Disable EKS Auto Mode - Amazon EKS
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Help improve this page

Want to contribute to this user guide? Choose the Edit this page on GitHub link that is located in the right pane of every page. Your contributions will help make our user guide better for everyone.

Disable EKS Auto Mode

You can disable EKS Auto Mode on an existing EKS Cluster. This is a destructive operation.

  • EKS will terminate all EC2 instances operated by EKS Auto Mode.

  • EKS will delete all Load Balancers operated by EKS Auto Mode.

  • EKS will not delete EBS volumes provisioned by EKS Auto Mode.

EKS Auto Mode is designed to fully manage the resources that it creates. Manual interventions could result in EKS Auto Mode failing to completely clean up those resources when it is disabled. For example, if you referred to a managed Security Group from external Security Group rules, and forget to remove that reference before you disable EKS Auto Mode for a cluster, the managed Security Group will leak (not be deleted). Steps below describe how to remove a leaked Security Group if that should happen.

Disable EKS Auto Mode (Amazon Console)

  1. Open your cluster overview page in the Amazon Management Console.

  2. Under EKS Auto Mode select Manage

  3. Toggle EKS Auto Mode to off.

If any managed Security Group is not deleted at the end of this process, you can delete it manually using descriptions from Delete a security group.

Disable EKS Auto Mode (Amazon CLI)

Use the following command to disable EKS Auto Mode on an existing cluster.

You need to have the aws CLI installed, and be logged in with sufficent permissions to manage EKS clusters. For more information, see Set up to use Amazon EKS.

Note

The compute, block storage, and load balancing capabilities must all be enabled or disabled in the same request.

aws eks update-cluster-config \ --name $CLUSTER_NAME \ --compute-config enabled=false \ --kubernetes-network-config '{"elasticLoadBalancing":{"enabled": false}}' \ --storage-config '{"blockStorage":{"enabled": false}}'

You can check if a leaked EKS Auto Mode Security Group failed to be deleted after disabling EKS Auto Mode as follows:

aws ec2 describe-security-groups \ --filters Name=tag:eks:eks-cluster-name,Values=<cluster-Name> Name=tag-key,Values=ingress.eks.amazonaws.com/resource,service.eks.amazonaws.com/resource --query "SecurityGroups[*].[GroupName]"

To then delete the Security Group:

aws ec2 delete-security-group --group-name=<sg-name>