CIS Kubernetes Benchmark Profile on EKS

[adam-yield]

I am unable to run InSpec.io cis-k8s-benchmark on my EKS cluster, it'd be nice to have a flag via the cli to provide the cluster arn resource and to run the benchmark against the remote eks cluster.

I couldn't find any information in the README.md file, maybe you have a solution in place you could share with me?

[schurzi]

If I understand correctly you want to specify an ARN to inspec/cinc-auditor when executin the profile. This ARN would point to your K8s cluster in AWS and hen the profile should be executed on alle nodes in the cluster?

The way I understand this issue I think we can't help you. This would be a feature that has to be provided by the executor (inspec or cinc-auditor). As far as I know the executors support local, ssh or docker connections. If you can establish an easy was to get all hostnames of your EKS nodes, you could run a loop and execute the profile via SSH. To get this working you can use the -t option (https://docs.chef.io/inspec/cli#exec).

[adam-yield]

Yes you understood me correctly, thanks for the prompt reply.

[schurzi]

if you find/create a good solution for this, it would be nice to drop a link here. For now I will close this issue, since this is out of scope for us.