Posted On: Dec 20, 2019
Amazon Elastic Kubernetes Service (EKS) now allows you to restrict access to your Kubernetes cluster’s public endpoint by specifying allowed IPv4 address ranges in CIDR notation. This allows you to implement network-based access control to your public endpoint.
Amazon EKS supports public and private endpoints for the Kubernetes API server, which is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes Role Based Access Control (RBAC). The private endpoint is accessible only from within your cluster’s VPC. Previously, the public endpoint was open to the internet, and there was no way to restrict clients from making requests to the public endpoint without disabling it.
Now, when the public endpoint is enabled, you can choose to further restrict access by specifying IPv4 address ranges from which connection requests can be made. Any client with an IP address outside this range will not be able to connect to the public endpoint. This access control can be configured using the AWS Console, AWS SDKs, or eksctl.