How do I connect to a private Amazon EKS cluster endpoint from outside the Amazon VPC?
Last updated: 2020-01-17
I want to connect to a private Amazon Elastic Kubernetes Service (Amazon EKS) cluster endpoint from outside of the Amazon Virtual Private Cloud (Amazon VPC). For example, I want to connect a peered VPC to AWS Direct Connect.
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.
Consider the following:
- You can use a peered VPC to automatically resolve to the private Amazon EKS cluster endpoint.
- If you enable only private endpoint access, Amazon EKS automatically advertises the private IP addresses of the private endpoints through the public DNS name for the API server.
- Clients (such as kubectl from the Kubernetes website) that are configured through the AWS CLI aws eks update-kubeconfig command or eksctl use the public endpoint DNS name to resolve and connect to private endpoints through the peered VPC automatically.
For more information, see Amazon EKS cluster endpoint access control.