AWS Elastic Kubernetes Services¶
About¶
Amazon Elastic Kubernetes Service is a fully managed service that makes it easier to run and operate Kubernetes clusters on AWS without having to install or maintain your own control plane. It handles the availability and scalability of the control plane nodes, allowing users to focus on deploying and scaling their containerized applications by integrating seamlessly with AWS services for networking, security, and load balancing.
Product Details¶
Vendor URL: AWS Elastic Kubernetes Services
Product Type: Container Management
Product Tier: Tier III
Integration Method: S3 Bucket
Integration URL: n/a
Log Guide: Logs
Parser Details¶
Log Format: JSON
Expected Normalization Rate: 99.5%
Data Label: AWS_EKS
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| auditID | metadata.product_log_id |
| resource.name | principal.hostname |
| sourceIPs | principal.ip |
| user.uid | principal.user.product_object_id |
| user.username | principal.user.userid |
| verb | metadata.product_event_type |
Product Event Types¶
| Event | UDM Event Classification |
|---|---|
| All | GENERIC_EVENT |
Log Sample¶
{
"messageType": "DATA_MESSAGE",
"owner": "154921845161",
"logGroup": "/aws/eks/ecom-su-prod-eks/cluster",
"logStream": "kube-apiserver-audit-fa3b43ee6ed7bd850b734a259bc9132b",
"subscriptionFilters": [
"wtr-ecom-su-prod-eks-siem-logging-SubscriptionFilter-1dQSRHSV25OV"
],
"logEvents": [
{
"id": "39265063530455555453592520682560116642538023148929941506",
"timestamp": 1760706343259,
"message": "{\"kind\":\"Event\",\"apiVersion\":\"audit.k8s.io/v1\",\"level\":\"Request\",\"auditID\":\"1927d61a-0b05-4ab4-b918-99c5613bab4a\",\"stage\":\"ResponseComplete\",\"requestURI\":\"/api/v1/nodes/ip-10-5-44-130.region-1.compute.internal/proxy/metrics/cadvisor\",\"verb\":\"get\",\"user\":{\"username\":\"system:serviceaccount:monitoring:prometheus-server\",\"uid\":\"fb6e2593-6c33-4fa8-94aa-a7c2ca4db590\",\"groups\":[\"system:serviceaccounts\",\"system:serviceaccounts:monitoring\",\"system:authenticated\"],\"extra\":{\"authentication.kubernetes.io/credential-id\":[\"JTI=fe82dd60-69ac-4a5f-9e0e-1df2374079bf\"],\"authentication.kubernetes.io/node-name\":[\"ip-10-5-24-67.region-1.compute.internal\"],\"authentication.kubernetes.io/node-uid\":[\"90c23f5d-b6df-46c8-8eeb-c1d4f5b4e427\"],\"authentication.kubernetes.io/pod-name\":[\"sample-server-01\"],\"authentication.kubernetes.io/pod-uid\":[\"91024d89-348e-40f7-8113-515617c24089\"]}},\"sourceIPs\":[\"192.168.12.34\"],\"userAgent\":\"Prometheus/2.55.1\",\"objectRef\":{\"resource\":\"nodes\",\"name\":\"sample-domain.region-1.compute.internal\",\"apiVersion\":\"v1\",\"subresource\":\"proxy\"},\"responseStatus\":{\"metadata\":{},\"code\":200},\"requestReceivedTimestamp\":\"2025-10-17T13:05:42.967025Z\",\"stageTimestamp\":\"2025-10-17T13:05:43.058638Z\",\"annotations\":{\"authorization.k8s.io/decision\":\"allow\",\"authorization.k8s.io/reason\":\"RBAC: allowed by ClusterRoleBinding \\\"prometheus-server\\\" of ClusterRole \\\"prometheus-server\\\" to ServiceAccount \\\"prometheus-server/monitoring\\\"\"}}"
}
]
}
Sample Parsing¶
metadata.product_log_id: "1927d61a-0b05-4ab4-b918-99c5613bab4a"
metadata.event_type: GENERIC_EVENT
metadata.vendor_name: "AMAZON"
metadata.product_name: "AWS Elastic Kubernetes"
metadata.product_event_type: "get"
additional.fields["logGroup"]: "/aws/eks/ecom-su-prod-eks/cluster"
additional.fields["logStream"]: "kube-apiserver-audit-fa3b43ee6ed7bd850b734a259bc9132b"
principal.hostname: "sample-domain.region-1.compute.internal"
principal.user.product_object_id: "fb6e2593-6c33-4fa8-94aa-a7c2ca4db590"
principal.user.userid: "system:serviceaccount:monitoring:prometheus-server"
principal.asset.hostname: "sample-domain.region-1.compute.internal"
principal.asset.ip: "192.168.12.34"
principal.ip: "192.168.12.34"
principal.resource.resource_subtype: "nodes"
network.http.referral_url: "/api/v1/nodes/ip-10-5-44-130.region-1.compute.internal/proxy/metrics/cadvisor"
network.http.response_code: 200
network.http.user_agent: "Prometheus/2.55.1"