Skip to main content

🔌 AWS EKS Cluster - object.extracts.yaml

  • Contextual name: 🔌 object.extracts.yaml
  • ID: /types/CA10A1__CaAwsEksCluster__c/object.extracts.yaml

Used In

LogicPolicyFlags
🧠 prod.logic.yaml🟢🛡️ AWS EKS Cluster allows unrestricted public traffic🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ AWS EKS Cluster IAM OIDC provider is not created🟢🟢 x3
🧠 prod.logic.yaml🟢🛡️ AWS EKS Cluster Logging is not enabled for all control plane logs types🟢🟢 x3

Content

Open File

---
extracts:
#Values: Enabled | Disabled. Not Nullable.
  - name: CA10A1__endpointPublicAccess__c
    value: 
      FIELD:
        path: CA10A1__endpointPublicAccess__c
        undeterminedIf:
          noAccessDelegate:
            path: CA10A1__endpointPublicAccess__c
            currentStateMessage: "Endpoint Public Access cannot be empty. Possible permission issues with eks:DescribeCluster."
#LONG_TEXT_AREA with IP addresses divided by \n. Nullable
  - name: CA10A1__publicAccessCidrs__c
    value: 
      FIELD:
        path: CA10A1__publicAccessCidrs__c
#Values: array of strings
      # api: Enabled\n
      # audit: Enabled\n
      # authenticator: Enabled\n
      # controllerManager: Enabled\n
      # scheduler: Enabled\n
  - name: CA10A1__logging__c
    value: 
      FIELD:
        path: CA10A1__logging__c
        undeterminedIf:
          noAccessDelegate:
            path: CA10A1__logging__c
            currentStateMessage: "Cluster Logging cannot be empty. Possible permission issues with eks:DescribeCluster."
  - name: caSetFrom_logging__c
    value:
      SET_FROM:
        separator: "\n"
        arg:
          EXTRACT: "CA10A1__logging__c"