eks-cluster-secrets-encrypted - AWS Config


Checks if Amazon EKS clusters are configured to have Kubernetes secrets encrypted using AWS KMS. The rule is NON_COMPLIANT if an EKS cluster does not have an encryptionConfig resource or if encryptionConfig does not name secrets as a resource.


Resource Types: AWS::EKS::Cluster

Trigger type: Periodic

AWS Region: All supported AWS regions except China (Beijing), Israel (Tel Aviv), China (Ningxia) Region


kmsKeyArns (Optional)
Type: CSV

Comma-separated list of KMS key Amazon Resource Names (ARNs) that are approved for EKS usage.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.