Updating security agent
manually
When you manage the GuardDuty security agent manually, you are responsible to update it
for your account. For notification about new agent versions, you can subscribe to an RSS
feed to GuardDuty security agent release
versions.
You can update the security agent to the latest version to benefit from the added
support and improvements. If your current agent version is reaching an end of standard
support, then to continue using Runtime Monitoring (or EKS Runtime Monitoring), you must update your current
agent version. For information about release versions, see GuardDuty security agent for Amazon EKS
clusters.
- Console
-
Open the Amazon EKS console at https://console.aws.amazon.com/eks/home#/clusters.
-
Choose your Cluster name.
-
Choose Add-ons.
-
Under Add-ons, select GuardDuty
Runtime Monitoring.
-
Choose Edit to update the agent
details.
-
On the Configure GuardDuty Runtime Monitoring page, update
the details.
-
(Optional) Updating add-on configuration parameters
If your EKS add-on Version is 1.5.0 or above,
you can also update the add-on configuration settings.
-
Expand Optional configuration
settings to view the configuration
schema.
-
Update the parameter values based on the range provided in
Configure EKS add-on
parameters.
-
Choose Save changes to start the
update.
For Conflict resolution method, the option that you choose will
be used to resolve a conflict when you update the value of a parameter to a non-default value. For more
information about the listed options, see resolveConflicts
in the Amazon EKS API Reference.
- API/CLI
-
To update the GuardDuty security agent for your Amazon EKS clusters, see Updating an add-on.
For the add-on version
, if you choose v1.5.0 and above, Runtime Monitoring supports
configuring specific parameters of the GuardDuty agent. For information
about parameter ranges, see Configure EKS add-on
parameters.
You can use the following AWS CLI example when using configurable values
supported for addon versions v1.5.0 and above. Make sure to replace the
placeholder values highlighted in red and the associated
Example.json
with the configured values.
aws eks update-addon --region us-east-1
--cluster-name myClusterName
--addon-name aws-guardduty-agent --addon-version v1.5.0-eksbuild.1
--configuration-values 'file://example.json'
Example.json
{
"priorityClassName": "aws-guardduty-agent.priorityclass-high",
"dnsPolicy": "Default",
"resources": {
"requests": {
"cpu": "237m",
"memory": "512Mi"
},
"limits": {
"cpu": "2000m",
"memory": "2048Mi"
}
}
}
If your Amazon EKS add-on version is 1.5.0 or above, and you have configured the add-on
schema, you can verify whether or not the values appear correctly for your cluster. For
more information, see Verifying configuration schema
updates.