AWS EKS now support assigning EC2 security groups to Kubernetes pods

  • by

For those who does not know what AWS EKS is, I prefer to give an brief idea before I come to news. Amazon Elastic Kubernetes Service ( AWS EKS) is a managed Kubernetes service that makes it easy for you to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane. With Amazon EKS, you can take advantage of all the performance, scale, reliability, and availability of the AWS platform, as well as integrations with AWS networking and security services, such as Application Load Balancers for load distribution, Identity Access Manager (IAM) for role based access control, and Virtual Private Cloud (VPC) for pod networking.

All pods on a node under Amazon Elastic Kubernetes Service (AWS EKS) no longer need to share the same security groups. AWS recently implement this enhancement to comply the business needs and the application security.

Earlier, AWS IAM roles for service accounts solve the pod level security challenge at the authentication layer, and Kubernetes network policies provide an option for controlling network traffic within the cluster, but didn’t support controlling access to AWS resources outside the cluster.

“Now, network security rules that span pod to pod and pod to external AWS service traffic can be defined in a single place with EC2 security groups, and applied to individual pods and applications with Kubernetes native APIs”, AWS reported. This makes it easy to achieve network security compliance in clusters that are shared across multiple teams and applications.

Support for assigning security groups to pods is available for most AWS Nitro based instances launched with new EKS clusters running Kubernetes version 1.17.

AWS will roll out the support for existing clusters in the coming weeks.

Subscribe to our blog for such regular updates on various topics! Stay healthy! Stay safe!