EKS clusters are not running on a supported Kubernetes version
Description
This policy is verifying whether your EKS (Elastic Kubernetes Service) clusters are running on a supported version of Kubernetes. Running your clusters on an unsupported version can lead to potential security risks and compatibility issues. Unsupported versions might not have crucial security patches and updates, making them vulnerable to attacks. Furthermore, the latest features and improvements won't be available, potentially affecting performance and functionality. Thus, this policy helps maintain your systems' security and efficiency.
Code Example
go
resource "aws_eks_cluster" "my_cluster" {
name = "my-cluster"
role_arn = aws_iam_role.example.arn
vpc_config {
subnet_ids = ["${aws_subnet.example.id}"]
}
version = "1.27"
}Remediation
Terraform
- Resource: aws_eks_cluster
- Arguments: version
To fix this issue, you need to set the Kubernetes version for the EKS cluster in your Terraform configuration to a version that is currently supported by AWS. For example:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0386 |
| Severity | HIGH |
| IaC Type | Terraform |
| Frameworks | Terraform, TerraformPlan |
| Checkov ID | CKV_AWS_339 |