Usually caused by the worker nodes not being able to contact the API server on the control plane. Things to check:

1. Check the “Cluster security group” and “Additional security groups” in the EKS cluster. They need to allow traffic to the 443 and 1025-65535 ports
2. The EC2 instance (the worker nodes) need to have an IAM role with following permission policies AmazonEKSWorkerNodePolicy, AmazonEC2ContainerRegistryReadOnly, AmazonEKS_CNI_Policy

• aws cli commands