Amazon EKS Connector
This capability is not available in China Amazon Web Services Regions.
You can use Amazon EKS Connector to register and connect any conformant Kubernetes cluster to
Amazon and visualize it in the Amazon EKS console. After a cluster is connected, you can see the
status, configuration, and workloads for that cluster in the Amazon EKS console. You can use this
feature to view connected clusters in Amazon EKS console, but you can't manage them. The Amazon EKS
Connector can connect the following types of Kubernetes clusters to Amazon EKS. The Amazon EKS
Connector is also an open source
project on Github
-
On-premises Kubernetes clusters
-
Self-managed clusters that are running on Amazon EC2
-
Managed clusters from other cloud providers
Amazon EKS Connector considerations
Before you use Amazon EKS Connector, understand the following:
-
You must have administrative privileges to the Kubernetes cluster to connect the cluster to Amazon EKS.
-
The Kubernetes cluster must have Linux 64-bit (x86) worker nodes present before connecting. ARM worker nodes aren't supported.
-
You must have worker nodes in your Kubernetes cluster that have outbound access to the
ssm.
andssmmessages.
Systems Manager endpoints. For more information, see Systems Manager endpoints in the Amazon General Reference. -
By default, you can connect up to 10 clusters in a Region. You can request an increase through the service quota console. See Requesting a quota increase for more information.
-
Only the Amazon EKS
RegisterCluster
,ListClusters
,DescribeCluster
, andDeregisterCluster
APIs are supported for external Kubernetes clusters. -
You must have the following permissions to register a cluster:
-
eks:RegisterCluster
ssm:CreateActivation
ssm:DeleteActivation
-
iam:PassRole
-
You must have the following permissions to deregister a cluster:
-
eks:DeregisterCluster
-
ssm:DeleteActivation
-
ssm:DeregisterManagedInstance
-
Required IAM roles for Amazon EKS Connector
Using the Amazon EKS Connector requires the following two IAM roles:
-
The Amazon EKS Connector service-linked role is created when you register the cluster.
The Amazon EKS Connector agent IAM role must be created manually. See Amazon EKS connector IAM role for details.
To enable cluster and workload view permission for IAM principals, apply the
eks-connector
and Amazon EKS Connector cluster roles to your cluster. Follow
the steps in Granting access to an IAM principal to view Kubernetes
resources on a cluster.