AWS Introduces CIS Amazon EKS Benchmark

The newly developed CIS Amazon EKS Benchmark is optimized to help users accurately assess the security configuration of their Amazon EKS clusters.

AWS announced a new Center for Internet Security (CIS) benchmark for Amazon EKS, which according to the company, is optimized to help you accurately assess the security configuration of Amazon EKS clusters. This includes security assessments for nodes to help you meet security and compliance requirements.
AWS said that with the CIS Amazon EKS Benchmark, users now have guidance aligned to the Amazon EKS cluster configuration and they should use this benchmark to assess and configure security for their cluster nodes. The company has used the CIS Kubernetes Benchmark as the starting point for the CIS Amazon EKS Benchmark.
The newly developed version 1.0.0 of CIS Amazon EKS Benchmark offers guidelines for node security configurations for EKS clusters, compatible with CIS Kubernetes Benchmark v1.5.1 (and forthcoming v1.6.0). The EKS Benchmark is applicable to EC2 nodes where user are responsible for security configurations of Kubernetes components. The benchmark does not apply to nodes’ operating system level security configuration as that is outside the scope for the CIS Kubernetes Benchmark.
Source: AWS
The company said that in Amazon EKS, security and compliance are weighed shared responsibilities. In the shared responsibility model, AWS is responsible for managing the Kubernetes control plane. And EKS users are responsible for managing IAM users/roles and identity/resource-based policies, runtime security, network security, define and enforce node and pod security, configuring secrets encryption, and configuration recommendations defined in the benchmark and EKS best practices guide for security.
The CIS Amazon EKS Benchmark comprises four sections i.e control plane logging configuration, node security configurations, policies and managed services.
To help users getting started AWS has published a tutorial chapter on for CIS EKS Benchmark helping you to run the benchmark against the tools available to help assess security configurations and expected results. Chapter named "CIS Amazon EKS Benchmark Assessment using kube-bench" gives you step-by-step instructions to assess Amazon EKS cluster nodes against the CIS Amazon EKS Benchmark.

Next Recommended Reading AWS Announced The GA Of Amazon Braket