Question 1

Is cloudwatch_log_group_kms_key_id enforced for Registry?

Accepted Answer

Yes, To help protect sensitive data at rest, ensure encryption is enabled for your AWS CloudWatch Log Group.

Question 2

Is cloudwatch_log_group_retention_in_days enforced for Registry?

Accepted Answer

Yes, Ensure a minimum duration of event log data is retained for your log groups to help with troubleshooting and forensics investigations.

Question 3

Is encryption_config enforced for Registry?

Accepted Answer

Yes, Ensure that AWS Elastic Kubernetes Service clusters are configured to have Kubernetes secrets encrypted using AWS Key Management Service (KMS) keys.

Question 4

Is endpoint_public_access enforced for Registry?

Accepted Answer

Yes, Ensure whether AWS Elastic Kubernetes Service (AWS EKS) endpoint is not publicly accessible. The rule is compliant if the endpoint is publicly accessible.

AWS EKS Terraform module

Terraform Module Source