Deploy Amazon resources from Kubernetes with Amazon Controllers for Kubernetes (ACK) - Amazon EKS
How ACK WorksBenefits of ACKSupported Amazon ServicesIntegration with Other EKS Managed CapabilitiesGetting Started with ACK
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Help improve this page

To contribute to this user guide, choose the Edit this page on GitHub link that is located in the right pane of every page.

Deploy Amazon resources from Kubernetes with Amazon Controllers for Kubernetes (ACK)

Amazon Controllers for Kubernetes (ACK) lets you define and manage Amazon service resources directly from Kubernetes. With Amazon Controllers for Kubernetes (ACK), you can manage workload resources and cloud infrastructure using Kubernetes custom resources, right alongside your application workloads using familiar Kubernetes APIs and tools.

With EKS Capabilities, ACK is fully managed by Amazon, eliminating the need to install, maintain, and scale ACK controllers on your clusters.

How ACK Works

ACK translates Kubernetes custom resource specifications into Amazon API calls. When you create, update, or delete a Kubernetes custom resource representing an Amazon service resource, ACK makes the required Amazon API calls to create, update, or delete the Amazon resource.

Each Amazon resource supported by ACK has its own custom resource definition (CRD) that defines the Kubernetes API schema for specifying its configuration. For example, ACK provides CRDs for S3 including buckets, bucket policies, and other S3 resources.

ACK continuously reconciles the state of your Amazon resources with the desired state defined in your Kubernetes custom resources. If a resource drifts from its desired state, ACK detects this and takes corrective action to bring it back into alignment. Changes to Kubernetes resources are immediately reflected in Amazon resource state, while passive drift detection and remediation of upstream Amazon resource changes can take as long as 10 hours (the resync period), but will typically occur much sooner.

Example S3 Bucket resource manifest 

apiVersion: s3.services.k8s.aws/v1alpha1
kind: Bucket
metadata:
  name: my-ack-bucket
spec:
  name: my-unique-bucket-name

When you apply this custom resource to your cluster, ACK creates an Amazon S3 bucket in your account if it does not yet exist. Subsequent changes to this resource, for example specifying a non-default storage tier or adding a policy, will be applied to the S3 resource in Amazon. When this resource is deleted from the cluster, the S3 bucket in Amazon is deleted by default.

Benefits of ACK

ACK provides Kubernetes-native Amazon resource management, allowing you to manage Amazon resources using the same Kubernetes APIs and tools you use for your applications. This unified approach simplifies your infrastructure management workflow by eliminating the need to switch between different tools or learn separate infrastructure-as-code systems. You define your Amazon resources declaratively in Kubernetes manifests, enabling GitOps workflows and infrastructure as code practices that integrate seamlessly with your existing development processes.

ACK continuously reconciles the desired state of your Amazon resources with their actual state, correcting drift and ensuring consistency across your infrastructure. This continuous reconciliation means that imperative out-of-band changes to Amazon resources are automatically reverted to match your declared configuration, maintaining the integrity of your infrastructure as code. You can configure ACK to manage resources across multiple Amazon accounts and regions, enabling complex multi-account architectures with no additional tooling.

For organizations migrating from other infrastructure management tools, ACK supports resource adoption, allowing you to bring existing Amazon resources under ACK management without recreating them. ACK also provides read-only resources for Amazon resource observation without modification access, and annotations to optionally retain Amazon resources even when the Kubernetes resource is deleted from the cluster.

To learn more and get started with the EKS Capability for ACK, see ACK concepts and ACK considerations for EKS.

Supported Amazon Services

ACK supports a wide range of Amazon services, including but not limited to:

  • Amazon EC2

  • Amazon S3

  • Amazon RDS

  • Amazon DynamoDB

  • Amazon ElastiCache

  • Amazon EKS

  • Amazon SQS

  • Amazon SNS

  • Amazon Lambda

  • Amazon IAM

All Amazon services listed as Generally Available upstream are supported by the EKS Capability for ACK. Refer to the full list of Amazon services supported for details.

Integration with Other EKS Managed Capabilities

ACK integrates with other EKS Managed Capabilities.

  • Argo CD: Use Argo CD to manage the deployment of ACK resources across multiple clusters, enabling GitOps workflows for your Amazon infrastructure.

    • ACK extends the benefits of GitOps when paired with ArgoCD, but ACK does not require integration with git.

  • kro (Kube Resource Orchestrator): Use kro to compose complex resources from ACK resources, creating higher-level abstractions that simplify resource management.

    • You can create composite custom resources with kro that define both Kubernetes resources and Amazon resources. Team members can use these custom resources to quickly deploy complex applications.

Getting Started with ACK

To get started with the EKS Capability for ACK:

  1. Create and configure an IAM Capability Role with the necessary permissions for ACK to manage Amazon resources on your behalf.

  2. Create an ACK capability resource on your EKS cluster through the Amazon Console, Amazon CLI, or your preferred infrastructure as code tool.

  3. Apply Kubernetes custom resources to your cluster to start managing your Amazon resources in Kubernetes.