More Info:

EKS clusters should have a minimum of 3 nodes spread across 3 Availability Zones. Availability Zones are more highly available, fault tolerant, and scalable than traditional single or multiple data center infrastructures.

Risk Level

Low

Address

Reliability, Security

Compliance Standards

CBP

Remediation

Using Console

To remediate the misconfiguration of EKS Clusters not having high availability in AWS, you can follow the below steps using the AWS console:

  1. Go to the Amazon EKS console.

  2. Select the EKS cluster that you want to remediate.

  3. Click on the “Configuration” tab.

  4. Under the “Networking” section, click on “Edit”.

  5. Ensure that the “Private networking only” option is unchecked.

  6. Under the “High availability” section, click on “Edit”.

  7. Select the “Multiple Availability Zones” option.

  8. Choose the number of availability zones you want to use.

  9. Click on “Save”.

  10. Wait for the changes to propagate.

By following these steps, you can remediate the misconfiguration of EKS Clusters not having high availability in AWS.

Using CLI

To remediate the misconfiguration of EKS clusters not having high availability in AWS using AWS CLI, follow these steps:

  1. Open the AWS CLI and ensure that you have the necessary permissions to make changes to the EKS cluster.

  2. Check if the EKS cluster is currently configured for high availability by running the following command:

    aws eks describe-cluster --name <cluster-name> --query "cluster.resourcesVpcConfig.endpointPublicAccess"

    This command will return a boolean value, where true indicates that the EKS cluster is configured for high availability, and false indicates that it is not.

  3. If the EKS cluster is not configured for high availability, you can enable it by modifying the cluster’s endpoint access configuration using the following command:

    aws eks update-cluster-config --name <cluster-name> --resources-vpc-config endpointPublicAccess=true

    This command will modify the EKS cluster’s endpoint access configuration to enable high availability.

  4. Verify that the EKS cluster is now configured for high availability by running the describe-cluster command again and checking the endpointPublicAccess value.

    aws eks describe-cluster --name <cluster-name> --query "cluster.resourcesVpcConfig.endpointPublicAccess"

    This command should now return true, indicating that the EKS cluster is configured for high availability.

  5. Repeat these steps for any other EKS clusters that are not configured for high availability.

By following these steps, you can remediate the misconfiguration of EKS clusters not having high availability in AWS using AWS CLI.

Using Python

To remediate the misconfiguration of EKS Clusters not having high availability in AWS using Python, follow the steps below:

  1. Import the necessary AWS SDK modules in Python:
import boto3
from botocore.exceptions import ClientError
  1. Create a boto3 EKS client object:
eks_client = boto3.client('eks')
  1. Get the EKS cluster name for which you want to enable high availability:
cluster_name = 'your-cluster-name'
  1. Check if the EKS cluster is already highly available:
try:
    response = eks_client.describe_cluster(name=cluster_name)
    if response['cluster']['resourcesVpcConfig']['subnetIds']:
        print('EKS cluster is already highly available.')
    else:
        print('EKS cluster is not highly available.')
except ClientError as e:
    print('Error:', e)
  1. If the EKS cluster is not highly available, update the cluster configuration to enable high availability:
try:
    eks_client.update_cluster_config(
        name=cluster_name,
        resourcesVpcConfig={
            'subnetIds': ['subnet-xxxxxxxx', 'subnet-yyyyyyyy', 'subnet-zzzzzzzz']
        }
    )
    print('EKS cluster configuration updated to enable high availability.')
except ClientError as e:
    print('Error:', e)

Note: Replace ‘subnet-xxxxxxxx’, ‘subnet-yyyyyyyy’, ‘subnet-zzzzzzzz’ with the IDs of the subnets in which you want to launch your EKS worker nodes. These subnets should be in different availability zones to enable high availability.

  1. Verify that the EKS cluster is now highly available:
try:
    response = eks_client.describe_cluster(name=cluster_name)
    if response['cluster']['resourcesVpcConfig']['subnetIds']:
        print('EKS cluster is now highly available.')
    else:
        print('EKS cluster is still not highly available.')
except ClientError as e:
    print('Error:', e)

With these steps, you can remediate the misconfiguration of EKS clusters not having high availability in AWS using Python.

Additional Reading: