Amazon EKS Adds Seven IAM Condition Keys for Governance
🔐 Amazon EKS now supports seven new IAM condition keys for cluster creation and configuration APIs, giving organizations finer-grained governance over cluster settings. Administrators can enforce private-only API endpoints, require customer-managed KMS keys for secret encryption, restrict approved Kubernetes versions, mandate deletion protection, set control plane scaling tiers, and enable zonal shift. The keys apply to CreateCluster, UpdateClusterConfig, UpdateClusterVersion, and AssociateEncryptionConfig APIs and integrate with Service Control Policies for centralized multi-account enforcement. They are available in all Regions where EKS is offered at no additional charge.
