aws-eks (experimental)

nctl scan aws-eks

Scan Command

Scan EKS clusters

nctl scan aws-eks <path to eks config>

To scan the eks cluster, use the flag --eks-config followed by the path to the eks config yaml file which contains name and region of the eks cluster.

Scan Options

Flag Shorthand Description
--cluster scan resources across the whole cluster (default value false)
--audit-as-warn report violations from policies in audit mode as warnings instead of failures
--help -h help for kubernetes command
--eks-config string path to the config YAML file with name and region on eks cluster (experimental)
--details see details of a scan to get info about violating resources and violated policies
--file <string> mention the file name to store scan result
--namespace <string> -n scan for only specific namespaces in the cluster. It is possible to provide a list of comma separated namespaces
--output <string> -o choose the output format of scan result. Available options are: json, text,yaml and sarif with the default option being text
--policies <strings> -p specify path to policy files (local path, github URL, helm URL) to scan against custom policies
--policy-sets <string> scan against different policy sets in one command, use this flag to provide a comma-separated list of policy sets to scan the resources(pss-baseline, pss-restricted, rbac-best-practices)
--policy-view to see which policy got violated in the detailed scan results, use this flag combined with the --details flag
--resources <strings> -r path to resource files (local path, github URL). scan specific resource files instead of all resources in a cluster, use this flag to point to a local path or gitHub URL containing the resource files. When combined with the --policies flag, this command can be used in a CI pipeline to check for misconfigurations in Kubernetes manifests
values-file <string> Use this flag followed by the file path to extract values of policy variables