Amazon EKS on Amazon Outposts
Important
Amazon EKS on Amazon Outposts isn't supported in this Amazon Web Services Region.
You can use Amazon EKS to run on-premises Kubernetes applications on Amazon Outposts. You can deploy Amazon EKS on Outposts in the following ways:
-
Extended clusters – Run the Kubernetes control plane in an Amazon Web Services Region and nodes on your Outpost.
-
Local clusters – Run the Kubernetes control plane and nodes on your Outpost.
For both deployment options, the Kubernetes control plane is fully managed by Amazon. You can use the same Amazon EKS APIs, tools, and console that you use in the cloud to create and run Amazon EKS on Outposts.
The following diagram shows these deployment options.

When to use each deployment option
Both local and extended clusters are general-purpose deployment options and can be used for a range of applications.
With local clusters, you can run the entire Amazon EKS cluster locally on Outposts. This option can mitigate the risk of application downtime that might result from temporary network disconnects to the cloud. These network disconnects can be caused by fiber cuts or weather events. Because the entire Amazon EKS cluster runs locally on Outposts, applications remain available. You can perform cluster operations during network disconnects to the cloud. For more information, see Preparing for network disconnects. If you're concerned about the quality of the network connection from your Outposts to the parent Amazon Web Services Region and require high availability through network disconnects, use the local cluster deployment option.
With extended clusters, you can conserve capacity on your Outpost because the Kubernetes
control plane runs in the parent Amazon Web Services Region. This option is suitable if you can invest
in reliable, redundant network connectivity from your Outpost to the Amazon Web Services Region. The
quality of the network connection is critical for this option. The way that Kubernetes
handles network disconnects between the Kubernetes control plane and nodes might lead to
application downtime. For more information on the behavior of Kubernetes, see Scheduling,
Preemption, and Eviction
Comparing the deployment options
The following table compares the differences between the two options.
Feature | Extended cluster | Local cluster |
---|---|---|
Kubernetes control plane location |
Amazon Web Services Region |
Outpost |
Kubernetes control plane account |
Amazon Web Services account |
Your account |
Regional availability |
See Service endpoints | US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Tokyo), Asia Pacific (Sydney), Canada (Central), Europe (Frankfurt), Europe (London), Middle East (Bahrain), and South America (São Paulo) |
Kubernetes minor versions |
||
Platform versions |
See Amazon EKS platform versions | See Amazon EKS local cluster platform versions |
Outpost form factors |
Outpost racks | Outpost racks |
User interfaces |
Amazon Web Services Management Console, Amazon CLI, Amazon EKS API, |
Amazon Web Services Management Console, Amazon CLI, Amazon EKS API, eksctl , Amazon CloudFormation, and Terraform |
Managed policies |
AmazonEKSClusterPolicy and AmazonEKSServiceRolePolicy | AmazonEKSLocalOutpostClusterPolicy and AmazonEKSLocalOutpostServiceRolePolicy |
Cluster VPC and subnets |
See Amazon EKS VPC and subnet requirements and considerations | See Amazon EKS local cluster VPC and subnet requirements and considerations |
Cluster endpoint access |
Public or private or both | Private only |
Kubernetes API server authentication |
Amazon Identity and Access Management (IAM) and OIDC |
IAM and |
Node types |
Self-managed only | Self-managed only |
Node compute types |
Amazon EC2 on-demand |
Amazon EC2 on-demand |
Node storage types | Amazon EBS |
Amazon EBS |
Amazon EKS optimized AMIs |
Amazon Linux, Windows, and Bottlerocket | Amazon Linux only |
IP versions |
|
|
Add-ons |
Amazon EKS add-ons or self-managed add-ons | Self-managed add-ons only |
Default Container Network Interface |
Amazon VPC CNI plugin for Kubernetes |
Amazon VPC CNI plugin for Kubernetes |
Kubernetes control plane logs |
Amazon CloudWatch Logs |
Amazon CloudWatch Logs |
Load balancing |
Use the Amazon Load Balancer Controller to provision Application Load Balancers only (no Network Load Balancers) | Use the Amazon Load Balancer Controller to provision Application Load Balancers only (no Network Load Balancers) |
Secrets envelope encryption | See Enabling secret encryption on an existing cluster | Not supported |
IAM roles for service accounts | See IAM roles for service accounts | Not supported |
Troubleshooting |
See Amazon EKS troubleshooting | See Troubleshooting local clusters for Amazon EKS on Amazon Outposts |