AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-03-19 · Documentation medium

File: prescriptive-guidance/latest/amazon-eks-observability-best-practices/log-types.md

Summary

Expanded details on EKS control plane logging streams including audit logs

Security assessment

The change adds documentation about audit logging configuration, which supports security monitoring and compliance. While audit logs are security-relevant, the update describes existing capabilities rather than addressing a specific vulnerability.

Diff

diff --git a/prescriptive-guidance/latest/amazon-eks-observability-best-practices/log-types.md b/prescriptive-guidance/latest/amazon-eks-observability-best-practices/log-types.md
index bf0414f49..7e5b3b286 100644
--- a//prescriptive-guidance/latest/amazon-eks-observability-best-practices/log-types.md
+++ b//prescriptive-guidance/latest/amazon-eks-observability-best-practices/log-types.md
@@ -60 +60 @@ Collecting logs from Kubernetes components such as the API server, scheduler, an
-  * **Enable control plane logging:** You can enable control plane logging for your EKS cluster through the AWS Management Console, [AWS Command Line Interface (AWS CLI)](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html), or infrastructure as code (IaC) tools such as [AWS CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) or Terraform. When you enable control plane logging, the logs are sent to CloudWatch Logs. You can view them in the CloudWatch console under the following log groups:
+  * **Enable control plane logging:** You can enable control plane logging for your EKS cluster through the AWS Management Console, [AWS Command Line Interface (AWS CLI)](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-welcome.html), or infrastructure as code (IaC) tools such as [AWS CloudFormation](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html) or Terraform. When you enable control plane logging, the logs are sent to Amazon CloudWatch Logs. You can view them in the CloudWatch console in the `/aws/eks/<cluster-name>/cluster` log group. Within this log group, each control plane component has its own log stream as follows:
@@ -62 +62,7 @@ Collecting logs from Kubernetes components such as the API server, scheduler, an
-    * `/aws/eks/<cluster-name>/cluster`
+Stream name | Description  
+---|---  
+kube-apiserver | Kubernetes API server logs  
+kube-scheduler | Scheduler decision logs  
+kube-controller-manager | Controller manager logs  
+authenticator | IAM authenticator logs  
+audit | Kubernetes audit logs (must be explicitly enabled)  
@@ -64,7 +70 @@ Collecting logs from Kubernetes components such as the API server, scheduler, an
-    * `/aws/eks/<cluster-name>/kube-apiserver`
-
-    * `/aws/eks/<cluster-name>/kube-scheduler`
-
-    * `/aws/eks/<cluster-name>/kube-controller-manager`
-
-    * `/aws/eks/<cluster-name>/authenticator`
+To view logs for a specific component, navigate to the cluster log group and filter by the target log stream name.