- Containers›
- Amazon EKS›
- FAQs
Amazon EKS FAQs
General
What is Amazon Elastic Kubernetes Service (Amazon EKS)?
Amazon EKS is a managed service that makes it easy for you to run Kubernetes on AWS without installing and operating your own Kubernetes control plane or worker nodes.
What is Kubernetes?
Kubernetes is an open-source container orchestration system allowing you to deploy and manage containerized applications at scale. Kubernetes arranges containers into logical groupings for management and discoverability, then launches them onto clusters of Amazon Elastic Compute Cloud (Amazon EC2) instances. Using Kubernetes, you can run containerized applications including microservices, batch processing workers, and platforms as a service (PaaS) using the same toolset on premises and in the cloud.
Why should I use Amazon EKS?
Amazon EKS provisions and scales the Kubernetes control plane, including the application programming interface (API) servers and backend persistence layer, across multiple AWS Availability Zones (AZs) for high availability and fault tolerance. Amazon EKS automatically detects and replaces unhealthy control plane nodes and patches the control plane. You can run EKS using AWS Fargate, which provides serverless compute for containers. Fargate removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design.
Amazon EKS is integrated with many AWS services to provide scalability and security for your applications. These services include Elastic Load Balancing for load distribution, AWS Identity and Access Management (IAM) for authentication, Amazon Virtual Private Cloud (VPC) for isolation, and AWS CloudTrail for logging.
How does Amazon EKS work?
Amazon EKS works by provisioning (starting) and managing the Kubernetes control plane and worker nodes for you. At a high level, Kubernetes consists of two major components: a cluster of 'worker nodes' running your containers, and the control plane managing when and where containers are started on your cluster while monitoring their status.
Without Amazon EKS, you have to run both the Kubernetes control plane and the cluster of worker nodes yourself. With Amazon EKS, you provision your worker nodes using a single command in the EKS console, command-line interface (CLI), or API. AWS handles provisioning, scaling, and managing the Kubernetes control plane in a highly available and secure configuration. This removes a significant operational burden and allows you to focus on building applications instead of managing AWS infrastructure.
Which operating systems does Amazon EKS support?
Amazon EKS supports Kubernetes-compatible Linux x86, ARM, and Windows Server operating system distributions. Amazon EKS provides optimized AMIs for Amazon Linux 2, Bottlerocket, and Windows Server 2019. At this time, there is no Amazon EKS optimized AMI for AL2023. EKS- optimized AMIs for other Linux distributions, such as Ubuntu, are available from their respective vendors.
I have a feature request, who do I tell?
Please let us know what we can add or do better by opening a feature request on the AWS Container Services Public Roadmap
Integrations
Does Amazon EKS work with my existing Kubernetes applications and tools?
Amazon EKS runs the open-source Kubernetes software, so you can use all the existing plug-ins and tooling from the Kubernetes community. Applications running on Amazon EKS are fully compatible with applications running on any standard Kubernetes environment, whether running in on-premises data centers or public clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without any code modifications.
Does Amazon EKS work with AWS Fargate?
Yes. You can run Kubernetes applications as serverless containers using AWS Fargate and Amazon EKS.
What are Amazon EKS add-ons?
EKS Add-Ons let you enable and manage Kubernetes operational software, which provides capabilities like observability, scaling, networking, and AWS cloud resource integrations for your EKS clusters. At launch, EKS add-ons supports controlling the launch and version of the AWS VPC CNI plugin through the EKS API.
Why should I use Amazon EKS add-ons?
Amazon EKS add-ons provides one-click installation and management of Kubernetes operational software. Go from cluster creation to running applications in a single command, while easily keeping the operational software required for your cluster up to date. This ensures your Kubernetes clusters are secure and stable and reduces the amount of work needed to start and manage production-ready Kubernetes clusters on AWS.
Amazon EKS Auto Mode
What is Amazon EKS Auto Mode?
Amazon EKS Auto Mode that fully automates Kubernetes cluster management on AWS, simplifying operations by automatically provisioning infrastructure, scaling resources, managing core add-ons, and optimizing costs. EKS Auto Mode provides secure and scalable cluster infrastructure managed by AWS with integrated Kubernetes capabilities, like compute autoscaling, pod and service networking, application load balancing, cluster DNS, block storage, and GPU support. It is Kubernetes conformant, which means that customers can use all their favorite Kubernetes compatible tools with it. Applications running in EKS clusters can now use AWS-managed EC2 instances, EBS volumes, Load Balancers, and other cloud resources that are configured with proven best practices, automatically scaled, cost-optimized, and kept up-to-date, all while minimizing cost and operational overhead.
How can I get started with Amazon EKS Auto Mode?
Amazon EKS Auto Mode is available for new and existing EKS clusters running Kubernetes 1.29+ in all regions where EKS is available, except AWS GovCloud (US) and China Regions. To get started, simply use the EKS API, AWS Console, eksctl, or your preferred Infrastructure-as-Code (IaC) tooling to enable EKS Auto Mode in a new or existing cluster and specify the IAM Role its AWS-managed compute infrastructure should use. By default, EKS Auto Mode creates best-practice, general-purpose compute scaling configurations in your cluster which allows you to get started running applications quickly. For deeper customization, you can choose to disable these defaults and create additional compute scaling and infrastructure configurations using Kubernetes API in your cluster. |
How does Amazon EKS Auto Mode work?
Amazon EKS Auto Mode brings a combination of integrated Kubernetes capabilities and AWS-managed infrastructure, built specifically for modern applications, to all EKS clusters. Its capabilities are the foundation of what your Kubernetes applications need to run – compute, storage, networking, and monitoring. They are an integrated part of EKS that you never have to worry about installing, scaling, or managing. By default, they are setup according to AWS and Kubernetes best practices. For advanced use cases, you can further customize the infrastructure where your applications run by building on top of EKS Auto Mode’s best-practices without costly, ongoing operational work. To ensure your applications always have the infrastructure they need, EKS Auto Mode continuously observes them and configures, creates, and optimizes AWS-managed resources, (EC2 instances and EBS volumes) to meet their needs. The infrastructure where your applications run is automatically updated with the latest security and bug fixes in a way that keeps you secure and up-to-date while minimizing disruption to running applications.
What is AWS responsible for in EKS clusters using Amazon EKS Auto Mode?
Using Amazon EKS Auto Mode, AWS expands its responsibility compared to customer-managed AWS infrastructure in EKS clusters. In addition to operating the Kubernetes cluster control plane with EKS Auto Mode enabled, AWS also takes responsibility for securing, configuring, and managing the AWS infrastructure in EKS clusters your applications need to run. To do so, AWS infrastructure resources, like EC2 instances, in EKS clusters using EKS Auto Mode have limitations compared to their customer-managed counterparts. For example, you cannot connect remotely via SSH or SSM, modify the instance IAM role, replace the root volume, or attach additional ENIs to EC2 instances managed by EKS Auto Mode, as doing so would limit the ability for AWS to secure and manage them. |
What is the difference between Amazon EKS Auto Mode and EKS with AWS Fargate?
AWS EKS with Fargate remains an option for customers who want to run EKS, but Amazon EKS Auto Mode is the recommended approach moving forward. EKS Auto Mode is fully Kubernetes conformant, supporting all upstream Kubernetes primitives and platform tools like Istio, which Fargate is unable to support. EKS Auto Mode also fully supports all EC2 runtime purchase options, including GPU and Spot instances, enabling customers to leverage negotiated EC2 discounts and other savings mechanisms, these capabilities are not available when using EKS with Fargate. Furthermore, EKS Auto Mode allows customers to achieve the same isolation model as Fargate, using standard Kubernetes scheduling capabilities to ensure each EC2 instance runs a single application container. By adopting Amazon EKS Auto Mode, customers can unlock the full benefits of running Kubernetes on AWS - a fully Kubernetes-conformant platform that provides the flexibility to leverage the entire breadth of EC2 and purchasing options while retaining the ease of use and abstraction from infrastructure management that Fargate provides. |
How does Amazon EKS Auto Mode help keep my cluster compute secure and up-to-date?
Amazon EKS Auto Mode helps improve the security of your EKS clusters in three ways: 1/ the AWS-managed infrastructure created by EKS Auto Mode is configured according to AWS security best-practices and hardened according to the Center for Internet Security’s (CIS) Level 1 benchmarks, including: no remote access, an immutable root filesystem, and kernel-level mandatory access controls. 2/ EKS Auto Mode’s AWS-managed EC2 instances are updated with the latest security and bug fixes automatically by AWS as soon as they’re available. When possible, these patches are applied in-place without disrupting running applications or replacing instances. 3/ By default, EKS Auto Mode sets a fourteen-day (14) maximum lifetime for its AWS-managed EC2 instances which helps you meet industry-wide security and compliance best-practices. If your use case requires shorter or longer instance lifetimes, you can configure EKS Auto Mode with a duration that meets your needs, up to a maximum of 21 days. |
Can Amazon EKS Auto Mode help simplify Kubernetes version updates?
Yes, after upgrading the EKS control plane to a new Kubernetes version, new instances launched by EKS Auto Mode, due to applications scaling out, run with the latest Kubernetes software that matches the control plane version. Simultaneously, existing instances are gradually updated with Kubernetes software for the new Kubernetes version. Combined with the default 14-day maximum lifetime of instances launched by EKS Auto Mode, this means that, by default, your cluster will be fully and automatically upgraded no later than fourteen (14) days after upgrading your EKS cluster’s Kubernetes version. |
What Kubernetes capabilities does Amazon EKS Auto Mode come with?
Amazon EKS Auto Mode provides integrated and managed versions of essential Kubernetes capabilities, like compute, storage, networking, and monitoring. This includes managed versions of: 1/ the EKS Auto Mode’s agent which facilitates security and instance management, 2/ the containerd container runtime, a fundamental component that empowers Kubernetes to run containers effectively, 3/ the kubelet, which manages Kubernetes pods’ lifecycle and health on each compute instance, 4/ a network proxy that enables in-cluster routing, 5/ a managed, upstream-compatible Karpenter controller, 6/ the EBS, EFS, and S3 CSI controllers for storage, 7/ a managed version of the AWS VPC container network interface (CNI) for IP address management, pod networking, and network policies, 8/ CoreDNS for in-cluster service discovery, 9/ and AWS Load Balancer Controller for orchestrating external load balancers. |
How do Amazon EKS Auto Mode’s capabilities relate to EKS Add-Ons?
With Amazon EKS Auto Mode you don’t need to install or manage certain EKS Add-Ons, like the VPC CNI, CoreDNS, kube-proxy, and the CloudWatch Observability agent, because with EKS Auto Mode your EKS cluster includes integrated versions of the capabilities those Add-Ons provide. However, if you still have workloads not yet migrated to EKS Auto Mode, you need to continue to use those EKS Add-Ons for them. Other EKS Add-Ons, besides those replaced by EKS Auto Mode’s integrated capabilities, can be run on clusters using EKS Auto Mode. |
Can I see and configure the EC2 instances launched by Amazon EKS Auto Mode?
Yes, the managed EC2 instances launched by EKS Auto Mode can be viewed using the EC2 DescribeInstances API or AWS Console by default. Because these instances are managed by AWS, the actions you can take with EC2 APIs are limited to those that don’t impact EKS’s ability to fulfill its expanded operational responsibilities. By default, EKS Auto Mode comes with general-purpose compute configurations that are well-suited for common use cases. If needed, you can customize the EC2 instances launched by EKS Auto Mode. Modifications to EKS Auto Mode instances’ runtime configuration settings can be made using EKS Auto Mode’s Node Class Kubernetes API. |
Does Amazon EKS Auto Mode support Compute Savings Plans and Reserved Instances?
Yes. Compute Savings Plans and Reserved Instances are automatically applied when eligible EC2 instances are launched. See pricing page for more details. |
How can I observe the actions EKS Auto Mode takes on my cluster?
Amazon EKS Auto Mode’s Kubernetes capabilities are delivered via a set of integrated controllers that emit a variety of Kubernetes events that can be used to understand their behavior. |
Versions and updates
Which Kubernetes versions does Amazon EKS support?
See the Amazon EKS documentation for currently supported Kubernetes versions. Amazon EKS will continue to add support for additional Kubernetes versions in the future.
Can I update my Kubernetes cluster to a new version?
Yes. Amazon EKS performs managed, in-place cluster upgrades for both Kubernetes and Amazon EKS platform versions. This simplifies cluster operations and lets you take advantage of the latest Kubernetes features, as well as the updates to Amazon EKS configuration and security patches.
There are two types of updates you can apply to your Amazon EKS cluster: Kubernetes version updates and Amazon EKS platform version updates. As new Kubernetes versions are released and validated for use with Amazon EKS, we will support three stable Kubernetes versions as part of the update process at any given time.
What is an EKS platform version?
Amazon EKS platform versions represent the capabilities of the cluster control plane, such as which Kubernetes API server flags are enabled, as well as the current Kubernetes patch version. Each Kubernetes minor version has one or more associated Amazon EKS platform versions. The platform versions for different Kubernetes minor versions are independent.
When a new Kubernetes minor version is available in Amazon EKS (for example, 1.13), the initial Amazon EKS platform version for that Kubernetes minor version starts at eks.1. However, Amazon EKS releases new platform versions periodically to enable new Kubernetes control plane settings and to provide security fixes.
Why would I want manual control over Kubernetes version updates?
New versions of Kubernetes introduce significant change to the Kubernetes API, which can change application behavior. Manual control over Kubernetes cluster versioning lets you test applications against new versions of Kubernetes before upgrading production clusters. Amazon EKS offers the ability to choose when you introduce changes to your EKS cluster.
How do I update my worker nodes?
AWS publishes EKS-optimized Amazon Machine Images (AMIs) that include the necessary worker node binaries (Docker and Kubelet). This AMI is updated regularly and includes the most up-to-date version of these components. You can update your EKS managed nodes to the latest versions of the EKS-optimized AMIs with a single command in the EKS console, API, or CLI.
If you are building your own custom AMIs to use for EKS worker nodes, AWS also publishes Packer scripts that document our build steps, allowing you to identify the binaries included in each version of the AMI.
What is Amazon EKS extended support?
Amazon EKS extended support for Kubernetes versions lets you use a Kubernetes minor version for up to 26 months from the time the version is generally available from Amazon EKS. Amazon EKS versions in extended support receive ongoing security patches for the Kubernetes control plane managed by Amazon EKS. Additionally, Amazon EKS will release critical patches for the Amazon VPC CNI, kube-proxy, and CoreDNS add-ons, AWS-published EKS Optimized Amazon Machine Images (AMIs) for Amazon Linux, Bottlerocket, Windows, and EKS Fargate nodes. AWS backs all Amazon EKS versions in both standard and extended support with full technical support. Extended support for Kubernetes versions is available in all AWS Regions where Amazon EKS is available, including AWS GovCloud (US) Regions. Learn more about the Amazon EKS version support policy in the Amazon EKS documentation.
Hybrid deployments
Which Amazon EKS products and features are available for hybrid deployments?
There are three Amazon EKS options for hybrid deployments: Amazon EKS, Amazon EKS Anywhere, and Amazon EKS Connector. You can use the Amazon EKS to run nodes on AWS-hosted infrastructure in AWS Regions, AWS Local Zones, AWS Wavelength Zones, or in your own on-premises facilities with AWS Outposts and Amazon EKS Hybrid Nodes. AWS Outposts is AWS-managed infrastructure that runs in your facilities whereas Amazon EKS Hybrid Nodes runs on bare metal or virtualized infrastructure that you manage in your facilities. If you need to run in isolated or air-gapped environments, you can use Amazon EKS Anywhere, which is customer-managed, AWS-supported Kubernetes management software that runs on infrastructure you manage. You can alternatively view any Kubernetes cluster in the Amazon EKS console with the Amazon EKS Connector. For more information on the Amazon EKS options for on-premises and edge deployments, see Deployments options in the Amazon EKS User Guide.
What is Amazon EKS on AWS Outposts?
You can use Amazon EKS to run self-managed nodes on AWS Outposts with the same clusters you use to run workloads in AWS Cloud. When using Amazon EKS on AWS Outposts, you can use many of the same integrations you use for workloads in AWS Cloud including Amazon EC2 instances for compute, Amazon VPC and the VPC CNI for networking, Amazon EBS volumes for storage, and Application Load Balancers (ALB) for ingress. Amazon EKS with nodes on AWS Outposts is supported on the 42U Outpost racks. You can alternatively deploy the entire Kubernetes cluster on AWS Outposts with Amazon EKS local clusters on AWS Outposts. When you run Amazon EKS on AWS Outposts, you pay for the Amazon EKS cluster and the AWS Outposts capacity. For more information, see the Amazon EKS on AWS Outposts User Guide.
What is Amazon EKS Hybrid Nodes?
With Amazon EKS Hybrid Nodes, you can use your on-premises and edge infrastructure as nodes in Amazon EKS clusters. With Amazon EKS Hybrid Nodes, AWS manages the AWS-hosted Kubernetes control plane, and you manage the hybrid nodes that run in your on-premises or edge environments. Amazon EKS Hybrid Nodes unifies Kubernetes management across environments and offloads Kubernetes control plane management to AWS for your on-premises and edge applications. Amazon EKS Hybrid Nodes works with any on-premises hardware or virtual machines, and you can use a range of Amazon EKS features with Amazon EKS Hybrid Nodes including Amazon EKS add-ons, Amazon EKS Pod Identity, cluster access entries, cluster insights, and extended Kubernetes version support. Amazon EKS Hybrid Nodes natively integrates with AWS services for centralized monitoring, logging, and identity management. With Amazon EKS Hybrid Nodes, you are charged per hour for the vCPU resources of your hybrid nodes when they are attached to your Amazon EKS clusters. For more information, see Amazon EKS Pricing.
What is Amazon EKS Anywhere?
Amazon EKS Anywhere simplifies Kubernetes cluster management through the automation of undifferentiated heavy lifting such as infrastructure setup and Kubernetes cluster lifecycle operations in on-premises and edge environments. Unlike Amazon EKS, Amazon EKS Anywhere is a customer-managed product and customers are responsible for cluster lifecycle operations and maintenance of Amazon EKS Anywhere clusters. Amazon EKS Anywhere is built on the Kubernetes sub-project Cluster API (CAPI) and supports a range of infrastructure including VMware vSphere, bare metal, Nutanix, Apache CloudStack, and AWS Snow. Amazon EKS Anywhere can be run in air-gapped environments and offers optional integrations with regional AWS services for observability and identity management. To receive support for Amazon EKS Anywhere and access to AWS-vended Kubernetes add-ons, you can purchase Amazon EKS Anywhere Enterprise Subscriptions.
What is the Amazon EKS Connector?
You can use the Amazon EKS Connector to register and connect any conformant Kubernetes cluster to AWS and view it in the Amazon EKS console. After a cluster is connected, you can see the status, configuration, and workloads for that cluster in the Amazon EKS console. You can use this feature to view connected clusters in Amazon EKS console, but the Amazon EKS Connector does not enable management or mutating operations for your connected clusters through the Amazon EKS console. There is no charge for clusters you connect to the Amazon EKS console with the Amazon EKS Connector.
What are the differences between Amazon EKS Hybrid Nodes and Amazon EKS Anywhere?
Amazon EKS Hybrid Nodes is a feature of Amazon EKS, a managed Kubernetes service, whereas Amazon EKS Anywhere is AWS-supported Kubernetes management software that you manage. Amazon EKS Hybrid Nodes is a fit for customers with on-premises environments that can be connected to the cloud, whereas Amazon EKS Anywhere is a fit for customers with isolated or air-gapped on premises environments. With Amazon EKS Hybrid Nodes, AWS manages the security, availability, and scalability of the Kubernetes control plane, which is hosted in AWS Cloud, and only nodes run on your infrastructure. With Amazon EKS Anywhere, you are responsible for managing the Kubernetes clusters that run entirely on your infrastructure. With Amazon EKS Hybrid Nodes, there are no upfront commitments or minimum fees and you pay for the hourly usage of your cluster and nodes as you use them. With Amazon EKS Anywhere, you can purchase Amazon EKS Anywhere Enterprise Subscriptions for a 1-year or 3-year term.
What are the differences between Amazon EKS Hybrid Nodes and Amazon EKS on Outposts?
With Amazon EKS Hybrid Nodes, you can use your own physical or virtual machines for nodes in Amazon EKS clusters. With Amazon EKS on AWS Outposts you use Amazon EC2 instances running on AWS Outposts for nodes in Amazon EKS clusters. Amazon EKS Hybrid Nodes and Amazon EKS on AWS Outposts support different Amazon EKS add-ons for networking and storage. For more information on the Amazon EKS add-ons you can use with hybrid nodes, see Configuring add-ons for hybrid nodes in the Amazon EKS User Guide. With Amazon EKS on AWS Outposts, you pay for the Amazon EKS cluster and AWS Outposts capacity. With Amazon EKS Hybrid Nodes, you pay for the Amazon EKS cluster and node usage.
Pricing and availability
How much does Amazon EKS cost?
You pay $0.10 per hour for each Amazon EKS cluster you create and for the AWS resources you create to run your Kubernetes worker nodes. You only pay for what you use, as you use it; there are no minimum fees and no upfront commitments. Find more information in the EKS pricing page.
Where is Amazon EKS available?
Please visit the AWS global infrastructure region table for the most up-to-date information on Amazon EKS Regional availability.
Service Level Agreement
What is Amazon EKS Service Level Agreement (SLA)?
The Amazon EKS SLA can be found here.