Amazon CloudWatch provides focused log event management that helps you quickly identify the root causes of issues and simplifies troubleshooting. Providing comprehensive insights into the infrastructure and application levels of Amazon EKS clusters, it lets you monitor utilization trends and make metrics-driven decisions for optimizing operations. Additionally, as a managed Kubernetes application platform, Amazon EKS is optimized for efficiency in operational management. Finally, Amazon VPC provides network layer isolation for cluster resources, thus increasing operational efficiency. Together, these services reduce the operational burden of deploying and maintaining a security integration with external single sign-on providers.

This Amazon EKS integration provides consistent enterprise-grade security through single sign-on providers like Okta. When you use Okta, you can be sure that only properly authenticated users mapped to the Okta organization structure can access your platform and application. This Guidance also natively integrates with AWS Secrets Manager to store Kubernetes secrets, and it enables a private or isolated networking layer through Amazon VPC. This configuration prevents applications deployed to Amazon EKS from being directly accessed through the internet. You can also opt for a completely isolated VPC (one with no internet access) and use VPC endpoints to connect the cluster to required services. Additionally, IAM provides fine-grained access policies to manage instance federation to the cluster, and AWS KMS encrypts all data at rest. Finally, Bottlerocket, an operating system built to run containers, adds security layers like Read Only, Security-Enhanced Linux, and no Secure Shell access.

Amazon EKS runs a secure, scalable, and highly-available Kubernetes control plane across multiple AZs to maintain cluster infrastructure health. Managed node groups for Amazon EKS make sure that Amazon Elastic Compute Cloud (Amazon EC2) node instances are running the latest Amazon Machine Image (AMI). This supports high availability and fault toleration. Additionally, CloudWatch event management efficiently detects events that can negatively impact reliability so that you can proactively address them.

Amazon EKS is a highly available orchestration service optimized for the scalability and performance of containerized applications. It effectively manages its infrastructure to accommodate the total resources requested by the applications running in the cluster. This Guidance balances workloads across the cluster’s compute nodes, and it scales Amazon EC2 instances based on application workload requirements. You can also increase performance efficiency by using compute-efficient compute nodes, such as instances based on AWS Graviton Processors.

The Amazon EKS control plane lets you run applications without provisioning your own infrastructure, enabling you to avoid associated overhead costs. Additionally, because Amazon EKS is a managed service, its cluster costs are significantly lower than self-maintaining clusters. The control plane has a fixed cost and uses managed node groups to provision and allocate compute resources according to application requirements. By rightsizing Amazon EC2 instances and using compute-efficient nodes based on AWS Gravitonprocessors, you can utilize resources more efficiently to optimize costs.

Amazon EKS and Amazon Elastic Container Registry (Amazon ECR) reduce the environmental impact of your workloads. Because they are managed services, you don’t need to provision your own physical infrastructure for the control plane and image registry. Additionally, this Guidance uses managed node groups to scale Amazon EKS compute nodes up and down based on demand, minimizing energy waste. Finally, it provides the option to use compute-efficient Amazon EC2 instances based on AWS Graviton processors, helping you reduce the carbon footprint of your workloads.