Private Access
How to create private EKS clusters
This section helps you to enable private access for your Amazon EKS cluster’s Kubernetes API server endpoint and completely disable public access so that it’s not accessible from the internet.
Enable Private Access for your cluster’s API server endpoint
You can enable private access to the Kubernetes API server so that all communication between your worker nodes and the API server stays within your VPC. You can also completely disable public access to your API server so that it’s not accessible from the internet.
aws eks update-cluster-config \
--region region \
--name <your_eks_cluster_name> \
--resources-vpc-config endpointPublicAccess=true,endpointPrivateAccess=true
By default, this API server endpoint is public to the internet (endpointPublicAccess=true
) , and access to the API server is secured using a combination of AWS Identity and Access Management (IAM) and built-in Kubernetes Role Based Access Control (endpointPrivateAccess=false
).
You can enable private access to the Kubernetes API server so that all communication between your worker nodes and the API server stays within your VPC (endpointPrivateAccess=true
). You can also completely disable public access to your API server so that it’s not accessible from the internet (endpointPublicAccess=false
). In this case, you need to have an instance inside your VPC to talk with your Kubernetes API server.
Note: You may see InvalidParameterException
if you have invalid combination.
Please check Amazon EKS Cluster Endpoint Access Control for more details.
Last modified 10.08.2020: Update guides on Integrating Kubeflow with Rock, Microk8s on KF, a private EKS (AWS) for inclusive language (#2099) (449b2c9b)