What Changed
Reverted AWS EKS connector CloudFormation templates to resolve deployment issues that prevented successful infrastructure provisioning for EKS audit log collection.
Connector Impact
The AWS EKS CCF connector enables ingestion of Amazon Elastic Kubernetes Service audit logs into Microsoft Sentinel through an automated CloudFormation deployment. This fix addresses:
- Template syntax errors in the mainTemplate.json that caused deployment failures
- Corrected CloudFormation template structure for both OIDC authentication provider and EKS resources deployment
- Fixed release notes date field (corrected from future date 12-03-2026 to proper historical date)
Infrastructure Components Fixed
The connector deploys critical AWS infrastructure including:
- OpenID Connect (OIDC) identity provider for Microsoft Sentinel authentication
- IAM roles and policies for cross-account access
- S3 bucket for EKS audit log storage
- SQS queue for S3 event notifications
- Kinesis Data Firehose delivery stream with Lambda transformation
- CloudWatch Logs subscription filters
Deployments using the previous broken templates would fail at provisioning, resulting in zero EKS audit log data reaching Microsoft Sentinel. This revert ensures successful infrastructure deployment and restoration of Kubernetes security monitoring capabilities.
Affected Files
Solutions/AWS EKS/Data Connectors/AWSEKS_ConnectorDefinition.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, Solution_AWSEKS.json, mainTemplate.json)