Why is my deleted EKS cluster still showing as compliant or noncompliant in my AWS Config rule?

Hello

Does the ConfigurationItem (CI) show compliance results for before or after the EKS Cluster was deleted?

AWS Config rules can have one or more trigger types depending on the rule. For example, if a rule trigger type is configuration changes, deleting the resource will trigger a recorded resource is created, updated, or deleted.

Evaluation results for resources are not immediately removed when resources are deleted. If your Config rule is incorrectly evaluating your resources or you recently deleted resources from your account, you can delete the evaluation results and then run a new evaluation.

Please also note that even after deletion, AWS Config maintains the configuration history of deleted resources. ConfigurationItems are stored for the default period of 7 years (2557 days) and deletes data older than your specified retention period. The retention period can modified between a minimum of 30 days and a maximum of 7 years (2557 days).

I hope this helps! If you need further investigation please do not hesitate to create a support case.

References:

[1]: Frequently Asked Questions https://docs.aws.amazon.com/config/latest/developerguide/faq.html

[2]: Deleting Evaluation Results from AWS Config Rules https://docs.aws.amazon.com/config/latest/developerguide/deleting-evaluations-results.html

[3]: Deleting AWS Config Data https://docs.aws.amazon.com/config/latest/developerguide/delete-config-data-with-retention-period.html

[4]: Trigger Types https://docs.aws.amazon.com/config/latest/developerguide/evaluate-config_components.html#evaluate-config_use-managed-rules-trigger