Amazon EKS Introduces Kubernetes API Server Endpoint Access Control

Posted on: Mar 19, 2019

You can now control access to the Kubernetes API server endpoint managed by Amazon Elastic Container Service for Kubernetes (EKS), so that traffic between Kubernetes worker nodes, the Kubectl command line tool, and the EKS-managed Kubernetes API server stays within your Amazon Virtual Private Cloud (VPC). This allows you to isolate the Kubernetes control plane and worker nodes within your VPC, providing an additional layer of protection to harden clusters against malicious attack and accidental exposure.

Previously, the Kubernetes API endpoint was accessible from outside of your VPC. Worker nodes needed to call outside of your VPC to get the correct IP addresses to connect to the API server and access to the API server was limited using security groups.

Now, you can manage access to the endpoint so that all traffic to the API server stays within your VPC. This gives you an additional layer of security and control over your Kubernetes clusters managed by EKS.

To learn more, visit the Amazon EKS documentation.