**Help improve this page**
To contribute to this user guide, choose the **Edit this page on GitHub** link that is located in the right pane of every page.
# Get started with Amazon EKS
Make sure that you are set up to use Amazon EKS before going through the getting started guides. For more information, see [Set up to use Amazon EKS](setting-up.md).
There are two getting started guides available for creating a new Kubernetes cluster with nodes in Amazon EKS:
+ [Get started with Amazon EKS – eksctl](getting-started-eksctl.md) – This getting started guide helps you to install all of the required resources to get started with Amazon EKS using `eksctl`, a simple command line utility for creating and managing Kubernetes clusters on Amazon EKS. At the end of the tutorial, you will have a running Amazon EKS cluster that you can deploy applications to. This is the fastest and simplest way to get started with Amazon EKS.
+ [Get started with Amazon EKS – AWS Management Console and AWS CLI](getting-started-console.md) – This getting started guide helps you to create all of the required resources to get started with Amazon EKS using the AWS Management Console and AWS CLI. At the end of the tutorial, you will have a running Amazon EKS cluster that you can deploy applications to. In this guide, you manually create each resource required for an Amazon EKS cluster. The procedures give you visibility into how each resource is created and how they interact with each other.
We also offer the following references:
+ For a collection of hands-on tutorials, see [EKS Cluster Setup](https://community.aws/tags/eks-cluster-setup) on * AWS Community*.
+ For code examples, see [Code examples for Amazon EKS using AWS SDKs](https://docs.aws.amazon.com/code-library/latest/ug/eks_code_examples.html).
# Get started with Amazon EKS – EKS Auto Mode
Like other EKS getting started experiences, creating your first cluster with EKS Auto Mode delegates the management of the cluster itself to AWS. However, EKS Auto Mode extends EKS automation by handing responsibility of many essential services needed to set up workload infrastructure (nodes, networks, and various services), making it easier to manage nodes and scale up to meet workload demands.
Choose from one of the following ways to create a cluster with EKS Auto Mode:
+ [Create an EKS Auto Mode Cluster with the AWS CLI](automode-get-started-cli.md): Use the `aws` command line interface to create a cluster.
+ [Create an EKS Auto Mode Cluster with the AWS Management Console](automode-get-started-console.md): Use the AWS Management Console to create a cluster.
+ [Create an EKS Auto Mode Cluster with the eksctl CLI](automode-get-started-eksctl.md): Use the `eksctl` command line interface to create a cluster.
If you are comparing different approaches to creating your first EKS cluster, you should know that EKS Auto Mode has AWS take over additional cluster management responsibilities that include setting up components to:
+ Start up and scale nodes as workload demand increases and decreases.
+ Regularly upgrade the cluster itself (control plane), node operating systems, and services running on nodes.
+ Choose default settings that determine things like the size and speed of node storage and Pod network configuration.
For details on what you get with EKS Auto Mode clusters, see [Automate cluster infrastructure with EKS Auto Mode](automode.md).
# Get started with Amazon EKS – `eksctl`
**Note**
This topic covers getting started **without** EKS Auto Mode.
EKS Auto Mode automates routine tasks for cluster compute, storage, and networking. [Learn how to get started with Amazon EKS Auto Mode. ](getting-started-automode.md)
This guide helps you to create all of the required resources to get started with Amazon Elastic Kubernetes Service (Amazon EKS) using `eksctl`, a simple command line utility for creating and managing Kubernetes clusters on Amazon EKS. At the end of this tutorial, you will have a running Amazon EKS cluster that you can deploy applications to.
The procedures in this guide create several resources for you automatically that you have to create manually when you create your cluster using the AWS Management Console. If you’d rather manually create most of the resources to better understand how they interact with each other, then use the AWS Management Console to create your cluster and compute. For more information, see [Get started with Amazon EKS – AWS Management Console and AWS CLI](getting-started-console.md).
## Prerequisites
Before starting this tutorial, you must install and configure the AWS CLI, kubectl, and eksctl tools as described in [Set up to use Amazon EKS](setting-up.md).
## Step 1: Create your Amazon EKS cluster and nodes
**Important**
To get started as simply and quickly as possible, this topic includes steps to create a cluster and nodes with default settings. Before creating a cluster and nodes for production use, we recommend that you familiarize yourself with all settings and deploy a cluster and nodes with the settings that meet your requirements. For more information, see [Create an Amazon EKS cluster](create-cluster.md) and [Manage compute resources by using nodes](eks-compute.md). Some settings can only be enabled when creating your cluster and nodes.
You can create a cluster with one of the following node types. To learn more about each type, see [Manage compute resources by using nodes](eks-compute.md). After your cluster is deployed, you can add other node types.
+ **Fargate – Linux** – Select this type of node if you want to run Linux applications on [Simplify compute management with AWS Fargate](fargate.md). Fargate is a serverless compute engine that lets you deploy Kubernetes Pods without managing Amazon EC2 instances.
+ **Managed nodes – Linux** – Select this type of node if you want to run Amazon Linux applications on Amazon EC2 instances. Though not covered in this guide, you can also add [Windows self-managed](launch-windows-workers.md) and [Bottlerocket](launch-node-bottlerocket.md) nodes to your cluster.
Create your Amazon EKS cluster with the following command. You can replace *my-cluster* with your own value. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphanumeric character and can’t be longer than 100 characters. The name must be unique within the AWS Region and AWS account that you’re creating the cluster in. Replace *region-code* with any AWS Region that is supported by Amazon EKS. For a list of AWS Regions, see [Amazon EKS endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/eks.html) in the AWS General Reference guide.
**Example**
```
eksctl create cluster --name my-cluster --region region-code --fargate
```
```
eksctl create cluster --name my-cluster --region region-code
```
Cluster creation takes several minutes. During creation you’ll see several lines of output. The last line of output is similar to the following example line.
```
[...]
[✓] EKS cluster "my-cluster" in "region-code" region is ready
```
`eksctl` created a `kubectl` config file in `~/.kube/config` or added the new cluster’s configuration within an existing config file in `~/.kube/config` on your computer.
After cluster creation is complete, view the AWS CloudFormation stack named `eksctl-my-cluster-cluster` in the AWS CloudFormation [console](https://console.aws.amazon.com/cloudformation/) to see all of the resources that were created.
## Step 2: View Kubernetes resources
1. View your cluster nodes.
```
kubectl get nodes -o wide
```
An example output is as follows.
**Example**
------
#### [ Fargate - Linux ]
```
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
fargate-ip-192-0-2-0.region-code.compute.internal Ready 8m3s v1.2.3-eks-1234567 192.0.2.0 Amazon Linux 2 1.23.456-789.012.amzn2.x86_64 containerd://1.2.3
fargate-ip-192-0-2-1.region-code.compute.internal Ready 7m30s v1.2.3-eks-1234567 192-0-2-1 Amazon Linux 2 1.23.456-789.012.amzn2.x86_64 containerd://1.2.3
```
------
#### [ Managed nodes - Linux ]
```
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
ip-192-0-2-0.region-code.compute.internal Ready 6m7s v1.2.3-eks-1234567 192.0.2.0 192.0.2.2 Amazon Linux 2 1.23.456-789.012.amzn2.x86_64 containerd://1.2.3
ip-192-0-2-1.region-code.compute.internal Ready 6m4s v1.2.3-eks-1234567 192.0.2.1 192.0.2.3 Amazon Linux 2 1.23.456-789.012.amzn2.x86_64 containerd://1.2.3
```
------
For more information about what you see in the output, see [View Kubernetes resources in the AWS Management Console](view-kubernetes-resources.md).
1. View the workloads running on your cluster.
```
kubectl get pods -A -o wide
```
An example output is as follows.
**Example**
------
#### [ Fargate - Linux ]
```
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system coredns-1234567890-abcde 1/1 Running 0 18m 192.0.2.0 fargate-ip-192-0-2-0.region-code.compute.internal
kube-system coredns-1234567890-12345 1/1 Running 0 18m 192.0.2.1 fargate-ip-192-0-2-1.region-code.compute.internal
```
------
#### [ Managed nodes - Linux ]
```
NAMESPACE NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
kube-system aws-node-12345 1/1 Running 0 7m43s 192.0.2.1 ip-192-0-2-1.region-code.compute.internal
kube-system aws-node-67890 1/1 Running 0 7m46s 192.0.2.0 ip-192-0-2-0.region-code.compute.internal
kube-system coredns-1234567890-abcde 1/1 Running 0 14m 192.0.2.3 ip-192-0-2-3.region-code.compute.internal
kube-system coredns-1234567890-12345 1/1 Running 0 14m 192.0.2.4 ip-192-0-2-4.region-code.compute.internal
kube-system kube-proxy-12345 1/1 Running 0 7m46s 192.0.2.0 ip-192-0-2-0.region-code.compute.internal
kube-system kube-proxy-67890 1/1 Running 0 7m43s 192.0.2.1 ip-192-0-2-1.region-code.compute.internal
```
------
For more information about what you see in the output, see [View Kubernetes resources in the AWS Management Console](view-kubernetes-resources.md).
## Step 3: Delete your cluster and nodes
After you’ve finished with the cluster and nodes that you created for this tutorial, you should clean up by deleting the cluster and nodes with the following command. If you want to do more with this cluster before you clean up, see [Next steps](#gs-eksctl-next-steps).
```
eksctl delete cluster --name my-cluster --region region-code
```
## Next steps
The following documentation topics help you to extend the functionality of your cluster.
+ Deploy a [sample application](sample-deployment.md) to your cluster.
+ The [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-principal) that created the cluster is the only principal that can make calls to the Kubernetes API server with `kubectl` or the AWS Management Console. If you want other IAM principals to have access to your cluster, then you need to add them. For more information, see [Grant IAM users and roles access to Kubernetes APIs](grant-k8s-access.md) and [Required permissions](view-kubernetes-resources.md#view-kubernetes-resources-permissions).
+ Before deploying a cluster for production use, we recommend familiarizing yourself with all of the settings for [clusters](create-cluster.md) and [nodes](eks-compute.md). Some settings (such as enabling SSH access to Amazon EC2 nodes) must be made when the cluster is created.
+ To increase security for your cluster, [configure the Amazon VPC Container Networking Interface plugin to use IAM roles for service accounts](cni-iam-role.md).
# Get started with Amazon EKS – AWS Management Console and AWS CLI
**Note**
This topic covers getting started **without** EKS Auto Mode. It uses Managed Node Groups to deploy nodes.
EKS Auto Mode automates routine tasks for cluster compute, storage, and networking. [Learn how to get started with Amazon EKS Auto Mode. ](getting-started-automode.md) EKS Auto Mode is the preferred method of deploying nodes.
This guide helps you to create all of the required resources to get started with Amazon Elastic Kubernetes Service (Amazon EKS) using the AWS Management Console and the AWS CLI. In this guide, you manually create each resource. At the end of this tutorial, you will have a running Amazon EKS cluster that you can deploy applications to.
The procedures in this guide give you complete visibility into how each resource is created and how the resources interact with each other. If you’d rather have most of the resources created for you automatically, use the `eksctl` CLI to create your cluster and nodes. For more information, see [Get started with Amazon EKS – `eksctl`](getting-started-eksctl.md).
## Prerequisites
Before starting this tutorial, you must install and configure the following tools and resources that you need to create and manage an Amazon EKS cluster.
+ ** AWS CLI** – A command line tool for working with AWS services, including Amazon EKS. For more information, see [Installing](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-install.html) in the AWS Command Line Interface User Guide. After installing the AWS CLI, we recommend that you also configure it. For more information, see [Quick configuration with aws configure](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html#cli-configure-quickstart-config) in the AWS Command Line Interface User Guide. Note that AWS CLI v2 is required to use the **update-kubeconfig** option shown in this page.
+ ** `kubectl` ** – A command line tool for working with Kubernetes clusters. For more information, see [Set up `kubectl` and `eksctl`](install-kubectl.md).
+ **Required IAM permissions** – The IAM security principal that you’re using must have permissions to work with Amazon EKS IAM roles, service linked roles, AWS CloudFormation, a VPC, and related resources. For more information, see [Actions](https://docs.aws.amazon.com/service-authorization/latest/reference/list_amazonelastickubernetesservice.html) and [Using service-linked roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/using-service-linked-roles.html) in the IAM User Guide. You must complete all steps in this guide as the same user. To check the current user, run the following command:
```
aws sts get-caller-identity
```
We recommend that you complete the steps in this topic in a Bash shell. If you aren’t using a Bash shell, some script commands such as line continuation characters and the way variables are set and used require adjustment for your shell. Additionally, the quoting and escaping rules for your shell might be different. For more information, see [Using quotation marks with strings in the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-quoting-strings.html) in the AWS Command Line Interface User Guide.
## Step 1: Create your Amazon EKS cluster
**Important**
To get started as simply and quickly as possible, this topic includes steps to create a cluster with default settings. Before creating a cluster for production use, we recommend that you familiarize yourself with all settings and deploy a cluster with the settings that meet your requirements. For more information, see [Create an Amazon EKS cluster](create-cluster.md). Some settings can only be enabled when creating your cluster.
1. Create an Amazon VPC with public and private subnets that meets Amazon EKS requirements. Replace *region-code* with any AWS Region that is supported by Amazon EKS. For a list of AWS Regions, see [Amazon EKS endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/eks.html) in the AWS General Reference guide. You can replace *my-eks-vpc-stack* with any name you choose.
```
aws cloudformation create-stack \
--region region-code \
--stack-name my-eks-vpc-stack \
--template-url https://s3.us-west-2.amazonaws.com/amazon-eks/cloudformation/2020-10-29/amazon-eks-vpc-private-subnets.yaml
```
**Tip**
For a list of all the resources the previous command creates, open the AWS CloudFormation console at https://console.aws.amazon.com/cloudformation/. Choose the *my-eks-vpc-stack* stack and then choose the **Resources** tab.
1. Create a cluster IAM role and attach the required Amazon EKS IAM managed policy to it. Kubernetes clusters managed by Amazon EKS make calls to other AWS services on your behalf to manage the resources that you use with the service.
1. Copy the following contents to a file named *eks-cluster-role-trust-policy.json*.
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
```
1. Create the role.
```
aws iam create-role \
--role-name myAmazonEKSClusterRole \
--assume-role-policy-document file://"eks-cluster-role-trust-policy.json"
```
1. Attach the required Amazon EKS managed IAM policy to the role.
```
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy \
--role-name myAmazonEKSClusterRole
```
1. Open the Amazon EKS console at [https://console.aws.amazon.com/eks/home\$1/clusters](https://console.aws.amazon.com/eks/home#/clusters).
Make sure that the AWS Region shown in the upper right of your console is the AWS Region that you want to create your cluster in. If it’s not, choose the dropdown next to the AWS Region name and choose the AWS Region that you want to use.
1. Choose **Create cluster**. If you don’t see this option, then choose **Clusters** in the left navigation pane first.
1. On the **Configure cluster** page, do the following:
1. Select **Custom configuration** and disable **Use EKS Auto Mode**. (If you prefer an EKS Auto Mode cluster, refer instead to [Create an EKS Auto Mode Cluster with the AWS Management Console](automode-get-started-console.md).)
1. Enter a **Name** for your cluster, such as *my-cluster*. The name can contain only alphanumeric characters (case-sensitive) and hyphens. It must start with an alphanumeric character and can’t be longer than 100 characters. The name must be unique within the AWS Region and AWS account that you’re creating the cluster in.
1. For **Cluster Service Role**, choose *myAmazonEKSClusterRole*.
1. Leave the remaining settings at their default values and choose **Next**.
1. On the **Specify networking** page, do the following:
1. Choose the ID of the VPC that you created in a previous step from the **VPC** dropdown list. It is something like *\$1 \$1 my-eks-vpc-stack-VPC*.
1. Choose the subnets created in a previous step from the **Subnets** dropdown list. The subnets will be something like *\$1 \$1 my-eks-vpc-stack-\$1*.
1. Choose the security group created in a previous step from the **Additional security groups** dropdown list. It is something like *\$1 \$1 my-eks-vpc-stack-ControlPlaneSecurityGroup-\$1*.
1. Leave the remaining settings at their default values and choose **Next**.
1. On the **Configure observability** page, choose **Next**.
1. On the **Select add-ons** page, choose **Next**.
For more information on add-ons, see [Amazon EKS add-ons](eks-add-ons.md).
1. On the **Configure selected add-ons settings** page, choose **Next**.
1. On the **Review and create** page, choose **Create**.
To the right of the cluster’s name, the cluster status is **Creating** for several minutes until the cluster provisioning process completes. Don’t continue to the next step until the status is **Active**.
**Note**
You might receive an error that one of the Availability Zones in your request doesn’t have sufficient capacity to create an Amazon EKS cluster. If this happens, the error output contains the Availability Zones that can support a new cluster. Retry creating your cluster with at least two subnets that are located in the supported Availability Zones for your account. For more information, see [Insufficient capacity](troubleshooting.md#ice).
## Step 2: Configure your computer to communicate with your cluster
In this section, you create a `kubeconfig` file for your cluster. The settings in this file enable the `kubectl` CLI to communicate with your cluster.
Before proceeding, be sure that your cluster creation completed successfully in Step 1.
1. Create or update a `kubeconfig` file for your cluster. Replace *region-code* with the AWS Region that you created your cluster in. Replace *my-cluster* with the name of your cluster.
```
aws eks update-kubeconfig --region region-code --name my-cluster
```
By default, the `config` file is created in `~/.kube` or the new cluster’s configuration is added to an existing `config` file in `~/.kube`.
1. Test your configuration.
```
kubectl get svc
```
**Note**
If you receive any authorization or resource type errors, see [Unauthorized or access denied (`kubectl`)](troubleshooting.md#unauthorized) in the troubleshooting topic.
An example output is as follows.
```
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
svc/kubernetes ClusterIP 10.100.0.1 443/TCP 1m
```
## Step 3: Create nodes
**Important**
To get started as simply and quickly as possible, this topic includes steps to create nodes with mostly default settings. Before creating nodes for production use, we recommend that you familiarize yourself with all settings and deploy nodes with the settings that meet your requirements. For more information, see [Manage compute resources by using nodes](eks-compute.md). Some settings can only be enabled when creating your nodes.
This procedure configures your cluster to use Managed node groups to create nodes, specifying the subnets and node IAM role that you created in previous steps. It lets you run Amazon Linux applications on Amazon EC2 instances.
To learn more about different ways to configure nodes in EKS, see [Manage compute resources by using nodes](eks-compute.md). After your cluster is deployed, you can add other node types. Though not covered in this guide, you can also add [Windows self-managed](launch-windows-workers.md) and [Bottlerocket](launch-node-bottlerocket.md) nodes to your cluster.
**To create your EC2 Linux managed node group**
1. Create a node IAM role and attach the required Amazon EKS IAM managed policy to it. The Amazon EKS node `kubelet` daemon makes calls to AWS APIs on your behalf. Nodes receive permissions for these API calls through an IAM instance profile and associated policies.
1. Copy the following contents to a file named `node-role-trust-policy.json`.
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
```
1. Create the node IAM role.
```
aws iam create-role \
--role-name myAmazonEKSNodeRole \
--assume-role-policy-document file://"node-role-trust-policy.json"
```
1. Attach the required managed IAM policies to the role.
```
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy \
--role-name myAmazonEKSNodeRole
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly \
--role-name myAmazonEKSNodeRole
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy \
--role-name myAmazonEKSNodeRole
```
1. Open the Amazon EKS console at [https://console.aws.amazon.com/eks/home\$1/clusters](https://console.aws.amazon.com/eks/home#/clusters).
1. Choose the name of the cluster that you created in [Step 1: Create your Amazon EKS cluster](#eks-create-cluster), such as *my-cluster*.
1. On the ** *my-cluster* ** page, do the following:
1. Choose the **Compute** tab.
1. Choose **Add Node Group**.
1. On the **Configure Node Group** page, do the following:
1. For **Name**, enter a unique name for your managed node group, such as *my-nodegroup*. The node group name can’t be longer than 63 characters. It must start with letter or digit, but can also include hyphens and underscores for the remaining characters.
1. For **Node IAM role name**, choose *myAmazonEKSNodeRole* role that you created in a previous step. We recommend that each node group use its own unique IAM role.
1. Choose **Next**.
1. On the **Set compute and scaling configuration** page, accept the default values and choose **Next**.
1. On the **Specify networking** page, accept the default values and choose **Next**.
1. On the **Review and create** page, review your managed node group configuration and choose **Create**.
1. After several minutes, the **Status** in the **Node Group configuration** section will change from **Creating** to **Active**. Don’t continue to the next step until the status is **Active**.
## Step 4: View resources
You can view your nodes and Kubernetes workloads.
1. In the left navigation pane, choose **Clusters**. In the list of **Clusters**, choose the name of the cluster that you created, such as *my-cluster*.
1. On the ** *my-cluster* ** page, choose the following:
1. **Compute** tab – You see the list of **Nodes** that were deployed for the cluster. You can choose the name of a node to see more information about it.
1. **Resources** tab – You see all of the Kubernetes resources that are deployed by default to an Amazon EKS cluster. Select any resource type in the console to learn more about it.
## Step 5: Delete resources
After you’ve finished with the cluster and nodes that you created for this tutorial, you should delete the resources that you created. If you want to do more with this cluster before you delete the resources, see [Next steps](#gs-console-next-steps).
1. Delete any node groups profiles that you created.
1. Open the Amazon EKS console at [https://console.aws.amazon.com/eks/home\$1/clusters](https://console.aws.amazon.com/eks/home#/clusters).
1. In the left navigation pane, choose **Clusters**. In the list of clusters, choose *my-cluster*.
1. Choose the **Compute** tab.
1. If you created a node group, choose the *my-nodegroup* node group and then choose **Delete**. Enter *my-nodegroup*, and then choose **Delete**.
1. Don’t continue until the node group profiles are deleted.
1. Delete the cluster.
1. In the left navigation pane, choose **Clusters**. In the list of clusters, choose *my-cluster*.
1. Choose **Delete cluster**.
1. Enter *my-cluster* and then choose **Delete**. Don’t continue until the cluster is deleted.
1. Delete the VPC AWS CloudFormation stack that you created.
1. Open the CloudFormation console at https://console.aws.amazon.com/cloudformation/.
1. Choose the *my-eks-vpc-stack* stack, and then choose **Delete**.
1. In the **Delete *my-eks-vpc-stack* ** confirmation dialog box, choose **Delete stack**.
1. Delete the IAM roles that you created.
1. Open the IAM console at https://console.aws.amazon.com/iam/.
1. In the left navigation pane, choose **Roles**.
1. Select each role you created from the list (** *myAmazonEKSClusterRole* **, as well as *myAmazonEKSNodeRole*). Choose **Delete**, enter the requested confirmation text, then choose **Delete**.
## Next steps
The following documentation topics help you to extend the functionality of your cluster.
+ The [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html#iam-term-principal) that created the cluster is the only principal that can make calls to the Kubernetes API server with `kubectl` or the AWS Management Console. If you want other IAM principals to have access to your cluster, then you need to add them. For more information, see [Grant IAM users and roles access to Kubernetes APIs](grant-k8s-access.md) and [Required permissions](view-kubernetes-resources.md#view-kubernetes-resources-permissions).
+ Deploy a [sample application](sample-deployment.md) to your cluster.
+ Before deploying a cluster for production use, we recommend familiarizing yourself with all of the settings for [clusters](create-cluster.md) and [nodes](eks-compute.md). Some settings (such as enabling SSH access to Amazon EC2 nodes) must be made when the cluster is created.
+ To increase security for your cluster, [configure the Amazon VPC Container Networking Interface plugin to use IAM roles for service accounts](cni-iam-role.md).