01 Run create-nodegroup command (OSX/Linux/UNIX) using the name of the Amazon EKS cluster that you want to configure as the identifier parameter, to create a new node group for the selected EKS cluster. To disable remote access entirely, exclude the --remote-access parameter from the create-nodegroup command request. To configure the source IP ranges that can remotely access the nodes within the node group, specify the required SSH key and the security group(s) that can control which trusted source IPs can remotely access the nodes, e.g. --remote-access ec2SshKey="eks-ssh-key",sourceSecurityGroups="sg-01234abcd1234abcd":
aws eks create-nodegroup
--region us-east-1
--cluster-name cc-eks-webapp-cluster
--nodegroup-name cc-webapp-cluster-node-003
--instance-types t3.medium
--subnets subnet-0abcd1234abcd1234 subnet-01234abcd1234abcd
--node-role arn:aws:iam::466594415815:role/cc-eks-node-role
02 The command output should return the configuration information available for the new node group:
{
"nodegroup": {
"nodegroupName": "cc-webapp-cluster-node-003",
"nodegroupArn": "arn:aws:eks:us-east-1:123456789012:nodegroup/cc-eks-webapp-cluster/cc-webapp-cluster-node-003/abcd1234-abcd-1234-abcd-1234abcd1234",
"clusterName": "cc-eks-webapp-cluster",
"version": "1.27",
"releaseVersion": "1.27.1-20230607",
"createdAt": "2023-06-29T13:36:39.930000+00:00",
"modifiedAt": "2023-06-29T13:36:39.930000+00:00",
"status": "CREATING",
"capacityType": "ON_DEMAND",
"scalingConfig": {
"minSize": 1,
"maxSize": 2,
"desiredSize": 2
},
"instanceTypes": [
"t3.medium"
],
"subnets": [
"subnet-0abcd1234abcd1234",
"subnet-01234abcd1234abcd"
],
"amiType": "AL2_x86_64",
"nodeRole": "arn:aws:iam::123456789012:role/cc-eks-node-role",
"diskSize": 20,
"health": {
"issues": []
},
"updateConfig": {
"maxUnavailable": 1
},
"tags": {}
}
}
03 To remove the non-compliant node group from your Amazon EKS cluster, run delete-nodegroup command (OSX/Linux/UNIX):
aws eks delete-nodegroup
--region us-east-1
--cluster-name cc-eks-webapp-cluster
--nodegroup-name cc-webapp-cluster-node-001
04 The command output should return the information available for the deleted node group:
{
"nodegroup": {
"nodegroupName": "cc-webapp-cluster-node-001",
"nodegroupArn": "arn:aws:eks:us-east-1:123456789012:nodegroup/cc-eks-webapp-cluster/cc-webapp-cluster-node-003/abcd1234-abcd-1234-abcd-1234abcd1234",
"clusterName": "cc-eks-webapp-cluster",
"version": "1.27",
"releaseVersion": "1.27.1-20230607",
"createdAt": "2023-06-29T09:48:06.504000+00:00",
"modifiedAt": "2023-06-29T14:37:47.087000+00:00",
"status": "CREATING",
"capacityType": "ON_DEMAND",
"scalingConfig": {
"minSize": 1,
"maxSize": 2,
"desiredSize": 2
},
"instanceTypes": [
"t3.medium"
],
"subnets": [
"subnet-0abcd1234abcd1234",
"subnet-01234abcd1234abcd"
],
"remoteAccess": {
"ec2SshKey": "terminal.key"
},
"amiType": "AL2_x86_64",
"nodeRole": "arn:aws:iam::123456789012:role/cc-eks-node-role",
"diskSize": 20,
"health": {
"issues": []
},
"updateConfig": {
"maxUnavailable": 1
},
"tags": {}
}
}
05 Repeat steps no. 1 - 4 for each EKS cluster node group that you want to re-create.
06 Repeat steps no. 1 – 5 for each Amazon EKS cluster provisioned in the selected AWS region.
07 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other AWS regions.