eks-cluster-secrets-encrypted - AWS Config

eks-cluster-secrets-encrypted

Checks if Amazon EKS clusters are configured to have Kubernetes secrets encrypted using AWS KMS. The rule is NON_COMPLIANT if an EKS cluster does not have an encryptionConfig resource or if encryptionConfig does not name secrets as a resource.

Identifier: EKS_CLUSTER_SECRETS_ENCRYPTED

Resource Types: AWS::EKS::Cluster

Trigger type: Periodic

AWS Region: All supported AWS regions except China (Beijing), Israel (Tel Aviv), China (Ningxia) Region

Parameters:

kmsKeyArns (Optional)
Type: CSV

Comma-separated list of KMS key Amazon Resource Names (ARNs) that are approved for EKS usage.

AWS CloudFormation template

To create AWS Config managed rules with AWS CloudFormation templates, see Creating AWS Config Managed Rules With AWS CloudFormation Templates.