Eksctl: Add config file options to enable EKS control plane logging to CloudWatch

Created on 5 Apr 2019  路  8Comments  路  Source: weaveworks/eksctl

Why do you want this feature?
We want to see the EKS control plane logs for monitoring, troubleshooting, and security audit.

What feature/behavior/change do you want?
The ability to enable/disable in the config file, each of the five control plane log types available in EKS:

  • api
  • audit
  • authenticator
  • controllerManager
  • scheduler

Documentation on EKS control plane logging API and CLI commands:
https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html

aws eks --region us-west-2 update-cluster-config --name prod \ --logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'

Ref: https://github.com/aws/containers-roadmap/issues/26

kinfeature prioritweave
Source
picture whereisaaron
👍5

Most helpful comment

Thanks for opening this, Aaron! I'd like to do this soon, but will need to update goformation first, and we need to think about what we should enable by default.

picture errordeveloper on 5 Apr 2019
👍4

All 8 comments

Thanks for opening this, Aaron! I'd like to do this soon, but will need to update goformation first, and we need to think about what we should enable by default.

errordeveloper picture errordeveloper on 5 Apr 2019
👍4

Ref: awslabs/goformation#198

StevenACoffman picture StevenACoffman on 8 Apr 2019

Any progress on this? :)

JasonSwindle picture JasonSwindle on 4 Jun 2019

ref aws/containers-roadmap#242
Nope.

As soon as this is in CloudFormation (and the new resource specification is published, we can get it included in goformation.

You can run go generate in your goformation repo directory to update goformation to the latest resource specification (EKS logging isn't there as of right now) - or wait for our CI job to automatically update goformation and release a new version.

StevenACoffman picture StevenACoffman on 5 Jun 2019

We are going to enable this by calling EKS API directly. Hopefully in the next release.

errordeveloper picture errordeveloper on 5 Jun 2019
1 👍1

Wise move @errordeveloper! Hoping for CloudFormation to catch up with API changes is a mug's game 馃槩. Like I'm the mug still holding out hope for EIP tags, we all gotta dream 馃ぃ

whereisaaron picture whereisaaron on 5 Jun 2019
😄1

@whereisaaron see #778 =)

errordeveloper picture errordeveloper on 5 Jun 2019

@whereisaaron haha I鈥檝e raised this to my AWS account team

cdenneen picture cdenneen on 5 Jun 2019
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Raduan77 picture Raduan77  路  3Comments
whereisaaron picture whereisaaron  路  4Comments
sabhizer picture sabhizer  路  3Comments
albertmichaelj picture albertmichaelj  路  3Comments
bartcant picture bartcant  路  4Comments