Amazon Elastic Container Service for Kubernetes (EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane. Amazon EKS is certified Kubernetes conformant, so existing applications running on upstream Kubernetes are compatible with Amazon EKS.
Amazon EKS automatically manages the availability and scalability of the Kubernetes control plane nodes that are responsible for starting and stopping containers, scheduling containers on virtual machines, storing cluster data, and other tasks. Amazon EKS automatically detects and replaces unhealthy control plane nodes for each cluster.
With Amazon EKS, you can take advantage of all the performance, scale, reliability, and availability of the AWS platform, as well as integrations with AWS networking and security services, such as Application Load Balancers for load distribution, IAM for role based access control, and VPC for pod networking.
Managed Kubernetes Control Plane
Amazon EKS provides a scalable and highly-available control plane that runs across multiple AWS availability zones. The Amazon EKS service automatically manages the availability and scalability of the Kubernetes API servers and the etcd persistence layer for each cluster. Amazon EKS runs the Kubernetes control plane across three Availability Zones in order to ensure high availability, and it automatically detects and replaces unhealthy masters.
Security and Networking
Amazon EKS makes it easy to provide security for your Kubernetes clusters, with advanced features and integrations to AWS services and technology partner solutions. For example, IAM provides fine-grained access control and Amazon VPC isolates your Kubernetes clusters from other customers.
Amazon EKS integrates Kubernetes RBAC (the native role based access control system for Kubernetes) with IAM authentication through a collaboration with Heptio. You can assign RBAC roles directly to each IAM entity allowing you to granularly control access permissions to your Kubernetes masters.
Your clusters run in an Amazon VPC allowing you to use your own VPC security groups and network ACLs. No compute resources are shared with other customers. This provides you a high level of isolation and helps you use Amazon EKS to build highly secure and reliable applications.
Amazon EKS works with Calico by Tigera to integrate with the the AWS VPC container network interface (CNI) plugin to provide fine grained networking policies. This allows you to control access on a per-microservice basis using the Kubernetes API.
Amazon EKS is integrated with Amazon CloudWatch Logs and AWS CloudTrail to provide visibility and audit history tracking of your cluster and user activity. You can use CloudWatch Logs to view logs from your Kubernetes control plane, and you can use CloudTrail to view logs on API activity to the Amazon EKS service endpoint.
Amazon EKS runs upstream Kubernetes and is certified Kubernetes conformant, so you can use all the existing plugins and tooling from the Kubernetes community. Applications running on Amazon EKS are fully compatible with applications running on any standard Kubernetes environment, whether running in on-premises datacenters or public clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without needing to refactor your code.
Works with Community Tools
Amazon EKS is fully compatible with Kubernetes community tools and supports popular Kubernetes add-ons. These include KubeDNS to create a DNS service for your cluster and both the Kubernetes Dashboard web-based UI and the kubectl command line tool to access and manage your cluster on Amazon EKS.
For more information see the Kubernetes community tools GitHub page.