Posted On: Dec 28, 2023

Amazon Elastic Kubernetes Service (EKS) customers can now leverage EC2 security groups to secure applications in clusters using Internet Protocol version 6(IPv6) address space.

Today, EKS supports IPv6 enabling customers to scale containerized applications on Kubernetes beyond limits of private IPv4 address space. Kubernetes cluster administrators often have to operate in environments where IPv6 and IPv4 networks coexist. Until today, they could use network security rules that span pod to pod and pod to external Amazon Web Services service traffic defined in a single place with EC2 security groups, and applied to individual pods in IPv4 clusters. With this launch, customers can apply EC2 security groups for pods in both IPv4 and IPv6 clusters. Together with support for Amazon VPC CNI network policies customers have an option for controlling network traffic within the cluster, while using security groups to control access to Amazon Web Services resources such as Amazon RDS outside the cluster.

Support for assigning security groups to IPv6 pods is available for most AWS Nitro based instances launched with new EKS clusters running Kubernetes version 1.25 and above. To get started, visit the Amazon EKS documentation and blog.