All news with #aws eks tag

🔐 AWS Certificate Manager (ACM) now automates provisioning and distribution of exportable public and private certificates directly to Kubernetes workloads via AWS Controllers for Kubernetes (ACK). The ACK controller handles the complete lifecycle — certificate request, validation, export, Kubernetes Secret creation, and automatic renewal updates. This removes the need to export certificates and rotate Secrets manually for pods, service meshes, and third-party ingress controllers. The feature supports Amazon EKS and hybrid or edge Kubernetes environments and is available in commercial, GovCloud (US), and China regions where ACM is offered.

🚀 Amazon EKS Capabilities is now generally available, offering a fully managed, extensible set of Kubernetes-native platform features that offload operations to AWS. The capabilities run in AWS-owned infrastructure separate from customer clusters and AWS handles autoscaling, patching, and upgrades. Launch features include Argo CD for continuous deployment, AWS Controllers for Kubernetes (ACK) for resource management, and Kube Resource Orchestrator (KRO) for dynamic orchestration.

🔐 This post introduces the AWS provider for the Secrets Store CSI Driver and the new Amazon EKS add-on that mounts Secrets Manager secrets and Systems Manager parameters as files in Kubernetes pods. The add-on simplifies installation compared with Helm or kubectl, supports EC2 and hybrid nodes, and includes security patches and FIPS endpoint options. The walkthrough covers prerequisites, creating a test secret, installing the add-on, configuring an IAM role and EKS Pod Identity association, deploying an example pod that mounts the secret at /mnt/secrets-store, validating retrieval, and cleaning up resources.

🔧 The Amazon SageMaker AI MCP Server now provides tools to set up and manage HyperPod clusters, allowing AI coding assistants to provision and operate clusters for distributed training, fine‑tuning, and deployment. It automates prerequisites and orchestrates clusters via Amazon EKS or Slurm with CloudFormation templates that optimize networking, storage, and compute. The server also delivers lifecycle operations — scaling, patching, diagnostics — so administrators and data scientists can manage large-scale AI/ML clusters without deep infrastructure expertise.

🔐 AWS has announced general availability of the Amazon EKS add-on for the AWS Secrets Store CSI Driver provider, enabling clusters to mount secrets from AWS Secrets Manager and parameters from AWS Systems Manager Parameter Store as files on Kubernetes workloads. The add-on installs and manages the AWS provider component and supports automated setup and lifecycle management for new and existing Amazon EKS clusters. It is available in all AWS commercial and AWS GovCloud (US) Regions.

🔔 Amazon EKS and ECS now offer fully managed MCP servers in preview, providing a cloud-hosted Model Context Protocol endpoint to enrich AI-powered development and operations. These servers remove local installation and maintenance, and deliver enterprise features such as automatic updates and patching, centralized security via AWS IAM, and audit logging through AWS CloudTrail. Developers can connect AI coding assistants like Kiro CLI, Cursor, or Cline for context-aware code generation and debugging, while operators gain access to a knowledge base of best practices and troubleshooting guidance.

🚀 Amazon EKS introduced Provisioned Control Plane, letting customers select pre-defined control plane capacity tiers for new or existing clusters via APIs, the AWS Console, or infrastructure-as-code. The feature pre-provisions capacity to deliver predictable, low-latency control plane performance during traffic spikes and unpredictable bursts. It unlocks higher cluster scalability for ultra-scale workloads such as AI training, high-performance computing, and large data processing, and helps align development, staging, production, and disaster recovery behavior.

🔍 Amazon EKS now delivers enhanced container network observability with granular, network-related metrics and integrated console visualizations to help teams monitor and troubleshoot Kubernetes networking on AWS. Powered by Amazon CloudWatch Network Flow Monitor, the capabilities reveal cross-AZ flows, top-talkers, retransmissions, and retransmission timeouts for faster root cause analysis. Teams can ingest metrics into their preferred observability stacks and use the console views to eliminate blind spots during incidents. These features are available in all commercial Regions where CloudWatch Network Flow Monitor is offered.

🔒 AWS announced an independent affirmation of the Amazon EKS zero operator access design, validated by cybersecurity firm NCC Group. The review found no architectural gaps and confirmed that AWS personnel lack technical means to access or manipulate customer content in managed Kubernetes control planes or etcd backups. AWS highlights Nitro-based confidential compute, tightly scoped administrative APIs with multi-party change approval, mandatory logging and auditing, and envelope encryption for etcd as core protections. Customers retain visibility via cluster audit logs and remain responsible for securing worker node configurations outside managed modes.

🔒 AWS Backup now supports Amazon EKS, providing a fully managed, centralized solution for backing up cluster state and persistent application data. The agent-free integration replaces custom scripts and third-party tools with a native, policy-driven service that offers automated scheduling, retention management, immutable vaults, and cross-Region and cross-account copies. You can restore entire clusters, specific namespaces, or individual persistent volumes to support disaster recovery, compliance, or pre-upgrade protection.

🔖 Starting today, Split Cost Allocation Data for Amazon EKS can import up to 50 Kubernetes custom labels per pod as cost allocation tags. You can attribute pod-level costs in the AWS Cost and Usage Report (CUR) using labels such as cost center, application, business unit, and environment. New customers enable the feature in the AWS Billing and Cost Management console; existing customers will have labels automatically imported but must activate them as cost allocation tags. After activation labels appear in CUR within 24 hours and can be visualized via the Containers Cost Allocation dashboard in Amazon QuickSight or queried with Amazon Athena.

🔐 Amazon Elastic Kubernetes Service (EKS) Auto Mode is now available in AWS GovCloud (US-East) and (US-West), automating compute, storage, and networking management for Kubernetes clusters. Its AMIs include FIPS-validated cryptographic modules to help meet FedRAMP-style requirements. EKS Auto Mode handles OS patching, leverages ephemeral compute to reduce persistent attack surface, and dynamically scales EC2 instances to optimize costs while maintaining availability; it supports clusters running Kubernetes 1.29 and later with no upfront fees.

🚀 AWS for Fluent Bit 3.0.0, based on Fluent Bit 4.1.1 and built on Amazon Linux 2023, is now available for Amazon ECS and Amazon EKS customers. The release introduces native OpenTelemetry (OTel) support to ingest and forward OTLP logs, metrics, and traces with AWS SigV4 authentication, removing the need for additional sidecars. It delivers faster JSON parsing and higher log throughput per vCPU with lower latency, plus configurable TLS minimum versions and cipher controls to strengthen output security. Upgrade by pulling the 3.0.0 image from the Amazon ECR Public Gallery, updating your ECS FireLens task definition, or updating the DaemonSet/Helm release on EKS.

🚀 AWS for Fluent Bit 3.0.0, based on Fluent Bit 4.1.0 and Amazon Linux 2023, delivers faster, more secure container logging for Amazon ECS and Amazon EKS. It adds native OpenTelemetry (OTel) support for OTLP logs, metrics, and traces with SigV4 authentication and faster JSON parsing for higher throughput and lower latency. TLS minimum version and cipher controls enforce stronger output security. The image is available in the Amazon ECR Public Gallery and Amazon ECR, and source code and guidance are provided on GitHub.

🛡️ AWS has published a new whitepaper titled Security Overview of Amazon EKS Auto Mode that explains the service’s architecture, core security principles, and built-in protections. The guidance highlights a new approach to node management that leverages Amazon EC2 managed instances to let customers delegate operational control to AWS. Intended for cloud architects, security professionals, and Kubernetes practitioners, the document helps teams understand how EKS Auto Mode reduces infrastructure complexity while maintaining secure operations.

🚀 AWS announced that Amazon EKS and EKS Distro now support Kubernetes version 1.34. Starting today, you can create new clusters or upgrade existing clusters via the EKS console, eksctl, or infrastructure-as-code tools, with EKS Distro images available in ECR Public Gallery and GitHub. Kubernetes 1.34 introduces projected service account tokens for kubelet image credential providers, Pod-level resource requests and limits for simpler multi-container resource management, and Dynamic Resource Allocation prioritized alternatives to improve device scheduling and workload placement. AWS recommends using EKS Cluster Insights and consulting EKS version lifecycle guidance before upgrading.

🔒Amazon EKS now offers a curated catalog of community add-ons for AWS GovCloud (US) Regions. The catalog includes popular open-source components such as metrics-server, kube-state-metrics, cert-manager, prometheus-node-exporter, fluent-bit, and external-dns, all packaged, scanned, and validated for compatibility by EKS. Container images are hosted in an EKS-owned private ECR repository, and you can install and manage add-ons via the EKS Console, API, CLI, eksctl, or infrastructure-as-code tools like AWS CloudFormation.

🔐 The AWS Management Console now supports ECS Exec, allowing operators to open secure, interactive shell sessions to running containers directly from the console. This removes the need to switch to the CLI, API, or SDKs for troubleshooting and avoids opening inbound ports or managing SSH keys. You can enable ECS Exec when creating or updating services and standalone tasks, and configure encryption and logging at the cluster level. Sessions launch through CloudShell, and the console displays the underlying AWS CLI command for reuse in a local terminal.

🔁 Amazon EKS now supports on-demand refresh of cluster insights, enabling operators to retrieve the latest detection results immediately after making changes. The capability complements existing periodic checks that identify upgrade warnings and configuration recommendations. By allowing immediate verification, teams can accelerate upgrade testing, confirm that remediations took effect, and shorten the feedback loop for cluster configuration changes.

🔧 Amazon Elastic Kubernetes Service (Amazon EKS) now allows you to select a custom Kubernetes namespace when installing both AWS and Community add-ons, giving operators finer control over object organization and isolation within clusters. You can install add-ons into a chosen namespace via the AWS Console, EKS APIs, AWS CLI, or infrastructure-as-code tools like CloudFormation. Note that to move an installed add-on to a different namespace you must remove and recreate it. This capability is available in all commercial AWS Regions.