Posted On: Dec 18, 2023

Amazon Elastic Kubernetes Service (EKS) now supports simplified management of Identity and Access Management (IAM) identity access to Kubernetes clusters, through a new set of APIs that tightly integrates IAM with Kubernetes authentication and authorization controls. 

EKS already supported IAM identities authenticating to EKS clusters, removing the burden from cluster administrators of having to maintain and integrate a separate identity provider. This integration enables admins to leverage IAM security features such as audit logging and multi-factor authentication. EKS access management controls introduced today simplify the process of mapping between IAM identities and Kubernetes users, by allowing administrators to fully define authorized IAM principals and their associated Kubernetes permissions directly through an EKS API during or any time after cluster creation. The IAM identity used to create a EKS cluster can have its Kubernetes permissions removed or scoped down to comply with security requirements, and control of a cluster can always be restored to an account administrator. Other Amazon Web Services services can use EKS access management controls to obtain permissions to run applications on EKS clusters without the need for administrators to perform multiple pre-requisite setup steps. EKS access management controls simplify the amount of work administrators need to do in order to create and manage clusters that are shared by multiple users and other services.

EKS access management controls are supported in all Amazon Web Services Regions, including the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. This feature is supported with new clusters using Kubernetes version 1.22 or later. Existing clusters need to be updated to a supported EKS platform version before using this feature. To get started visit the EKS documentation. To learn more about the feature, see the launch blog