AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
EKS Clusters Should Use The Latest Stable Version of Kubernetes
More Info:
Amazon Elastic Kubernetes Service (EKS) clusters should be using the latest stable version of Kubernetes container-orchestration system, in order to follow AWS best practices, receive the latest Kubernetes features, design updates and bug fixes, and benefit from better security and performance.
Risk Level
Low
Address
Security, Reliability, Performance
Compliance Standards
HIPAA, AWSWAF, HITRUST, NISTCSF
Triage and Remediation
Remediation
To remediate the misconfiguration “EKS Clusters Should Use The Latest Stable Version of Kubernetes” for AWS using the AWS console, follow the steps below:
- Log in to the AWS Management Console.
- Navigate to the Amazon EKS console.
- Select the EKS cluster that you want to update.
- Click on the “Update” button to update the cluster.
- In the “Update EKS Cluster” dialog box, select the latest stable version of Kubernetes from the “Kubernetes version” dropdown menu.
- Click on the “Next” button.
- Review the changes and click on the “Update” button to apply the changes.
Once the update is completed, your EKS cluster will be running on the latest stable version of Kubernetes. It is recommended to test your applications on the updated cluster to ensure that they are working as expected.
To remediate this misconfiguration for AWS EKS using AWS CLI, follow these steps:
-
Open the AWS CLI and ensure that you have the necessary permissions to make changes to the EKS cluster.
-
Check the current version of Kubernetes that is being used by the EKS cluster. Use the following command:
aws eks describe-cluster --name <cluster-name> --query "cluster.version" -
Check the latest stable version of Kubernetes available for EKS. You can find this information in the AWS documentation or by using the following command:
aws eks describe-cluster --name <cluster-name> --query "cluster.latestVersion" -
If the current version of Kubernetes is not the latest stable version, update the EKS cluster to use the latest version. Use the following command:
aws eks update-cluster-version --name <cluster-name> --kubernetes-version <latest-version>Replace
<cluster-name>with the name of your EKS cluster and<latest-version>with the latest stable version of Kubernetes available for EKS. -
Wait for the update to complete. You can check the status of the update using the following command:
aws eks describe-update --name <cluster-name> --update-id <update-id> --query "update.status"Replace
<cluster-name>with the name of your EKS cluster and<update-id>with the ID of the update. -
Once the update is complete, verify that the EKS cluster is now using the latest stable version of Kubernetes. Use the following command:
aws eks describe-cluster --name <cluster-name> --query "cluster.version"The output should show the latest version of Kubernetes that you specified in step 4.
That’s it! Your EKS cluster is now using the latest stable version of Kubernetes.
To remediate this misconfiguration for AWS EKS clusters using Python, you can follow the below steps:
Step 1: Install the AWS SDK for Python (Boto3) using the following command:
pip install boto3
Step 2: Use the Boto3 EKS client to describe the cluster and get the current Kubernetes version. You can use the following code snippet:
import boto3
# Create an EKS client
eks_client = boto3.client('eks')
# Describe the cluster to get the current Kubernetes version
cluster_name = '<your_cluster_name>'
response = eks_client.describe_cluster(name=cluster_name)
kubernetes_version = response['cluster']['version']
Step 3: Use the Boto3 EKS client to update the Kubernetes version of the cluster to the latest stable version. You can use the following code snippet:
import boto3
# Create an EKS client
eks_client = boto3.client('eks')
# Update the Kubernetes version of the cluster to the latest stable version
cluster_name = '<your_cluster_name>'
response = eks_client.update_cluster_version(name=cluster_name, version='latest')
Step 4: Verify that the Kubernetes version has been updated successfully by describing the cluster again. You can use the same code snippet as in Step 2.
import boto3
# Create an EKS client
eks_client = boto3.client('eks')
# Describe the cluster to verify the Kubernetes version
cluster_name = '<your_cluster_name>'
response = eks_client.describe_cluster(name=cluster_name)
kubernetes_version = response['cluster']['version']
Once you have completed these steps, you will have remediated the misconfiguration by updating the Kubernetes version of the AWS EKS cluster to the latest stable version.