EKS Overview
Amazon Elastic Kubernetes Service (EKS) is AWS’s fully managed Kubernetes service that eliminates the need to install, operate, and maintain your own Kubernetes control plane. EKS runs the Kubernetes control plane across multiple AWS availability zones, automatically detects and replaces unhealthy control plane instances, and provides automated version upgrades and patching.
What Is EKS?
EKS is a managed Kubernetes service where AWS operates the Kubernetes control plane (API server, etcd, scheduler, controller manager) for you. You manage worker nodes and deploy applications, while AWS ensures the control plane is highly available, secure, and up-to-date.
Think of EKS like a managed database service: AWS handles the complex infrastructure, backups, high availability, and updates, while you focus on using it to run your applications.
How EKS Differs from Self-Managed Kubernetes
When you run Kubernetes yourself (using kubeadm, kops, or other tools), you’re responsible for everything:
| Aspect | Self-Managed | EKS (Managed) |
|---|---|---|
| Control Plane Setup | You install and configure | AWS provides and manages |
| High Availability | You configure multi-master | AWS handles automatically |
| Upgrades | You plan and execute | AWS handles with your approval |
| Security Patches | You apply manually | AWS applies automatically |
| Backups | You configure etcd backups | AWS handles control plane backups |
| Monitoring | You set up monitoring | AWS monitors control plane health |
| Cost | Infrastructure costs only | $0.10/hour per cluster + infrastructure |
Self-Managed Kubernetes:
- Full control over control plane configuration
- Responsibility for availability, upgrades, and maintenance
- Requires Kubernetes expertise for operations
- Lower cost but higher operational overhead
EKS (Managed):
- AWS manages control plane operations
- Automatic high availability and health monitoring
- Simplified upgrades and maintenance
- Higher cost but reduced operational burden
EKS Architecture
EKS runs across multiple components in your AWS account:
Control Plane Components
The EKS control plane consists of:
API Server:
- Handles all API requests (kubectl, applications, controllers)
- Validates and processes requests
- Stores state in etcd
- Runs across multiple availability zones
etcd:
- Distributed key-value store for cluster state
- Stores all Kubernetes objects (pods, services, deployments, etc.)
- Replicated across availability zones for durability
Scheduler:
- Decides which node should run each pod
- Considers resource requirements, constraints, and affinity rules
- Runs as a highly available service
Controller Manager:
- Runs controllers that maintain desired state
- ReplicaSet controller, Deployment controller, etc.
- Ensures actual state matches desired state
Data Plane (Worker Nodes)
Worker nodes run in your VPC and are your responsibility:
- EC2 Instances - Virtual machines running Kubernetes node components
- Container Runtime - Docker or containerd for running containers
- kubelet - Agent that communicates with the control plane
- kube-proxy - Network proxy for service networking
- VPC CNI - Network plugin for pod networking
Key Features and Capabilities
High Availability
EKS control planes run across multiple availability zones automatically:
- Control plane components distributed across 3+ availability zones
- Automatic failover if a component becomes unhealthy
- No single point of failure for the control plane
- 99.95% uptime SLA for the control plane
AWS Integration
EKS integrates deeply with AWS services:
VPC Integration:
- Pods get real VPC IP addresses (not overlay networks)
- Security groups can be applied at the pod level
- Native VPC networking without NAT overhead
IAM Integration:
- Use AWS IAM for Kubernetes authentication
- IAM Roles for Service Accounts (IRSA) for pod-level AWS permissions
- No need to manage separate Kubernetes user accounts
Storage Integration:
- EBS volumes for block storage
- EFS for shared file storage
- FSx for Lustre for high-performance computing
Load Balancing:
- Application Load Balancer (ALB) integration
- Network Load Balancer (NLB) integration
- Automatic load balancer creation via AWS Load Balancer Controller
Monitoring:
- CloudWatch Container Insights for metrics
- CloudWatch Logs for log aggregation
- X-Ray for distributed tracing
Security Features
Encryption:
- Control plane encryption at rest (etcd)
- Encryption in transit (TLS for API server)
- EBS volume encryption support
- Secrets encryption with AWS KMS
Network Security:
- Private API endpoint option (no internet access)
- Security groups for pod-level network isolation
- Network policies with Calico or other CNI plugins
- VPC Flow Logs integration
Access Control:
- AWS IAM for authentication
- Kubernetes RBAC for authorization
- Pod security policies
- Audit logging via CloudTrail
Compute Options
EC2 Instances:
- Full control over instance types and sizes
- Support for all EC2 instance families
- Spot instances for cost optimization
- Reserved instances for predictable workloads
AWS Fargate:
- Serverless containers without node management
- Pay only for running containers
- Automatic scaling and patching
- No need to manage EC2 instances
ARM-based Instances:
- Support for AWS Graviton processors
- Cost savings for compatible workloads
- Better price/performance for certain applications
Use Cases and When to Choose EKS
Ideal Use Cases
✅ AWS-Native Applications - Applications already using AWS services (RDS, S3, DynamoDB)
✅ Enterprise Requirements - Need compliance certifications (SOC, PCI, HIPAA)
✅ High Availability Needs - Critical applications requiring 99.95%+ uptime
✅ Security-First Organizations - Require encryption, audit logging, and network isolation
✅ Multi-Tenant Environments - Need strong isolation between teams or customers
✅ Cost Optimization - Want to leverage spot instances and reserved instances
✅ Mixed Workloads - Need both traditional and serverless container options
When to Consider Alternatives
❌ Non-AWS Infrastructure - If you’re primarily on GCP or Azure, their managed services may be better
❌ Very Small Clusters - For small development clusters, EKS control plane cost ($0.10/hour) may be excessive
❌ Full Control Required - If you need to customize control plane components extensively
❌ Cost-Sensitive Small Projects - Self-managed Kubernetes may be more cost-effective for small scale
Pricing Model
EKS pricing consists of two main components:
Control Plane Cost
- $0.10 per hour per cluster (~$73/month)
- Covers control plane management and high availability
- Charged regardless of cluster size or usage
- No additional charges for control plane operations
Data Plane Cost
You pay for the resources you use:
- EC2 Instances - Standard EC2 pricing for worker nodes
- EBS Volumes - Storage costs for persistent volumes
- Data Transfer - Standard AWS data transfer pricing
- Load Balancers - ALB/NLB costs if used
- Other AWS Services - CloudWatch, VPC endpoints, etc.
Cost Optimization Strategies
- Use spot instances for non-critical workloads (up to 90% savings)
- Use reserved instances for predictable workloads (up to 72% savings)
- Right-size instances based on actual usage
- Use Fargate for variable workloads (pay per pod, not per node)
- Implement cluster autoscaling to scale down during low usage
Comparison with Other Managed Services
EKS vs GKE (Google Kubernetes Engine)
| Feature | EKS | GKE |
|---|---|---|
| Control Plane Cost | $0.10/hour | Free |
| AWS Integration | Native | Limited |
| Multi-Cluster Management | Manual/Tools | GKE Hub (native) |
| Serverless Option | Fargate | Autopilot |
| Windows Support | Limited | Limited |
Choose EKS if: You’re on AWS, need AWS service integration, or require AWS compliance certifications.
Choose GKE if: You’re on GCP, need advanced multi-cluster features, or want free control plane.
EKS vs AKS (Azure Kubernetes Service)
| Feature | EKS | AKS |
|---|---|---|
| Control Plane Cost | $0.10/hour | Free |
| Windows Support | Limited | Full support |
| Azure Integration | Limited | Native |
| Serverless Option | Fargate | Virtual Nodes |
Choose EKS if: You’re on AWS or need AWS service integration.
Choose AKS if: You’re on Azure, need Windows containers, or require Azure AD integration.
EKS vs Self-Managed Kubernetes
| Aspect | EKS | Self-Managed |
|---|---|---|
| Operational Overhead | Low | High |
| Control | Limited | Full |
| Cost (Small) | Higher | Lower |
| Cost (Large) | Similar | Similar |
| High Availability | Automatic | Manual setup |
| Upgrades | Simplified | Manual |
Choose EKS if: You want to focus on applications, need high availability, or lack Kubernetes operations expertise.
Choose Self-Managed if: You need full control, have operations expertise, or cost is the primary concern for small clusters.
Getting Started with EKS
To get started with EKS, you’ll need:
- AWS Account - With appropriate IAM permissions
- VPC - Virtual private cloud for your cluster
- IAM Roles - For cluster and node group permissions
- kubectl - Kubernetes command-line tool
- AWS CLI - For AWS service interaction
- eksctl or Terraform - For cluster creation (or AWS Console)
Typical workflow:
See the Cluster Setup guide for detailed instructions.
Topics
- Cluster Setup - Step-by-step guide to creating EKS clusters
- Networking - VPC CNI and networking configuration
- Storage - EBS, EFS, and persistent volumes
- Security - IAM, IRSA, and security best practices
See Also
- EKS Main Page - EKS documentation hub
- Cloud Platforms Overview - Comparison of managed Kubernetes services
- Cluster Operations - General Kubernetes cluster management