Amazon EKS (Elastic Kubernetes Service) Overview 🚀

1. What is Amazon EKS?

Amazon EKS (Elastic Kubernetes Service) is a fully managed

Kubernetes service by AWS that simplifies deploying, scaling, and
operating Kubernetes clusters without managing the control
plane.

🔹 Key Features

✅ Fully Managed Kubernetes – AWS handles the control plane.

✅ Integration with AWS Services – Works with IAM, VPC, ALB, EBS,
and S3.
✅ High Availability & Scalability – Multi-AZ deployment with auto-
scaling.
✅ Security & Compliance – Integrated with IAM, AWS Shield, and
security groups.
✅ Hybrid & Multi-Cloud Support – Works with AWS Outposts and
EKS Anywhere.

2. EKS Architecture

🔹 Key Components

 EKS Control Plane – Managed by AWS, ensures API server

and etcd high availability.

 Worker Nodes – EC2 instances or Fargate nodes that run

workloads.

 VPC & Networking – Uses Amazon VPC CNI, supports Calico

for network policies.

 IAM for Authentication – Uses AWS IAM for user and service
access.

 Storage – Supports EBS, EFS, FSx for persistent storage.

3. EKS Deployment Options

🔹 Using AWS Management Console

1. Create EKS Cluster – Define name, VPC, security groups.

2. Add Node Groups – Use EC2 or Fargate nodes.

3. Deploy Applications – Use kubectl apply -f <manifest.yaml>.

🔹 Using AWS CLI

aws eks create-cluster --name my-cluster --region us-east-1 --role-

arn <IAM-Role-ARN> --resources-vpc-config
subnetIds=<SUBNETS>,securityGroupIds=<SECURITY-GROUP>

🔹 Using eksctl (Simplified CLI Tool)

eksctl create cluster --name my-cluster --region us-east-1 --

nodegroup-name my-nodes --nodes 3

4. EKS Networking & Security

🔹 Networking

 Amazon VPC CNI – Allocates pod IPs from VPC CIDR.

 Service Mesh (AWS App Mesh, Istio, Linkerd) for

microservices communication.

🔹 Security Best Practices

✔ IAM Roles for Service Accounts (IRSA) – Secure pod-level access

to AWS resources.
✔ Network Policies with Calico – Restrict pod-to-pod traffic.
✔ RBAC & Least Privilege – Use Kubernetes RBAC with AWS IAM
integration.
✔ EKS Secrets Encryption – Use AWS KMS for Kubernetes secrets.
✔ Audit Logging – Enable CloudTrail & Amazon GuardDuty for
security insights.

5. EKS Storage & Logging

🔹 Storage Options

 EBS – Block storage for stateful applications.

 EFS – Shared file system across pods.

 FSx – High-performance file system for machine learning &

HPC.

🔹 Logging & Monitoring

 Amazon CloudWatch – Logs Kubernetes events & metrics.

 Prometheus & Grafana – For detailed cluster monitoring.

 AWS OpenSearch (ELK Stack) – Centralized log aggregation.

6. EKS CI/CD Integration

 Jenkins, GitHub Actions, ArgoCD, FluxCD – For automated

deployments.

 Helm & Kustomize – Manage Kubernetes manifests.

 Service Mesh (Istio, App Mesh) – For microservices traffic

control.

Example: Deploying an App on EKS

kubectl apply -f deployment.yaml

kubectl get pods

kubectl get services

7. EKS Cost Optimization Tips 💰

✔ Use Spot Instances for worker nodes.

✔ Right-size EC2 instances using AWS Compute Optimizer.
✔ Use AWS Savings Plans or Reserved Instances.
✔ Enable Auto Scaling for nodes & pods.

8. EKS Alternatives

 Amazon ECS – AWS-managed container service without

Kubernetes.

 Google GKE – Managed Kubernetes service by Google Cloud.

 Azure AKS – Kubernetes service on Microsoft Azure.

9. Common EKS Issues & Fixes

Issue Cause Solution

Pods stuck in Insufficient node Scale worker nodes, check

Pending resources kubectl describe pod

Nodes not joining IAM role missing Attach correct IAM role
cluster permissions with eks:AssumeRole
Issue Cause Solution

Service not Incorrect security Update VPC CNI and

accessible group settings security groups

Pods cannot
Missing IAM Use IAM Roles for Service
connect to AWS
permissions Accounts (IRSA)
services

Need help with EKS setup, best practices, or troubleshooting? 🚀

Let’s discuss! 😊