Cluster authentication
Amazon EKS uses IAM to provide authentication to your Kubernetes cluster (through the aws
eks get-token
command, available in version 1.16.156
or
later of the Amazon CLI, or the Amazon IAM Authenticator
for Kubernetes

Note
Amazon EKS uses the authentication token to make the sts:GetCallerIdentity
call. As a result, Amazon CloudTrail events with the name GetCallerIdentity
from the
source sts.amazonaws.com
can have Amazon EKS service IP addresses for their
source IP address.