{"id":179990,"date":"2024-05-30T20:49:31","date_gmt":"2024-05-30T19:49:31","guid":{"rendered":"https:\/\/liora.io\/en\/?p=179990"},"modified":"2026-02-06T07:59:37","modified_gmt":"2026-02-06T06:59:37","slug":"amazon-eks-cluster-what-is-it-whats-it-for","status":"publish","type":"post","link":"https:\/\/liora.io\/en\/amazon-eks-cluster-what-is-it-whats-it-for","title":{"rendered":"Amazon EKS Cluster: What is it? What&#8217;s it for?"},"content":{"rendered":"<style>\n.elementor-heading-title{padding:0;margin:0;line-height:1}.elementor-widget-heading .elementor-heading-title[class*=elementor-size-]>a{color:inherit;font-size:inherit;line-height:inherit}.elementor-widget-heading .elementor-heading-title.elementor-size-small{font-size:15px}.elementor-widget-heading .elementor-heading-title.elementor-size-medium{font-size:19px}.elementor-widget-heading .elementor-heading-title.elementor-size-large{font-size:29px}.elementor-widget-heading .elementor-heading-title.elementor-size-xl{font-size:39px}.elementor-widget-heading .elementor-heading-title.elementor-size-xxl{font-size:59px}<\/style><h2>Amazon Elastic Kubernetes Service (EKS) is a service offered by AWS that enables you to deploy, manage and scale containerized applications using Kubernetes technology, the powerful and widely adopted open-source container orchestrator.<\/h2>\t\t\n\t\t\t<h3>Defining a Kubernetes cluster<\/h3>\t\t\n\t\t<p>Before going into more detail on how <strong>Amazon EKS works,<\/strong> let&#8217;s take a look at what a Kubernetes cluster is. It&#8217;s a container management infrastructure that brings together a set of virtual or physical machines (called nodes) to run and orchestrate containerized applications.<a href=\"https:\/\/liora.io\/en\/why-kubernetes-has-become-an-indispensable-tool-in-data-science\"> Kubernetes (often abbreviated K8S)<\/a> provides a powerful and robust framework for deploying, scaling and managing containers.<\/p>\t\t\n\t\t\t<h3>Anatomy of an EKS cluster<\/h3>\t\t\n\t\t<p>An <strong>Amazon EKS cluster<\/strong> is made up of several interconnected elements that work together to run, manage and orchestrate your containerized applications. Understanding the architecture of an EKS cluster is essential to ensure its effective use and management.<\/p>\t\t\n\t\t\t<h3>The essential components of an EKS cluster<\/h3>\t\t\n\t\t<p>The table below shows the various components of an EKS cluster.<\/p>\t\t\n\t\t\t<style type=\"text\/css\">\n.tg  {border-collapse:collapse;border-spacing:0;}\n.tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;\n  overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;\n  font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg .tg-joig{background-color:#F3F3F3;border-color:inherit;font-family:\"Trebuchet MS\", Helvetica, sans-serif !important;\n  font-weight:bold;text-align:left;vertical-align:top}\n.tg .tg-9fff{background-color:#c0c0c0;border-color:inherit;font-family:\"Trebuchet MS\", Helvetica, sans-serif !important;\n  text-align:center;vertical-align:top}\n.tg .tg-b8mh{background-color:#F3F3F3;border-color:inherit;font-family:\"Trebuchet MS\", Helvetica, sans-serif !important;\n  text-align:left;vertical-align:top}\n<\/style>\n<table style=\"undefined;table-layout: fixed; width: 800px\">\n<colgroup>\n<col style=\"width: 60px\">\n<col style=\"width: 250px\">\n<col style=\"width: 490px\">\n<\/colgroup>\n<thead>\n  <tr>\n    <th><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image9-1.png\" width=\"50\" height=\"50\"><\/th>\n    <th>Worker Nodes<\/th>\n    <th>These are the machines where containers run. They are EC2 instances launched in the EKS cluster. Worker nodes are managed by the EKS control plane service and can be fully managed as needed (start or stop, as well as scaling).<\/th>\n  <\/tr>\n<\/thead>\n<tbody>\n  <tr>\n    <td><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image3-2.png\" width=\"50\" height=\"50\"><\/td>\n    <td>Control Plane<\/td>\n    <td>This is the central part of the architecture of an EKS cluster. It manages the entire system, including pod scheduling, workload distribution, update management, and cluster state monitoring. Managed entirely by AWS, you don&#8217;t have to worry about it directly.<\/td>\n  <\/tr>\n  <tr>\n    <td><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image14-1.png\" width=\"50\" height=\"50\"><\/td>\n    <td>API Server<\/td>\n    <td>The API server is an essential component of the Control Plane. It exposes the programming interface that allows users or tools to communicate with the EKS cluster.<\/td>\n  <\/tr>\n  <tr>\n    <td><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image11-1.png\" width=\"50\" height=\"50\"><\/td>\n    <td>Load Balancing<\/td>\n    <td>EKS clusters integrate load balancing services, such as ELB or NLB. These services intelligently distribute traffic between nodes running containers.<\/td>\n  <\/tr>\n  <tr>\n    <td><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image12-1.png\" width=\"50\" height=\"50\"><\/td>\n    <td>Amazon VPC (Virtual Private Cloud)<\/td>\n    <td>Amazon VPC is an AWS virtual network service that isolates and secures resources in an EKS cluster. Each EKS cluster is associated with one or more subnets, providing network isolation and logical segmentation for cluster resources.<\/td>\n  <\/tr>\n  <tr>\n    <td><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image6-2.png\" width=\"50\" height=\"50\"><\/td>\n    <td>IAM (Identity and Access Management)<\/td>\n    <td>IAM is the AWS identity management service. It allows for granular permissions management on roles and user permissions, restricting access to sensitive cluster resources.<\/td>\n  <\/tr>\n<\/tbody>\n<\/table>\n\t\t\t\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex is-content-justification-center\"><div class=\"wp-block-button \"><a class=\"wp-block-button__link wp-element-button \" href=\"\/en\/courses\/cloud-dev\/aws-solutions-architect\">Understanding the composition of an EKS cluster<\/a><\/div><\/div>\n\n\t\t\t<h3>EKS cluster architecture<\/h3>\t\t\n\t\t<p>Now that we&#8217;ve defined the fundamental elements of an <strong>EKS cluster,<\/strong> let&#8217;s see how it&#8217;s all organized.<\/p><p>The diagram below illustrates the interconnections between the various elements:<\/p>\t\t\n\t\t\t<style>\n.elementor-widget-image{text-align:center}.elementor-widget-image a{display:inline-block}.elementor-widget-image a img[src$=\".svg\"]{width:48px}.elementor-widget-image img{vertical-align:middle;display:inline-block}<\/style>\t\t\t\t\t\t\t\t\t<figure>\n\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image4-1.png\" title=\"\" alt=\"\" loading=\"lazy\">\t\t\t\t\t\t\t\t\t\t\t<figcaption><\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t<ol><li style=\"font-weight: 400;\" aria-level=\"1\">The first step is to provision your <strong>EKS cluster.<\/strong> The master node will be deployed automatically by EKS. This node will therefore contain the appropriate control center to enable you to manage your resources.<\/li><li style=\"font-weight: 400;\" aria-level=\"1\">The next step is to deploy your worker nodes. These are nothing more or less than <a href=\"https:\/\/liora.io\/en\/aws-ec2-how-to-use-amazons-tool\">a group of EC2 instances.<\/a><\/li><li style=\"font-weight: 400;\" aria-level=\"1\">To properly deploy your workloads in your work nodes, you&#8217;ll need to connect them to EKS.<\/li><li style=\"font-weight: 400;\" aria-level=\"1\">To do this, you&#8217;ll mainly be using Kubectl (CLI), a widely-used tool for creating and deploying your workloads.<\/li><li style=\"font-weight: 400;\" aria-level=\"1\">Now your containerized applications deployed in your clusters are up and running, ready to be run inside the cluster or exposed to the outside world.<\/li><\/ol>\t\t\n\t\t\t\t\t\t\t\t\t\t\t\t<figure>\n\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image1-2.png\" title=\"\" alt=\"\" loading=\"lazy\">\t\t\t\t\t\t\t\t\t\t\t<figcaption><\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t<h3>How do you secure EKS clusters?<\/h3>\t\t\n\t\t<p>Every<strong> EKS <a href=\"https:\/\/liora.io\/en\/amazon-emr-a-cluster-management-tool-managed-by-aws\">cluster<\/a><\/strong> needs to be secure, to protect applications and data from potential threats. Amazon EKS offers a range of tools and best practices to <a href=\"https:\/\/liora.io\/en\/amazon-emr-a-cluster-management-tool-managed-by-aws\">help you protect your clusters.<\/a><\/p>\t\t\n\t\t\t<style type=\"text\/css\">\n.tg  {border-collapse:collapse;border-spacing:0;}\n.tg td{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;\n  overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg th{border-color:black;border-style:solid;border-width:1px;font-family:Arial, sans-serif;font-size:14px;\n  font-weight:normal;overflow:hidden;padding:10px 5px;word-break:normal;}\n.tg .tg-9fff{background-color:#c0c0c0;border-color:inherit;font-family:\"Trebuchet MS\", Helvetica, sans-serif !important;\n  text-align:center;vertical-align:top}\n.tg .tg-15qk{background-color:#efefef;border-color:inherit;font-family:\"Trebuchet MS\", Helvetica, sans-serif !important;\n  font-weight:bold;text-align:left;vertical-align:top}\n.tg .tg-9lmj{background-color:#efefef;border-color:inherit;font-family:\"Trebuchet MS\", Helvetica, sans-serif !important;\n  text-align:left;vertical-align:top}\n<\/style>\n<table style=\"undefined;table-layout: fixed; width: 800px\">\n<colgroup>\n<col style=\"width: 60px\">\n<col style=\"width: 250px\">\n<col style=\"width: 490px\">\n<\/colgroup>\n<thead>\n  <tr>\n    <th><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image8-1.png\" width=\"50\" height=\"50\"><\/th>\n    <th>Role-Based Access Control (RBAC)<\/th>\n    <th>EKS uses Kubernetes&#8217; RBAC to manage user and application permissions. With RBAC, you can define roles, groups, and authentication bindings to control access to EKS cluster resources.<\/th>\n  <\/tr>\n<\/thead>\n<tbody>\n  <tr>\n    <td><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image10-1.png\" width=\"50\" height=\"50\"><\/td>\n    <td>Network Access Control (NAC) Policies<\/td>\n    <td>EKS NAC allows control over network communications between pods, services, and worker nodes in a cluster. You can define fine-grained security rules based on IP addresses, ports, and protocols to restrict data flows and prevent unauthorized access.<\/td>\n  <\/tr>\n  <tr>\n    <td><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image13-1.png\" width=\"50\" height=\"50\"><\/td>\n    <td>Data Encryption<\/td>\n    <td>EKS supports data encryption. You can use SSL\/TLS certificates to secure communications between cluster components. To ensure data stored confidentiality, AWS services like EBS and S3 can be utilized.<\/td>\n  <\/tr>\n  <tr>\n    <td><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image6-2.png\" width=\"50\" height=\"50\"><\/td>\n    <td>Identity and Access Management (IAM)<\/td>\n    <td>As mentioned earlier, IAM allows you to manage identities and resource access for your EKS cluster by defining roles with specific permissions.<\/td>\n  <\/tr>\n  <tr>\n    <td><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image2-1.png\" width=\"50\" height=\"50\"><\/td>\n    <td>Security Updates and Patches<\/td>\n    <td>EKS provides regular updates and patches. It&#8217;s essential to keep your EKS cluster up to date by applying recommended updates to benefit from the latest security enhancements and vulnerability patches.<\/td>\n  <\/tr>\n  <tr>\n    <td><img decoding=\"async\" src=\"https:\/\/liora.io\/app\/uploads\/2023\/07\/image5-1.png\" width=\"50\" height=\"50\"><\/td>\n    <td>Monitoring and Audit<\/td>\n    <td>Like most AWS services, EKS offers built-in monitoring and audit features to help you detect suspicious activities and identify potential security issues. Services like CloudWatch or CloudTrail allow you to collect activity logs and take corrective actions.<\/td>\n  <\/tr>\n<\/tbody>\n<\/table>\n\t\t\t<h3>Conclusion<\/h3>\t\t\n\t\t<p>The <strong>Amazon Elastic Kubernetes Service (EKS)<\/strong> solution offers a powerful, scalable platform for deploying and managing containerized applications. In this article, we explore the different aspects of an<strong> EKS cluster.<\/strong><\/p><p>It&#8217;s essential to follow best practices and security recommendations to ensure the protection of your EKS cluster.<\/p><p>By keeping your cluster up-to-date, applying security patches, controlling access and actively monitoring activity, you can enhance the security of your EKS cluster and ensure that your applications run smoothly.<\/p>\t\t\n\t\t\t\n<div class=\"wp-block-buttons is-layout-flex wp-block-buttons-is-layout-flex is-content-justification-center\"><div class=\"wp-block-button \"><a class=\"wp-block-button__link wp-element-button \" href=\"\/en\/courses\/cloud-dev\/aws-solutions-architect\">Start an AWS training course<\/a><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Amazon Elastic Kubernetes Service (EKS) is a service offered by AWS that enables you to deploy, manage and scale containerized applications using Kubernetes technology, the powerful and widely adopted open-source container orchestrator. Defining a Kubernetes cluster Before going into more detail on how Amazon EKS works, let&#8217;s take a look at what a Kubernetes cluster [&hellip;]<\/p>\n","protected":false},"author":76,"featured_media":179992,"comment_status":"open","ping_status":"open","sticky":false,"template":"elementor_theme","format":"standard","meta":{"_acf_changed":false,"editor_notices":[],"footnotes":""},"categories":[2434],"class_list":["post-179990","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cloud-dev"],"acf":[],"_links":{"self":[{"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/posts\/179990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/users\/76"}],"replies":[{"embeddable":true,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/comments?post=179990"}],"version-history":[{"count":1,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/posts\/179990\/revisions"}],"predecessor-version":[{"id":205713,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/posts\/179990\/revisions\/205713"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/media\/179992"}],"wp:attachment":[{"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/media?parent=179990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/liora.io\/en\/wp-json\/wp\/v2\/categories?post=179990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}