Amazon Elastic Kubernetes Service FAQs

A: Amazon EKS is a managed service that makes it easy for you to run Kubernetes on Amazon Web Services without needing to install and operate your own Kubernetes control plane.

A: Kubernetes is open source software that allows you to deploy and manage containerized applications at scale. Kubernetes groups containers into logical groupings for management and discoverability, then launches them onto clusters of EC2 instances. Using Kubernetes you can run containerized applications including microservices, batch processing workers, and platforms as a service (PaaS) using the same toolset on premises and in the cloud.

A: Amazon EKS provisions and scales the Kubernetes control plane, including the API servers and backend persistence layer, across multiple Amazon Web Services availability zones for high availability and fault tolerance. Amazon EKS automatically detects and replaces unhealthy control plane nodes and provides patching for the control plane. You can run EKS using Amazon Fargate, which provides serverless compute for containers. Fargate removes the need to provision and manage servers, lets you specify and pay for resources per application, and improves security through application isolation by design.

A: Amazon EKS works by provisioning (starting) and managing the Kubernetes control plane for you. At a high level, Kubernetes consists of two major components - a cluster of 'worker nodes' that run your containers and the control plane that manages when and where containers are started on your cluster and monitors their status.

Without Amazon EKS, you have to run both the Kubernetes control plane and the cluster of worker nodes yourself. With Amazon EKS, you provision your cluster of worker nodes using the provided Amazon Machine Image (AMI) and Amazon CloudFormation script and we handle provisioning, scaling, and managing the Kubernetes control plane in a highly available and secure configuration. This removes a significant operational burden for running Kubernetes and allows you to focus on building your application instead of managing Amazon Web Services infrastructure.

A: Amazon Elastic Kubernetes Service (EKS) Provisioned Control Plane is a feature that gives you the ability to select your cluster's control plane capacity to ensure predictable, high performance for the most demanding workloads. With Provisioned Control Plane, you can pre-provision your cluster with the desired capacity from a set of well-defined scaling tiers, ensuring the control plane is instantly ready when demand surges. These new scaling tiers unlock significantly higher cluster performance and scalability, allowing you to run ultra-scale workloads in a single cluster.

A: You pay an hourly rate based on the Provisioned Control Plane scaling tier your cluster is using. For detailed scaling tier pricing, see the Amazon EKS pricing page.

A: Amazon EKS runs the latest version of the open-source Kubernetes software, so you can use all the existing plugins and tooling from the Kubernetes community. Applications running on Amazon EKS are fully compatible with applications running on any standard Kubernetes environment, whether running in on-premises datacenters or public clouds. This means that you can easily migrate any standard Kubernetes application to Amazon EKS without any code modifications.

A: Yes. You can run Kubernetes applications as serverless containers using Amazon Fargate and Amazon EKS.

A: See the Amazon EKS documentation for currently supported Kubernetes versions. Amazon EKS will continue to add support for additional Kubernetes versions in the future.

A: Yes. Amazon EKS performs managed, in-place cluster upgrades for both Kubernetes and Amazon EKS platform versions. This simplifies cluster operations and lets you take advantage of the latest Kubernetes features, as well as the updates to Amazon EKS configuration and security patches. There are two types of updates that you can apply to your Amazon EKS cluster, Kubernetes version updates and Amazon EKS platform version updates. As new Kubernetes versions are released and validated for use with Amazon EKS, we will support three stable Kubernetes versions as part of the update process at any given time.

A: The Amazon EKS platform version contains Kubernetes patches and changes to the API server configuration. Platform versions are seperate from but associated with Kubernetes minor versions. When a new Kubernetes version is made available for Amazon EKS, its initial control plane configuration is released as the “eks.1” platform version. We release new platform versions as needed to enable Kubernetes patches or when we implement Amazon EKS API server configuration changes that could impact cluster behavior. Using this versioning scheme, makes it possible to independently update the configuration of different Kubernetes versions; for example, if we need to release a patch for Kubernetes version 1.11 that is incompatible with Kubernetes version 1.12.

A: New versions of Kubernetes introduce significant change to the Kubernetes API, and as a result, can result in changed application behavior. Manual control over the version of Kubernetes on your cluster allows you to test applications against new versions of Kubernetes before upgrading production clusters. Amazon EKS provides you the ability to choose when you introduce changes to your EKS cluster.

A: We publish EKS Amazon Machine Images (AMIs) that include the necessary worker node binaries (Docker and Kubelet). This AMI is updated regularly and builds in the most up to date version of these components. We also publish Packer scripts that document our build steps, allowing you to identify the binaries included in each version of the AMI. You can use existing Auto Scaling functionality to update worker instances to the latest version of the EKS AMI. You can also use our Packer scripts to build a new version of a custom AMI.

A: Please visit the Amazon Web Services global infrastructure region table for the most up-to-date information on Amazon EKS regional availability.

Amazon EKS Auto Mode fully automates Kubernetes cluster management on Amazon Web Services, simplifying operations by automatically provisioning infrastructure, scaling resources, managing core add-ons, and optimizing costs. EKS Auto Mode provides secure and scalable cluster infrastructure managed by Amazon Web Services with integrated Kubernetes capabilities, like compute autoscaling, pod and service networking, application load balancing, cluster DNS, block storage, and GPU support. It is Kubernetes conformant, which means you can use it with all your favorite Kubernetes-compatible tools. Applications running in EKS clusters can now use Amazon Web Services-managed EC2 instances, Amazon Elastic Block Store (Amazon EBS) volumes, load balancers, and other cloud resources that are configured with proven practices, automatically scaled, cost-optimized, and kept up to date, all while minimizing cost and operational overhead.

Amazon EKS Auto Mode is available for new and existing EKS clusters running Kubernetes 1.30 or later in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. To get started, simply use the EKS API, Amazon Web Services Console, eksctl, or your preferred Infrastructure-as-Code (IaC) tooling to enable EKS Auto Mode in a new or existing cluster and specify the IAM Role its Amazon Web Services-managed compute infrastructure should use. By default, EKS Auto Mode creates general-purpose compute scaling configurations in your cluster, which allows you to quickly get started running applications. For deeper customization, you can choose to disable these defaults and create additional compute scaling and infrastructure configurations using Kubernetes API in your cluster.

Amazon EKS Auto Mode brings a combination of integrated Kubernetes capabilities and Amazon Web Services-managed infrastructure, built specifically for modern applications, to all EKS clusters. Its capabilities are the foundation of what your Kubernetes applications need to run — compute, storage, networking, and monitoring. It is an integrated part of EKS that you never have to worry about installing, scaling, or managing. By default, it is set up according to Amazon Web Services and Kubernetes practices. For advanced use cases, you can further customize the infrastructure where your applications run by building on top of EKS Auto Mode’s practices without costly, ongoing operational work. To ensure your applications always have the infrastructure they need, EKS Auto Mode continuously observes them and configures, creates, and optimizes Amazon Web Services-managed resources (EC2 instances and EBS volumes) to meet their needs. The infrastructure where your applications run is automatically updated with the latest security and bug fixes in a way that keeps you secure and up to date while minimizing disruption to running applications.

Using Amazon EKS Auto Mode, Amazon Web Services expands its responsibility compared to customer-managed Amazon Web Services infrastructure in EKS clusters. In addition to operating the Kubernetes cluster control plane, with EKS Auto Mode enabled Amazon Web Services also takes responsibility for securing, configuring, and managing the Amazon Web Services infrastructure in EKS clusters your applications need to run. To do so, Amazon Web Services infrastructure resources (like EC2 instances) in EKS clusters using EKS Auto Mode have limitations compared to their customer-managed counterparts. For example, you cannot connect remotely via SSH or SSM, modify the instance IAM role, replace the root volume, or attach additional elastic network interfaces to EC2 instances managed by EKS Auto Mode, as doing so would limit the ability for Amazon Web Services to secure and manage them.

Amazon EKS with Amazon Fargate remains an option for customers who want to run EKS, but Amazon EKS Auto Mode is the recommended approach moving forward. EKS Auto Mode is fully Kubernetes conformant, supporting all upstream Kubernetes primitives and platform tools like Istio, which Fargate is unable to support. EKS Auto Mode also fully supports all EC2 runtime purchase options, including GPU and Spot instances, enabling customers to use negotiated EC2 discounts and other savings mechanisms — these capabilities are not available when using EKS with Fargate. Furthermore, EKS Auto Mode allows customers to achieve the same isolation model as Fargate, using standard Kubernetes scheduling capabilities to ensure each EC2 instance runs a single application container. By adopting Amazon EKS Auto Mode, customers can use the full benefits of running Kubernetes on Amazon Web Services — a fully Kubernetes-conformant platform that provides the flexibility to use the entire breadth of EC2 and purchasing options while retaining the ease of use and abstraction from infrastructure management that Fargate provides.

Amazon EKS Auto Mode helps improve the security of your EKS clusters in three ways: 1/ the Amazon Web Services-managed infrastructure created by EKS Auto Mode is configured according to Amazon Web Services security practices and hardened according to the Center for Internet Security’s (CIS) Level 1 benchmarks, including: no remote access, an immutable root file system, and kernel-level mandatory access controls. 2/ EKS Auto Mode’s Amazon Web Services-managed EC2 instances are automatically updated with the latest security and bug fixes as soon as they’re available. When possible, these patches are applied in place without disrupting running applications or replacing instances. 3/ By default, EKS Auto Mode sets a 14-day maximum lifetime for its Amazon Web Services-managed EC2 instances, which helps you meet industry-wide security and compliance practices. If your use case requires shorter or longer instance lifetimes, you can configure EKS Auto Mode with a duration that meets your needs, up to a maximum of 21 days.

Yes, after upgrading the EKS control plane to a new Kubernetes version, new instances launched by EKS Auto Mode, due to applications scaling out, run with the latest Kubernetes software that matches the control plane version. Simultaneously, existing instances are gradually updated with Kubernetes software for the new Kubernetes version. Combined with the default 14-day maximum lifetime of instances launched by EKS Auto Mode, this means that, by default, your cluster will be fully and automatically upgraded no later than 14 days after upgrading your EKS cluster’s Kubernetes version.

Amazon EKS Auto Mode provides integrated and managed versions of essential Kubernetes capabilities like compute, storage, and networking. This includes managed versions of: 1/ the EKS Auto Mode’s agent which facilitates security and instance management, 2/ the containerd container runtime, a fundamental component that empowers Kubernetes to run containers effectively, 3/ the kubelet, which manages Kubernetes pods’ lifecycle and health on each compute instance, 4/ a network proxy that enables in-cluster routing, 5/ a managed, upstream-compatible Karpenter controller, 6/ the Amazon EBS container storage interface (CSI) controller for storage, 7/ a managed version of the Amazon Web Services VPC container network interface (CNI) for IP address management, pod networking, and network policies, 8/ CoreDNS for in-cluster service discovery, 9/ and Amazon Web Services Load Balancer Controller for orchestrating external load balancers.

With Amazon EKS Auto Mode you don’t need to install or manage certain EKS add-ons, like the VPC CNI, CoreDNS, kube-proxy, and the CloudWatch Observability agent. With EKS Auto Mode your EKS cluster includes integrated versions of the capabilities those add-ons provide. However, if you still have workloads not yet migrated to EKS Auto Mode, you need to continue to use those EKS add-ons. Other EKS add-ons, besides those replaced by EKS Auto Mode’s integrated capabilities, can be run on clusters using EKS Auto Mode.

Yes, the managed EC2 instances launched by EKS Auto Mode can be viewed using the EC2 DescribeInstances API or Amazon Web Services Console by default. Because these instances are managed by Amazon Web Services, the actions you can take with EC2 APIs are limited to those that don’t impact EKS’s ability to fulfill its expanded operational responsibilities. By default, EKS Auto Mode comes with general-purpose compute configurations that are well-suited for common use cases. If needed, you can customize the EC2 instances launched by EKS Auto Mode. Modifications to EKS Auto Mode instances’ runtime configuration settings can be made using EKS Auto Mode’s Node Class Kubernetes API.

Yes. Compute Savings Plans and Reserved Instances are automatically applied when eligible EC2 instances are launched. See pricing page for more details.

Amazon EKS Auto Mode’s Kubernetes capabilities are delivered via a set of integrated controllers that emit a variety of Kubernetes events that can be used to understand their behavior.