Amazon Elastic Container Service for Kubernetes (EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes clusters. Amazon EKS is built from the open-source Kubernetes project, so all your existing applications running on Kubernetes are 100% compatible with Amazon EKS.
Amazon EKS automatically manages the availability and scalability of the Kubernetes masters that are responsible for starting and stopping containers, scheduling containers on virtual machines, storing cluster data, and other tasks. Amazon EKS automatically detects and replaces unhealthy masters for each cluster and also manages Kubernetes version upgrades. You can control when and if certain clusters are auto-upgraded between Kubernetes version updates, and Amazon EKS updates both the masters and nodes.
With Amazon EKS, you can take advantage of all the performance, scale, reliability, and availability of the AWS platform, as well as integrations with AWS networking and security services, such as Application Load Balancers for load distribution, IAM for fine-grained access control, AWS PrivateLink for private network access, and AWS CloudTrail for logging.
Managed Kubernetes Control Plane
Amazon EKS provides a scalable and highly-available control plane that runs across multiple AWS availability zones. The Amazon EKS service automatically manages the availability and scalability of the Kubernetes masters and the etcd persistence layer for each cluster. Amazon EKS runs three Kubernetes masters across three Availability Zones in order to ensure high availability, and it automatically detects and replaces unhealthy masters.
Amazon EKS makes it easy to provide security for your Kubernetes clusters, with advanced features and integrations to AWS services and technology partner solutions. For example, IAM provides fine-grained access control, AWS PrivateLink provides private network access, and Amazon VPC isolates your Kubernetes clusters from other customers.
Amazon EKS integrates Kubernetes RBAC (the native role based access control system for Kubernetes) with IAM authentication through a collaboration with Heptio. You can assign RBAC roles directly to each IAM entity allowing you to granularly control access permissions to your Kubernetes masters.
Your clusters run in an Amazon VPC allowing you to use your own VPC security groups and network ACLs. No compute resources are shared with other customers. This provides you a high level of isolation and helps you use Amazon EKS to build highly secure and reliable applications.
Amazon EKS works with Calico by Tigera to integrate with the the AWS VPC container network interface (CNI) plugin to provide fine grained networking policies. This allows you to control access on a per-microservice basis using the Kubernetes API.
Amazon EKS supports PrivateLink as a method to access your Kubernetes masters and the Amazon EKS service. With PrivateLink, your Kubernetes masters and Amazon EKS service API endpoint appear as an elastic network interface (ENI) with private IP addresses in your Amazon VPC. This allows you to access the Kubernetes masters and the Amazon EKS service directly from within your own Amazon VPC, without using public IP addresses or requiring the traffic to traverse the internet.
Automated Version Upgrades
Amazon EKS manages patches and version updates for your Kubernetes clusters. Amazon EKS automatically applies Kubernetes patches to your cluster, and you can also granularly control when and if certain clusters are auto-upgraded to the latest Kubernetes minor version.
Amazon EKS runs the latest upstream version of Kubernetes and is Certified Kubernetes Conformant, so you can use all the existing plugins and tooling from the Kubernetes community. Applications running on Amazon EKS are fully compatible with applications running on any standard Kubernetes environment, whether running in on-premises datacenters or public clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without needing to refactor your code.
Works with Community Tools
Amazon EKS is fully compatible with Kubernetes community tools and supports popular Kubernetes add-ons. These include KubeDNS to create a DNS service for your cluster and both the Kubernetes Dashboard web-based UI and the kubectl command line tool to access and manage your cluster on Amazon EKS.
For more information see the Kubernetes community tools GitHub page.
Amazon EKS is integrated with Amazon CloudWatch Logs and AWS CloudTrail to provide visibility and audit history tracking of your cluster and user activity. You can use CloudWatch Logs to view logs from your Kubernetes masters, and you can use CloudTrail to view logs on API activity to the Amazon EKS service endpoint.