aws_eks_clusters
Use the aws_eks_clusters
resource to test the configuration of a collection of AWS Elastic Container Service for Kubernetes.
Syntax
describe aws_eks_clusters do
its('names.count') { should cmp 10 }
end
Parameters
This resource does not expect any parameters.
See also the AWS documentation on EKS Clusters.
Properties
Property | Description |
---|---|
arn | The Amazon Resource Name (ARN) of the cluster. |
name | The name of the cluster. |
endpoint | The endpoint for your Kubernetes API server. |
status | The current status of the cluster. |
version | The Kubernetes server version for the cluster. |
certificate_authority | The certificate-authority-data for your cluster. |
subnets_count | The number of subnets associated with your cluster. |
subnet_ids | The subnets associated with your cluster. |
security_groups_count | The count of security groups associated with your cluster. |
security_group_ids | The security groups associated with the cross-account elastic network interfaces that are used to allow communication between your worker nodes and the Kubernetes control plane. |
role_arn | The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. |
vpc_id | The VPC associated with your cluster. |
created_at | The Unix epoch timestamp in seconds for when the cluster was created. |
creating | Boolean indicating whether or not the state of the cluster is CREATING. |
active | Boolean indicating whether or not the state of the cluster is ACTIVE. |
failed | Boolean indicating whether or not the state of the cluster is FAILED. |
deleting | Boolean indicating whether or not the state of the cluster is DELETING. |
entries | Provides access to the raw results of the query, which can be treated as an array of hashes. |
Examples
Allow at most 100 EKS Clusters on the account
describe aws_eks_clusters do
its('entries.count') { should be <= 100}
end
Ensure a specific Cluster exists, by name
describe aws_eks_clusters do
its('names') { should include('cluster-1') }
end
Ensure no Clusters are in a failed state
describe aws_eks_clusters.where( failed: true ) do
it { should_not exist )
end
Matchers
This InSpec audit resource has the following special matchers. For a full list of available matchers, please visit our matchers page.
exist
The control will pass if the describe returns at least one result.
Use should_not
to test the entity should not exist.
describe aws_eks_clusters.where( <property>: <value>) do
it { should exist }
end
describe aws_eks_clusters.where( <property>: <value>) do
it { should_not exist }
end
AWS Permissions
Your Principal will need the eks:DescribeCluster
action with Effect set to Allow.
You can find detailed documentation at Amazon EKS IAM Policies, Roles, and Permissions The documentation for EKS actions is at Policy Structure