Posted On: Oct 24, 2023
Amazon Elastic Kubernetes Service (EKS) announced that customers can now bring their own managed IAM policies for use with EKS clusters, helping them meet regulatory and compliance requirements with fine grained control over what IAM permissions their Kubernetes clusters can assume.
The EKS create cluster and create node group APIs require IAM roles with permissions attached to perform cluster operations like creating load balancers, describing and tagging EC2 instances, and downloading container images. EKS vends AWS managed policies to simplify the process of staying up to date on these required permissions. Now, you can attach customer managed policies to the cluster and node group IAM roles, and more easily meet compliance requirements, especially in highly regulated industries.
Support for customer managed policies is available for newly created clusters and managed node groups starting today in all AWS Regions. To get started, visit the EKS documentation.