Migrating from EKS Runtime Monitoring to Runtime Monitoring - Amazon GuardDuty
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Migrating from EKS Runtime Monitoring to Runtime Monitoring

With the launch of GuardDuty Runtime Monitoring, the threat detection coverage has been expanded to Amazon ECS containers and Amazon EC2 instances. EKS Runtime Monitoring has now been consolidated into Runtime Monitoring. You can enable Runtime Monitoring and manage individual GuardDuty security agents for each resource type (Amazon EC2 instance, Amazon ECS cluster, and Amazon EKS cluster) for which you want to monitor the runtime behavior.

There is no separate GuardDuty console experience for EKS Runtime Monitoring. To continue using EKS Runtime Monitoring, you need to configure it using APIs or the Amazon Command Line Interface.

To migrate from EKS Runtime Monitoring to Runtime Monitoring

  1. The GuardDuty console supports EKS Runtime Monitoring as a part of Runtime Monitoring.

    You can start using Runtime Monitoring by Checking EKS Runtime Monitoring configuration status of your organization and accounts.

    Make sure to not disable EKS Runtime Monitoring before enabling Runtime Monitoring. If you disable EKS Runtime Monitoring, the Amazon EKS add-on management will also get disabled. Continue with the following steps in the listed order.

  2. Make sure you meet all the Prerequisites to enabling Runtime Monitoring.

  3. Enable Runtime Monitoring by replicating the same organization configuration settings for Runtime Monitoring as you have for EKS Runtime Monitoring. For more information, see Enabling Runtime Monitoring.

    • If you have a standalone account, you need to enable Runtime Monitoring.

      If your GuardDuty security agent is deployed already, the corresponding settings are replicated automatically and you don't need to configure the settings again.

    • If you have an organization with auto-enablement settings, make sure to replicate the same auto-enablement settings for Runtime Monitoring.

    • If you have an organization with settings configured for existing active member accounts individually, make sure to enable Runtime Monitoring and configure the GuardDuty security agent for these members individually.

  4. After you have ensured that the Runtime Monitoring and GuardDuty security agent settings are correct, disable EKS Runtime Monitoring by using either the API or the Amazon CLI command.

  5. (Optional) if you want to clean any resource associated with the GuardDuty security agent, see Cleaning up GuardDuty security agent resources.

If you want to continue using EKS Runtime Monitoring without enabling Runtime Monitoring, see Configuring EKS Runtime Monitoring (API only).