< ciso
brief />
Tag Banner

All news with #aws eks tag

54 articles · page 2 of 3

Amazon EKS Adds Seven IAM Condition Keys for Governance

🔐 Amazon EKS now supports seven new IAM condition keys for cluster creation and configuration APIs, giving organizations finer-grained governance over cluster settings. Administrators can enforce private-only API endpoints, require customer-managed KMS keys for secret encryption, restrict approved Kubernetes versions, mandate deletion protection, set control plane scaling tiers, and enable zonal shift. The keys apply to CreateCluster, UpdateClusterConfig, UpdateClusterVersion, and AssociateEncryptionConfig APIs and integrate with Service Control Policies for centralized multi-account enforcement. They are available in all Regions where EKS is offered at no additional charge.
read more →

Amazon EKS Managed Node Groups Now Add EC2 Warm Pools

🚀 Amazon EKS managed node groups now support Auto Scaling warm pools, keeping pre-initialized EC2 instances ready for rapid scale-out. With warm pools enabled, instances complete OS initialization, user data execution, and software configuration before joining the cluster; you can choose Stopped (lower cost, longer transition) or Running (higher cost, faster transition). You can also enable reuse on scale-in to return instances to the pool instead of terminating them, and the feature works with Cluster Autoscaler without additional configuration. Enable via the EKS API, AWS CLI, Console, or CloudFormation by adding a warmPoolConfig to node group requests.
read more →

Amazon ECS Managed Instances Adds EC2 Instance Store Support

💽 Amazon ECS Managed Instances now supports using Amazon EC2 instance store volumes as a data volume option for container workloads. You can enable local storage by configuring a custom ECS Managed Instances capacity provider and selecting EC2 instance types that include instance store volumes; when an instance lacks instance store or local storage is disabled, Amazon ECS will automatically provision an Amazon EBS data volume. This reduces storage costs and can accelerate I/O for latency-sensitive workloads. Support is available in all commercial AWS Regions where ECS Managed Instances is offered.
read more →

Amazon EKS Adds 99.99% SLA and 8XL Control Plane Tier

🔒 Amazon EKS now offers a 99.99% Service Level Agreement for clusters running on the Provisioned Control Plane, up from the 99.95% SLA on the standard control plane. The upgraded SLA is measured in 1-minute intervals to deliver a more granular availability commitment for mission-critical workloads. At the same time, EKS introduces an 8XL scaling tier that doubles Kubernetes API server request processing capacity compared with the 4XL tier. Both the new SLA and the 8XL tier are available today in all regions where the Provisioned Control Plane is offered.
read more →

AWS Neuron DRA Driver Adds Hardware-Aware Scheduling

🔧 AWS announced the Neuron Dynamic Resource Allocation (DRA) driver for Amazon EKS, enabling Kubernetes-native, hardware-aware scheduling on Trainium-based instances. The driver publishes detailed device attributes — including hardware topology and Neuron-EFA PCIe co-location — directly to the Kubernetes scheduler, removing the need for custom scheduler extensions. Infrastructure teams can publish reusable ResourceClaimTemplates, while ML engineers reference them to deploy workloads without manual hardware tuning.
read more →

AWS Backup: Logically Air-Gapped Vaults Support Amazon EKS

🔒 AWS Backup now supports protecting Amazon EKS clusters with logically air-gapped vaults. These vaults store immutable backup copies that are locked by default and encrypted with AWS-owned keys or customer-managed keys, and they can hold backups in the same account or across accounts and Regions. You can target a vault as the primary backup or copy destination via the console, API, or CLI, share recovery access through AWS Resource Access Manager (RAM) or multi-party approval, and initiate direct restore jobs from the recipient account without copying first to reduce recovery time.
read more →

CloudWatch Observability: APM Enabled by Default for EKS

🔔 Amazon CloudWatch Observability EKS add-on v5.0.0 now enables CloudWatch Application Signals (APM) by default for new installations and upgrades, removing the previous manual opt-in. The add-on automatically instruments services to collect traces, metrics, and logs, delivering an application-centric view without additional Kubernetes annotations. Users get immediate access to pre-built dashboards and enriched troubleshooting to detect latency, errors, and request traces out of the box.
read more →

Amazon EKS Node Monitoring Agent Released as Open Source

🔓 Amazon EKS Node Monitoring Agent is now open source on GitHub, giving operators visibility into the agent's implementation and the ability to contribute or customize its behavior. The agent automatically monitors node-level system, storage, networking, and accelerator issues and publishes them as node conditions used by Amazon EKS for automatic node repair. It is included in Amazon EKS Auto Mode and available as an add-on in all AWS Regions. Cluster administrators can inspect, adapt, and participate in the agent's ongoing development to better fit their operational needs.
read more →

Amazon EKS Auto Mode Adds CloudWatch Vended Logs Support

📥 Amazon Elastic Kubernetes Service (EKS) Auto Mode can now deliver logs via Amazon CloudWatch Vended Logs. Customers can configure each managed capability—compute autoscaling, block storage, load balancing, and pod networking—as a vended log source using the CloudWatch APIs or the AWS Console. Logs can be routed to CloudWatch Logs, Amazon S3, or Amazon Kinesis Data Firehose. This option uses built‑in AWS authentication and authorization and can reduce delivery cost versus standard CloudWatch Logs.
read more →

AWS Batch Adds Unmanaged EKS Compute Environments Support

🚀 AWS Batch now supports unmanaged compute environments on Amazon EKS, extending Batch's job scheduling and orchestration to clusters you manage directly. You can create compute environments via the CreateComputeEnvironment API or the AWS Batch console by selecting an existing EKS cluster and specifying a Kubernetes namespace, then associate nodes using kubectl labels. This option preserves customer control over Kubernetes infrastructure for security, compliance, or operational requirements and is available today in all regions where AWS Batch operates.
read more →

EKS Pod Identity Integration for Add-ons Now in GovCloud

🔐 Amazon EKS now directly integrates EKS add-ons with EKS Pod Identity in AWS GovCloud (US-East and US-West), simplifying lifecycle and IAM permission management for add-ons that need access to AWS services. You can manage Pod Identities via the EKS console, CLI, API, eksctl, and IaC tools like AWS CloudFormation. This GA expansion increases the set of Pod Identity–compatible add-ons available during cluster creation.
read more →

Amazon GameLift Servers Adds Automatic Scale-to-Zero

🚀 Amazon GameLift Servers now supports automatic scaling to and from zero instances, enabling game developers to eliminate charges for idle compute during inactive periods. This removes the need to keep instances running solely to preserve Fleet autoscaling, reducing infrastructure costs for titles with variable or unpredictable traffic. The capability is available in all supported regions and scales up automatically when game sessions are requested, simplifying operations and improving cost-efficiency.
read more →

Amazon EKS and EKS Distro Add Kubernetes 1.35 Support

🚀 Amazon EKS and EKS Distro now support Kubernetes 1.35, enabling creation of new clusters and upgrades of existing clusters via the EKS console, eksctl, or infrastructure-as-code tools. Kubernetes 1.35 introduces In-Place Pod Resource Updates to adjust CPU and memory without restarting pods, PreferSameNode traffic distribution to favor local endpoints, Node Topology Labels via the Downward API for region/zone awareness, and Image Volumes for delivering data artifacts such as AI models. EKS 1.35 is available in all AWS Regions where EKS is offered, including AWS GovCloud (US), and EKS Distro builds are published to the ECR Public Gallery and GitHub. Refer to the EKS documentation for available versions, upgrade guidance, lifecycle policies, and use EKS Cluster Insights to surface issues that could affect upgrades.
read more →

ECS: Schedule Weekly Windows for Fargate Task Retirements

🕒 Amazon ECS now lets you define weekly event windows to control when AWS Fargate retires tasks for platform updates. Enable the account setting fargateEventWindows, create EC2 event windows with time ranges, and associate them to ECS tasks using managed tags like aws:ecs:clusterArn, aws:ecs:serviceArn, or aws:ecs:fargateTask. This allows precise timing (for example, weekend-only retirements) to avoid disruption during peak business hours and is available in all commercial AWS Regions.
read more →

ACM automates certificate lifecycle for Kubernetes workloads

🔐 AWS Certificate Manager (ACM) now automates provisioning and distribution of exportable public and private certificates directly to Kubernetes workloads via AWS Controllers for Kubernetes (ACK). The ACK controller handles the complete lifecycle — certificate request, validation, export, Kubernetes Secret creation, and automatic renewal updates. This removes the need to export certificates and rotate Secrets manually for pods, service meshes, and third-party ingress controllers. The feature supports Amazon EKS and hybrid or edge Kubernetes environments and is available in commercial, GovCloud (US), and China regions where ACM is offered.
read more →

Amazon EKS Capabilities: Managed Kubernetes Platform

🚀 Amazon EKS Capabilities is now generally available, offering a fully managed, extensible set of Kubernetes-native platform features that offload operations to AWS. The capabilities run in AWS-owned infrastructure separate from customer clusters and AWS handles autoscaling, patching, and upgrades. Launch features include Argo CD for continuous deployment, AWS Controllers for Kubernetes (ACK) for resource management, and Kube Resource Orchestrator (KRO) for dynamic orchestration.
read more →

AWS Secrets Store CSI Driver Add-on for Amazon EKS

🔐 This post introduces the AWS provider for the Secrets Store CSI Driver and the new Amazon EKS add-on that mounts Secrets Manager secrets and Systems Manager parameters as files in Kubernetes pods. The add-on simplifies installation compared with Helm or kubectl, supports EC2 and hybrid nodes, and includes security patches and FIPS endpoint options. The walkthrough covers prerequisites, creating a test secret, installing the add-on, configuring an IAM role and EKS Pod Identity association, deploying an example pod that mounts the secret at /mnt/secrets-store, validating retrieval, and cleaning up resources.
read more →

Manage SageMaker HyperPod Clusters with AI MCP Server

🔧 The Amazon SageMaker AI MCP Server now provides tools to set up and manage HyperPod clusters, allowing AI coding assistants to provision and operate clusters for distributed training, fine‑tuning, and deployment. It automates prerequisites and orchestrates clusters via Amazon EKS or Slurm with CloudFormation templates that optimize networking, storage, and compute. The server also delivers lifecycle operations — scaling, patching, diagnostics — so administrators and data scientists can manage large-scale AI/ML clusters without deep infrastructure expertise.
read more →

Amazon EKS add-on: AWS Secrets Store CSI Driver Provider

🔐 AWS has announced general availability of the Amazon EKS add-on for the AWS Secrets Store CSI Driver provider, enabling clusters to mount secrets from AWS Secrets Manager and parameters from AWS Systems Manager Parameter Store as files on Kubernetes workloads. The add-on installs and manages the AWS provider component and supports automated setup and lifecycle management for new and existing Amazon EKS clusters. It is available in all AWS commercial and AWS GovCloud (US) Regions.
read more →

AWS preview: Fully managed MCP servers for EKS and ECS

🔔 Amazon EKS and ECS now offer fully managed MCP servers in preview, providing a cloud-hosted Model Context Protocol endpoint to enrich AI-powered development and operations. These servers remove local installation and maintenance, and deliver enterprise features such as automatic updates and patching, centralized security via AWS IAM, and audit logging through AWS CloudTrail. Developers can connect AI coding assistants like Kiro CLI, Cursor, or Cline for context-aware code generation and debugging, while operators gain access to a knowledge base of best practices and troubleshooting guidance.
read more →