New featureMedium

Amazon EKS now supports customer-routed control plane egress

Amazon EKS introduces customer-routed control plane egress, allowing outbound Kubernetes API server traffic to be routed through your own VPC. This enables organizations with data perimeter requirements or compliance mandates to reach private OIDC providers and webhook servers accessible only within their VPC and control traffic routing.

Amazon Elastic Kubernetes Service (Amazon EKS) introduces customer-routed control plane egress, a capability that lets you route outbound Kubernetes API server traffic through your own Amazon VPC. This includes admission webhook callbacks, OpenID Connect (OIDC) provider lookups, and aggregate API server requests. With customer-routed control plane egress, this traffic flows through your VPC, where you control the routing, security groups, and egress path. Organizations with data perimeter requirements, compliance mandates, or private network infrastructure can use customer-routed control plane egress to reach private OIDC providers and webhook servers that are accessible only within their VPC, and control how that traffic routes through their network. To get started, set controlPlaneEgressMode to CUSTOMER_ROUTED when creating a new cluster or updating an existing cluster. To enforce this configuration organization-wide, use the eks:controlPlaneEgressMode IAM condition key with AWS Organizations Service Control Policies. Customer-routed control plane egress is available at no additional cost in all AWS Regions where Amazon EKS is available.

Read the original AWS announcement

Related articles and terms

Amazon EKSA fully managed Kubernetes control plane service that enables seamless migration of on-premises Kubernetes workloads to the cloudContainer Orchestration - Optimizing Kubernetes Operations with Amazon EKSLearn about managed Kubernetes operations with Amazon EKS.AWS Transit GatewayA service that interconnects multiple VPCs and on-premises networks in a hub-and-spoke topology, dramatically simplifying network architectureWhy AWS Pricing Is So Complex - The Economics and Game Theory Behind Pay-As-You-GoWe break down the three-tier pricing structure of On-Demand, Reserved Instances, and Spot Instances through the lens of airline yield management and demand forecasting economics, explaining the rational reasons behind the complexity of AWS pricing.AWS Container Orchestration - The Freedom of Choice Offered by ECS, EKS, and FargateWe compare the three container orchestration options AWS provides - ECS, EKS, and Fargate - with Azure ACI/AKS and GCP Cloud Run/GKE, and explain the practical advantages of having a wide range of choices tailored to different workload characteristics.