Amazon Elastic Kubernetes Service (Amazon EKS) runs the Kubernetes management infrastructure for you across multiple AWS Availability Zones to eliminate a single point of failure. Amazon EKS is certified Kubernetes-conformant, so you can use existing tooling and plugins from partners and the Kubernetes community. Applications running on any standard Kubernetes environment are fully compatible and can be migrated to Amazon EKS.

This reference deployment provides AWS CloudFormation templates to deploy the Amazon EKS control plane, connect worker nodes to the cluster, and configure a bastion host for cluster admin operations. Additionally, the solution deployment provides custom resources that enable you to deploy and manage your Kubernetes applications using AWS CloudFormation by declaring Kubernetes manifests or Helm charts directly in AWS CloudFormation templates.

This solution is for users who are looking for a repeatable, customizable reference deployment for Amazon EKS using AWS CloudFormation.

Amazon Web Services logo

This solution was developed by AWS.


AWS Service Catalog administrators can add this architecture to their own catalog.  

  •  What you'll build
  • This solution sets up the following:

    • A highly available architecture that spans three Availability Zones.*
    • A virtual private cloud (VPC) configured with public and private subnets according to AWS best practices, to provide you with your own virtual network on AWS.*
    • In the public subnets:
      • Managed NAT gateways to allow outbound internet access for resources in the private subnets.*
      • A Linux bastion host in an Auto Scaling group to allow inbound Secure Shell (SSH) access to Amazon Elastic Compute Cloud (Amazon EC2) instances in private subnets. The bastion host is also configured with the Kubernetes kubectl command line interface for managing the Kubernetes cluster.
    • In the private subnets, a group of Kubernetes nodes.
    • An Amazon EKS cluster, which provides the Kubernetes control plane.

    * The template that deploys the solution into an existing VPC skips the components marked by asterisks and prompts you for your existing VPC configuration.

  •  How to deploy
  • To deploy this solution, follow the instructions in the deployment guide, which includes these steps.

    1. Sign in to your AWS account. If you don’t have an AWS account, sign up at https://aws.amazon.com.
    2. Launch the solution. The stack takes about 25–90 minutes to deploy. Before you create the stack, choose the AWS Region from the top toolbar. Choose one of the following options:
    3. Test the deployment.

    Amazon may share user-deployment information with the AWS Partner that collaborated with AWS on this solution.  

  •  Costs and licenses
  • You are responsible for the cost of the AWS services and any third-party licenses used while running this solution. There is no additional cost for using the solution.

    This solution includes configuration parameters that you can customize. Some of these settings, such as instance type, affect the cost of deployment. For cost estimates, refer to the pricing pages for each AWS service you use. Prices are subject to change.

    Tip: After you deploy a solution, create AWS Cost and Usage Reports to track associated costs. These reports deliver billing metrics to an Amazon Simple Storage Service (Amazon S3) bucket in your account. They provide cost estimates based on usage throughout each month and aggregate the data at the end of the month. For more information, refer to What are AWS Cost and Usage Reports?