How to Connect to EKS Worker Nodes [5 Steps]

In this tutorial, we will learn about how to connect to EKS worker nodes using 5 steps. In Kubernetes, workloads are deployed in containers and containers are deployed in pods. A pod can have one or more containers deployed. These can be combination of  main containers, sidecar containers and init containers. All the workload pods are deployed in worker nodes and management of all these worker nodes are done by master nodes. Hence, we often need to SSH to the worker nodes for troubleshooting workload related bugs.


What are Worker Nodes

In Kubernetes, worker nodes are the nodes in cluster where actual workloads are running. In EKS, after provisioning the EKS cluster, we create one or more Node Groups. Each node group is a collection of worker nodes. Each worker node is a standard Amazon EC2 instance. A cluster can have multiple node groups depending on the requirements of an application.


How to Connect to EKS Worker Nodes [5 Steps]

How to Connect to EKS Worker Nodes [5 Steps]

Please follow below steps to learn how to connect to EKS worker nodes. Before starting on below steps, please make sure prerequisites are met.



Step-1: Verify SSH Enabled in Node Group

In this step, go to Amazon EKS service and click on your EKS cluster.  Under compute tab, select  node group name where you want to access nodes via SSH. Check if SSH connectivity is enabled for that node group. If Configure SSH access to nodes is set to on, it means SSH access is enabled for the current node group as shown below.



Step-2: Copy .pem file

In this step,  copy .pem key file from your local machine to your current terminal. If you have kept the key file in windows machine, you can use tools like WinSCP to copy the file from local to current terminal. After copied, check if file is present in the machine using below command.

[ec2-user@linuxnasa~]$ ll
-rwx------. 1 ec2-user ec2-user 1434 Mar 25 14:06 ec2-instance-key.pem



If the current format of key file is  .ppk , you can convert the format to .pem  using .ppk to .pem online converter.


Step-3: List down Worker Nodes

In this step, list down all the worker nodes in your cluster using below command. -o wide flag will show the ip of each worker node.

[ec2-user@linuxnasa~]$ kubectl get node -o wide
NAME                                          STATUS ROLES  AGE   VERSION                 INTERNAL-IP    EXTERNAL-IP OS-IMAGE        KERNEL-VERSION                CONTAINER-RUNTIME
ip-10-120-180-56.ap-south-1.compute.internal  Ready  <none>  40m  v1.22.17-eks-a59e1f0  <none>      Amazon Linux 2  5.4.238-148.346.amzn2.x86_64  docker://20.10.17
ip-10-120-180-44.ap-south-1.compute.internal   Ready  <none>  40m  v1.22.17-eks-a59e1f0  <none>      Amazon Linux 2  5.4.238-148.346.amzn2.x86_64  docker://20.10.17


Step-4: Change .pem Key file permission

In this step, give the .pem key file executable permission using below command. 700 file permission will give all the access to only the file owner.  Groups and others will be restricted to access this key file.

[ec2-user@linuxnasa~]$ chmod 700 ec2-instance-key.pem


Step-5: Connect to a Worker Node

In this step after changing the permission of .pem file, try to connect to any of the worker node using .pem file using below command. For the first time login to any worker node, it will ask for connectivity confirmation as shown below.

[ec2-user@linuxnasa~]$ ssh -i ec2-instance-key.pem [email protected]
The authenticity of host ' (' can't be established.
ED25519 key fingerprint is SHA256:sOSdewFpU3MRtWSWGUl4/HBpj3WpvkWQ3Ll0LAoxSoE.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '' (ED25519) to the list of known hosts.
Last login: Thu Apr 6 01:36:42 2023 from

__| __|_ )
_| ( / Amazon Linux 2 AMI
[ec2-user@ip-10-120-180-44 ~]$

In above command

ec2-user: user as which connect to worker node Ip of the worker node



In this tutorial, we learnt about how we can connect to worker nodes Using SSH. Depending on the workload, nodes in node groups get scaled up or scaled down. The scaling takes place depending on the configuration that was done while creating the node group. You can  explore more on  how workload deployment works in EKS. Read more about workloads and its management here .



Leave a Comment