Amazon EKS Documentation

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service that you can use to run Kubernetes on AWS and on-premises. Kubernetes is a third party open-source system designed for automating deployment, scaling, and management of containerized applications. Amazon EKS is certified Kubernetes-conformant, so existing applications that run on upstream Kubernetes are compatible with Amazon EKS.

Amazon EKS is designed to manage the availability and scalability of the Kubernetes control plane nodes responsible for scheduling containers, managing application availability, storing cluster data, and other key tasks.

Amazon EKS lets you run your Kubernetes applications on both Amazon Elastic Compute Cloud (Amazon EC2) and AWS Fargate.

Amazon EKS provides a scalable and available Kubernetes control plane running across multiple AWS Availability Zones (AZs). Amazon EKS manages availability and scalability of Kubernetes API servers and etcd persistence layer. Amazon EKS runs the Kubernetes control plane across three AZs for high availability, and is designed to detect and replace unhealthy control plane nodes.

AWS Controllers for Kubernetes (ACK) gives you management control over AWS services from within your Kubernetes environment. ACK enables you to build scalable and available Kubernetes applications utilizing AWS services.

EKS provides an integrated console for Kubernetes clusters. Cluster operators and application developers can use EKS as a single place to organize, visualize, and troubleshoot your Kubernetes applications running on Amazon EKS. The EKS console is hosted by AWS and is available for EKS clusters.

EKS add-ons are operational software for extending the Kubernetes operational functionality. You can use EKS to install and keep the add-on software up-to-date. When you start an Amazon EKS cluster, select the add-ons you would like to run in the cluster, including Kubernetes tools for observability, networking, auto-scaling, and AWS service integrations.

Amazon EKS lets you create, update, scale, and terminate nodes for your cluster with a single command. These nodes can also leverage Amazon EC2 Spot Instances to reduce costs. Managed node groups run Amazon EC2 instances using the latest EKS-optimized or custom Amazon Machine Images (AMIs) in your AWS account, while updates and terminations drain nodes designed to keep your applications available.

You can use EKS on AWS Outposts to run containerized applications requiring low latencies to on-premises systems. AWS Outposts is a managed service that extends AWS infrastructure, AWS services, APIs, and tools to many connected sites. With EKS on Outposts, you can manage containers on-premises in the same way that you manage your containers in the cloud.

You can attach nodes running in AWS Local Zones or AWS Wavelength to EKS, giving you more choices for AWS-managed infrastructure at the edge.

Amazon EKS Distro packages up the same open-source Kubernetes software distribution used in Amazon EKS on AWS for use on your own on-premises infrastructure. Manage EKS Distro clusters with your own tooling or with Amazon EKS Anywhere.

Use the eksctl command-line tool to get up and running with Amazon EKS. Run an "eksctl create cluster" command to create your EKS cluster. You can use eksctl for cluster management and operations including managing nodes and add ons.

Amazon EKS supports Windows worker nodes and Windows container scheduling. EKS supports running Windows worker nodes alongside Linux worker nodes, allowing you to use the same cluster for managing applications on either operating system.

AWS Graviton2 processors power Arm-based EC2 instances. Amazon EKS on AWS Graviton2 is generally available where both services are available Regionally.

Amazon EKS helps you to provide security for your Kubernetes clusters, with advanced features and integrations to AWS services and technology partner solutions. For example, IAM provides fine-grained access control and Amazon VPC isolates your Kubernetes clusters from other customers.

Amazon EKS supports IPv6, enabling customers to scale containerized applications on Kubernetes beyond limits of private IPv4 address space. With EKS support for IPv6, pods are assigned a globally routable IPv6 address, allowing you to scale applications in your cluster without consuming limited private IPv4 address space. This globally routable IPv6 address can be used to directly communicate with any IPv6 endpoint in your Amazon VPC, on-premises network, or the public internet. Further, EKS configures networking so that pods can still communicate with IPv4 based endpoints outside the cluster, enabling you to adopt the benefits of IPv6 using Kubernetes without requiring that all dependent services deployed across your organization are migrated to IPv6.

AWS Cloud Map is a cloud resource discovery service. With Cloud Map, you can define custom names and maintain updated locations of dynamically changing application resources. This increases your application availability because because your web service always discovers the most up-to-date resource locations. Cloud Map works with external-dns, an open-source Kubernetes connector that propagates internal service locations to the Cloud Map service registry as Kubernetes services launch, and removes them upon termination. Kubernetes-based services are discoverable via Cloud Map, which provides a unified service registry for all container workloads.

Service mesh standardizes how microservices within your application communicate, so you can build and run complex microservices applications. AWS App Mesh is designed to configure your application for end-to-end visibility and high-availability. You can use the AWS App Mesh controller for Kubernetes to create new services connected to the mesh, define traffic routing, and configure security features like encryption. Additionally, App Mesh allows you to register your Kubernetes pods in AWS Cloud Map for service discovery. App Mesh exports metrics, logs, and traces to the endpoints specified in the Envoy bootstrap configuration provided. App Mesh provides an API to configure traffic routes, circuit breaking, retries, and other controls between mesh enabled microservices. App Mesh Mutual TLS helps encrypt all requests between services even when they occur in your private networks. Furthermore, you can add authentication controls to enable communication only between services you allow.

Your EKS clusters run in an Amazon VPC, allowing you to use your own VPC security groups and network access control lists (ACLs). No compute resources are shared with other customers, which provides you a high level of isolation to build secure and reliable applications. EKS uses the Amazon VPC container network interface (CNI), allowing Kubernetes pods to receive IP addresses from the VPC. Amazon EKS works with the Project Calico network policy engine to provide fine-grained networking policies for your Kubernetes workloads. Use the Kubernetes network policy API to control access on a per-service basis.

Amazon EKS integrates Kubernetes RBAC (the native role based access control system for Kubernetes) with AWS IAM. You can assign RBAC roles directly to each IAM entity, allowing granular access permission control over your Kubernetes control plane nodes.

Amazon EKS allows you to assign IAM permissions to your Kubernetes service accounts. The IAM role can control access to other containerized services, AWS resources external to the cluster such as databases and secrets, or third-party services and applications running outside of AWS. This gives you fine-grained, pod-level access control when running clusters with multiple co-located services while simplifying cluster availability and cost optimization.

Amazon EKS supports using Elastic Load Balancing including Application Load Balancer (ALB), Network Load Balancer (NLB), and Classic Load Balancer.

You can run standard Kubernetes cluster load balancing or any Kubernetes-supported ingress controller with your Amazon EKS cluster.

EKS supports AWS Fargate to run your Kubernetes applications using serverless compute. Fargate removes the need to provision and manage servers, lets you specify and pay for resources per application, and helps you improve security through application isolation.

Amazon EKS simplifies the process of understanding the costs associated with your Kubernetes usage, both at the cluster level, and the individual application level.

Amazon EKS adds an AWS cost allocation tag to every EC2 instance that joins a cluster. This frees you from having to enforce a custom tagging policy across your organization to gain insights into cluster level costs. After you activate the EKS cluster name cost allocation tag in the AWS Billing Console, you can use AWS Cost and Usage reports to track your EC2 costs associated with EKS clusters.

Amazon EKS supports Kubecost which enables you to monitor costs broken down by Kubernetes resources including pods, nodes, namespaces, and labels. Kubernetes platform administrators and finance leaders can use Kubecost to visualize a breakdown of their Amazon EKS associated charges, allocate costs, and charge back to organizational units such as application teams. You can provide your internal teams and business units with transparent and accurate cost data based on their actual AWS bill and get customized recommendations for cost optimization based on their infrastructure environment and usage patterns within their clusters.

Amazon EKS is integrated with AWS CloudTrail to provide visibility into EKS management operations, including audit history. You can use CloudTrail to view API calls to the Amazon EKS API. Amazon EKS also delivers Kubernetes control plane logs to Amazon CloudWatch for analysis, debugging, and auditing.

Amazon EKS runs upstream Kubernetes and is certified Kubernetes-conformant, so you can use all the existing plug-ins and tooling from the Kubernetes community. Applications running on Amazon EKS are compatible with applications running on standard Kubernetes environment, whether running in on-premises data centers or public clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without refactoring your code.

Amazon EKS makes it easy to update running clusters to the latest Kubernetes version without managing the update process. Kubernetes version updates are done in place, removing the need to create new clusters or migrate applications to a new cluster.

As new Kubernetes versions are released and validated for use with Amazon EKS, we will support three stable Kubernetes versions at any given time as part of the update process. You can initiate new version installation and review in-flight update status via the SDK, CLI or AWS Console.

Amazon EKS provides an optimized Amazon Machine Image (AMI) that includes configured NVIDIA drivers for GPU-enabled Amazon EC2 instances. This makes it easy to use Amazon EKS to run computationally advanced workloads, including machine learning (ML), Kubeflow, deep learning (DL) containers, high performance computing (HPC), financial analytics, and video transcoding.

Amazon EKS is compatible with Kubernetes community tools and supports popular Kubernetes add-ons. These include CoreDNS, which creates a DNS service for your cluster, and both the Kubernetes Dashboard web-based UI and the kubectl command line tool, which help access and manage your cluster on Amazon EKS.

For more information, see the Kubernetes community tools GitHub page.

Amazon EKS allows you to connect any conformant Kubernetes cluster to AWS and visualize it in the Amazon EKS console. You can connect any conformant Kubernetes cluster, including Amazon EKS Anywhere clusters running on-premises, self-managed clusters on Amazon Elastic Compute Cloud (Amazon EC2), and other Kubernetes clusters running outside of AWS. Regardless where your cluster is running, you can use the Amazon EKS console to view connected clusters and the Kubernetes resources running on them.

For additional information about service controls, security features and functionalities, including, as applicable, information about storing, retrieving, modifying, restricting, and deleting data, please see https://docs.aws.amazon.com/index.html. This additional information does not form part of the Documentation for purposes of the AWS Customer Agreement available at http://aws.amazon.com/agreement, or other agreement between you and AWS governing your use of AWS’s services.