Posted On: Jun 3, 2022

You can now resolve the private Kubernetes API server endpoint of your Amazon Elastic Kubernetes Service (EKS) cluster in AWS GovCloud (US) regions. This allows you to easily connect to an EKS cluster that is only accessible within a VPC, including when using AWS services such as AWS Direct Connect and VPC peering.

When only the private endpoint is enabled, Amazon EKS automatically advertises the private IP addresses of the private endpoint from the public endpoint. Clients (such as the kubectl CLI tool) use the public endpoint as a DNS resolver to connect to the private endpoint through a peered VPC automatically. Since the resolved addresses are always private IPs, clients without access to the private VPC may resolve the IP, but are unable to connect to the cluster.

Private endpoint DNS resolution is available for all newly created Amazon EKS clusters today in AWS GovCloud (US) regions, and is automatically enabled for all existing clusters with only the private endpoint enabled. Learn more in the Amazon EKS documentation.