Prerequisites for Amazon EKS cluster support - Amazon GuardDuty

Prerequisites for Amazon EKS cluster support

Validating architectural requirements

The platform that you use may impact how GuardDuty security agent supports GuardDuty in receiving the runtime events from your EKS clusters. You must validate that you're using one of the verified platforms. If you're managing the GuardDuty agent manually, ensure that the Kubernetes version supports the GuardDuty agent version that is currently in use.

Verified platforms

The OS distribution, kernel version, and CPU architecture affect the support provided by the GuardDuty security agent. The following table shows the verified configuration for deploying the GuardDuty security agent and configuring EKS Runtime Monitoring.

OS distribution Kernel version Kernel support CPU architecture Supported Kubernetes version

x64 (AMD64)

Graviton (ARM64)

(Graviton2 and above)1

Ubuntu

5.4, 5.10, 5.15, 6.12

eBPF Tracepoints, Kprobe

Supported

Supported

v1.21 - v1.29

AL2

AL20233

Bottlerocket

v1.23 - v1.29

  1. Runtime Monitoring for Amazon EKS clusters doesn't support the first generation Graviton instance such as A1 instance types.

  2. Presently, with Kernel version 6.1, GuardDuty can't generate Runtime Monitoring finding types that are related to DNS events.

  3. Runtime Monitoring supports AL2023 with the release of the GuardDuty security agent v1.6.0 and above. For more information, see GuardDuty security agent for Amazon EKS clusters.

Kubernetes versions supported by GuardDuty security agent

The following table shows the Kubernetes versions for your EKS clusters that are supported by GuardDuty security agent.

Kubernetes version Amazon EKS add-on GuardDuty security agent version

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

1.29

Supported

Supported

Supported

Supported

Supported

Not supported

Not supported

Not supported

Not supported

Not supported

1.28

Supported

Supported

1.27

Supported

1.26

Supported

1.25

Supported

1.24

1.23

1.22

1.21

Some of the GuardDuty security agent versions will reach end of standard support. For information about the agent release versions, see GuardDuty security agent for Amazon EKS clusters.

CPU and memory limits

The following table shows the CPU and memory limits for the Amazon EKS add-on for GuardDuty (aws-guardduty-agent).

Parameter Minimum limit Maximum limit

CPU

200m

1000m

Memory

256 Mi

1024 Mi

When you use Amazon EKS add-on version 1.5.0 or above, GuardDuty provides the capability to configure the add-on schema for your CPU and memory values. For information about the configurable range, see Configurable parameters and values.

After you enable EKS Runtime Monitoring and assess the coverage status of your EKS clusters, you can set up and view the container insight metrics. For more information, see Setting up CPU and memory monitoring.

Next step

The next step is to configure Runtime Monitoring, and also manage the security agent either manually or automatically through GuardDuty.