Configure Control plane logs
You can enable each of the cluster log types individually, and in this lab we’re enabling everything.
Let’s take a look this configuration in the EKS console:
The Logging tab shows the current configuration for control plane logs for the cluster:
You can alter the logging configuration by clicking the Manage button:
You can also enable EKS control plane logs on a per-cluster basis through the EKS API. This will often be configured using Terraform or CloudFormation, but in this lab we can use the AWS CLI to enable the functionality:
aws eks update-cluster-config \
--region $AWS_REGION \
--name $EKS_CLUSTER_NAME \
--logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'
sleep 30
aws eks wait cluster-active --name $EKS_CLUSTER_NAME
If you are using the CDK Observability Accelerator then check out the CDK Observability Builder which supports enabling all control plane logging features for EKS clusters and storing them in CloudWatch.