Add config file options to enable EKS control plane logging to CloudWatch

[whereisaaron]

Why do you want this feature?
We want to see the EKS control plane logs for monitoring, troubleshooting, and security audit.

What feature/behavior/change do you want?
The ability to enable/disable in the config file, each of the five control plane log types available in EKS:

• api
• audit
• authenticator
• controllerManager
• scheduler

Documentation on EKS control plane logging API and CLI commands:
https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html

aws eks --region us-west-2 update-cluster-config --name prod \ --logging '{"clusterLogging":[{"types":["api","audit","authenticator","controllerManager","scheduler"],"enabled":true}]}'

Ref: aws/containers-roadmap#26

[errordeveloper]

Thanks for opening this, Aaron! I'd like to do this soon, but will need to update goformation first, and we need to think about what we should enable by default.

[StevenACoffman]

Ref: awslabs/goformation#198

[JasonSwindle]

Any progress on this? :)

[StevenACoffman]

ref aws/containers-roadmap#242
Nope.

As soon as this is in CloudFormation (and the new resource specification is published, we can get it included in goformation.

You can run go generate in your goformation repo directory to update goformation to the latest resource specification (EKS logging isn't there as of right now) - or wait for our CI job to automatically update goformation and release a new version.

[errordeveloper]

We are going to enable this by calling EKS API directly. Hopefully in the next release.

[whereisaaron]

Wise move @errordeveloper! Hoping for CloudFormation to catch up with API changes is a mug's game 😢. Like I'm the mug still holding out hope for EIP tags, we all gotta dream 🤣

[errordeveloper]

@whereisaaron see #778 =)

[cdenneen]

@whereisaaron haha I’ve raised this to my AWS account team