How do I connect to a private Amazon EKS cluster endpoint from outside the Amazon VPC?

Last updated: 2022-09-20

I want to connect to a private Amazon Elastic Kubernetes Service (Amazon EKS) cluster endpoint from outside of the Amazon Virtual Private Cloud (Amazon VPC). For example, I want to connect a peered VPC to AWS Direct Connect.

Resolution

Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.

Consider the following:

  • You can use a peered VPC to automatically resolve to the private Amazon EKS cluster endpoint.
  • If you activate only private endpoint access, then Amazon EKS automatically advertises the endpoints' private IP addresses through the API server's public DNS name.
  • Clients that are configured through aws eks update-kubeconfig or eksctl use the public DNS name to automatically resolve and connect to private endpoints through the peered VPC. An example of this type of client is kubectl (from the Kubernetes website).

For more information, see Accessing a private only API server.