Rule: EKS Clusters Should Run on a Supported Kubernetes Version
Ensure that EKS clusters are operating on a compatible version of Kubernetes for optimal performance and security.
| Rule | EKS clusters should run on a supported Kubernetes version |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ High |
Rule Description
For AWS Foundational Security Best Practices, it is recommended that Amazon Elastic Kubernetes Service (EKS) clusters run on a supported version of Kubernetes. Running on a supported version ensures the availability of security patches, bug fixes, and feature enhancements, thus reducing the risk of potential vulnerabilities.
Troubleshooting Steps (if applicable)
In case an EKS cluster is not running on a supported Kubernetes version, the following troubleshooting steps can be taken:
- 1.
Check the current version of Kubernetes running on the EKS cluster:
Run the following command using the AWS Command Line Interface (CLI):
aws eks describe-cluster --name <cluster-name> --query "cluster.version" - 2.
Check the list of supported Kubernetes versions for EKS:
Refer to the official documentation to obtain the list of supported Kubernetes versions for EKS. Ensure the cluster version matches any of the supported versions.
- 3.
Upgrade the cluster version (if required):
If the cluster is running on an unsupported version, upgrading to a supported version is necessary. Follow the EKS documentation to upgrade the cluster version. Ensure to perform thorough testing before upgrading in a production environment.
- 4.
Verify the upgraded cluster version:
After upgrading, re-run the command mentioned in step 1 to verify that the cluster is now running on a supported version of Kubernetes.
Necessary Codes (if applicable)
No specific code is required for this rule. However, the AWS CLI command mentioned in the troubleshooting steps may be used.
Step-by-Step Guide for Remediation
Follow the steps below to ensure that your EKS clusters run on a supported Kubernetes version:
- 1.
Open the AWS Management Console and navigate to the Amazon EKS service.
- 2.
Select the desired EKS cluster that needs evaluation.
- 3.
Click on the "Cluster Details" tab to view the cluster details.
- 4.
Check the current version of Kubernetes running on the cluster. It can be found under the "Cluster Version" section.
- 5.
Compare the current version with the list of supported Kubernetes versions provided in the AWS documentation.
- 6.
If the current version is not among the supported versions, it is necessary to upgrade the cluster version.
a. Before proceeding with the upgrade, make sure to consider the impact on your applications and any potential compatibility issues. It is recommended to have a thorough testing plan in place.
b. Follow the official AWS EKS documentation to perform the upgrade process. The documentation provides detailed instructions specific to different scenarios and versions.
- 7.
After completing the upgrade, verify the cluster version:
a. Use the AWS CLI command mentioned in the troubleshooting steps or refer to the Cluster Details page to confirm that the cluster is now running on a supported version of Kubernetes.
- 8.
Monitor future updates and security patches to ensure your EKS clusters stay on supported versions. Regularly check the AWS documentation for any new releases or upgrade recommendations.
By following these steps, you can ensure that your EKS clusters adhere to the AWS Foundational Security Best Practices regarding the use of supported Kubernetes versions.