CloudWiki
Rules
Critical

EKS cluster delete alarm

Availability
No items found.
Description

The EKS delete alarm alarm monitors and alerts on any deletion of an Amazon Elastic Kubernetes Service (EKS) cluster. When the alarm is triggered by a deletion event, This rule helps to ensure that critical resources in an EKS cluster are not accidentally or maliciously deleted, and can help prevent service outages and data loss.

Remediation

If you have been notified about an EKS cluster being deleted, the following are the remediation steps you should take:

  1. Check if the EKS cluster is really deleted by verifying its status in the AWS Management Console or by running the 'describe-cluster' command using AWS CLI.
  2. If the EKS cluster is really deleted, you should check if you have a backup of the EKS cluster configuration, including the worker nodes and the services running in the cluster.
  3. If you have a backup, you can restore the EKS cluster configuration from the backup.
  4. If you do not have a backup, you can create a new EKS cluster and configure it as per your requirements. You will also need to deploy the worker nodes and services in the new EKS cluster.
  5. You should also review your security controls and access policies to identify how the deletion of the EKS cluster occurred and take steps to prevent it from happening again in the future.
  6. It is also recommended to review your monitoring and alerting configurations to ensure that you are notified of any unusual activity or configuration changes in your EKS cluster, such as the deletion of the cluster.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.