item Types

AWS::EKS::Cluster

Overview​

Vendor​

Cloud Service​

References​

Severity​

Item Types​