Posted On: Dec 18, 2023

Amazon Elastic Kubernetes Service (EKS) now supports simplified configuration of AWS Identity and Access Management (IAM) users and roles with Kubernetes clusters, through a new set of APIs that tightly integrate IAM identities with Kubernetes authentication and authorization controls.

EKS already supports IAM identity authentication to Kubernetes clusters, removing the burden from cluster administrators of having to maintain and integrate a separate identity provider. This integration enables administrators to leverage IAM security features such as audit logging and multi-factor authentication. EKS access management controls introduced today simplify the process of mapping IAM to Kubernetes identities, by allowing administrators to fully define authorized IAM principals and their associated Kubernetes permissions directly through an EKS API during or after cluster creation. The IAM identity used to create a EKS cluster can have its Kubernetes permissions removed or scoped down to comply with security requirements, and control of a cluster can always be restored to an AWS account administrator. Other AWS services can use EKS access management controls to automatically obtain permissions to run applications on EKS clusters. EKS access management controls simplify the amount of work administrators need to do in order to create and manage clusters that are shared by multiple users and other AWS services.

EKS access management controls are supported in all AWS regions for newly created clusters using Kubernetes version 1.23 or later. Existing clusters need to be updated to a supported EKS platform version before using this feature. To get started visit the EKS documentation. To learn more about the feature, see the launch blog.