Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

Understand security in Amazon EKS Connector

PDF
RSS
Focus mode
Understand security in Amazon EKS Connector - Amazon EKS
AWS responsibilitiesCustomer responsibilities

Help improve this page

To contribute to this user guide, choose the Edit this page on GitHub link that is located in the right pane of every page.

Help improve this page

To contribute to this user guide, choose the Edit this page on GitHub link that is located in the right pane of every page.

The Amazon EKS Connector is an open source component that runs on your Kubernetes cluster. This cluster can be located outside of the AWS environment. This creates additional considerations for security responsibilities. This configuration can be illustrated by the following diagram. Orange represents AWS responsibilities, and blue represents customer responsibilities:

EKS Connector Responsibilities

This topic describes the differences in the responsibility model if the connected cluster is outside of AWS.

AWS responsibilities

  • Maintaining, building, and delivering Amazon EKS Connector, which is an open source component that runs on a customer’s Kubernetes cluster and communicates with AWS.

  • Maintaining transport and application layer communication security between the connected Kubernetes cluster and AWS services.

Customer responsibilities

  • Kubernetes cluster specific security, specifically along the following lines:

    • Kubernetes secrets must be properly encrypted and protected.

    • Lock down access to the eks-connector namespace.

  • Configuring role-based access control (RBAC) permissions to manage IAM principal access from AWS. For instructions, see Grant access to view Kubernetes cluster resources on an Amazon EKS console.

  • Installing and upgrading Amazon EKS Connector.

  • Maintaining the hardware, software, and infrastructure that supports the connected Kubernetes cluster.

  • Securing their AWS accounts (for example, through safeguarding your root user credentials).

On this page

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.