AWS EKS — Elastic Kubernetes Service
AWS EKS — Elastic Kubernetes Service
Section titled “AWS EKS — Elastic Kubernetes Service”Amazon Elastic Kubernetes Service (EKS) is a managed Kubernetes service that removes the complexity of running and maintaining the Kubernetes control plane. You focus on deploying applications; AWS manages etcd, the API server, and control-plane updates.
In Azure terms: AWS EKS = Azure Kubernetes Service (AKS)
EKS Architecture
Section titled “EKS Architecture”EKS Cluster├── Control Plane (managed by AWS)│ ├── API Server│ ├── etcd│ └── Scheduler / Controller Manager└── Data Plane (your nodes) ├── Managed Node Group (EC2) ├── Self-managed Node Group (EC2) └── Fargate Profile (serverless)Node Types
Section titled “Node Types”| Type | Description | Best For |
|---|---|---|
| Managed Node Groups | AWS manages EC2 nodes — provisioning, updates, draining | Standard workloads |
| Self-managed Nodes | You manage EC2 nodes manually | Custom AMIs, fine control |
| Fargate Profiles | Serverless — no EC2 to manage; pods run on Fargate | Batch jobs, isolation, simplicity |
| Karpenter | Open-source node provisioner — faster scaling than Cluster Autoscaler | Cost-optimized autoscaling |
IAM Integration — IRSA
Section titled “IAM Integration — IRSA”IRSA (IAM Roles for Service Accounts) lets Kubernetes pods assume IAM roles without storing credentials:
# Service account with IRSA annotationapiVersion: v1kind: ServiceAccountmetadata: name: s3-reader namespace: default annotations: eks.amazonaws.com/role-arn: arn:aws:iam::123456789:role/eks-s3-read-roleAny pod using this service account can call S3 with the permissions of that IAM role — no credentials in the container. This is equivalent to Azure Workload Identity in AKS.
Key EKS Add-ons
Section titled “Key EKS Add-ons”| Add-on | Purpose |
|---|---|
| AWS Load Balancer Controller | Provisions ALB/NLB from Kubernetes Ingress/Service objects |
| Amazon EBS CSI Driver | Dynamic provisioning of EBS volumes for PersistentVolumeClaims |
| Amazon EFS CSI Driver | Shared ReadWriteMany volumes via EFS |
| CoreDNS | DNS resolution inside the cluster |
| kube-proxy | Network rules on each node |
| VPC CNI | Pod networking — each pod gets a real VPC IP address |
| AWS Secrets Manager CSI | Mount secrets from Secrets Manager/SSM as files |
EKS vs AKS Comparison
Section titled “EKS vs AKS Comparison”| Feature | AWS EKS | Azure AKS |
|---|---|---|
| Managed control plane | Yes | Yes |
| Node types | EC2, Fargate | VMs, Virtual Nodes (ACI) |
| Node autoscaling | Cluster Autoscaler / Karpenter | Cluster Autoscaler / KEDA |
| Pod identity | IRSA | Azure Workload Identity |
| Container registry | ECR | ACR |
| Ingress | AWS Load Balancer Controller (ALB) | AGIC (App Gateway) / NGINX |
| Storage CSI | EBS, EFS CSI drivers | Azure Disk, Azure File CSI |
| Monitoring | CloudWatch Container Insights + X-Ray | Azure Monitor / Container Insights |
| Networking | VPC CNI (native pod IPs) | Azure CNI / Kubenet |
| Pricing | Control plane: $0.10/hour + node costs | Control plane: free + node costs |
EKS control plane costs $0.10/hour (~$72/month) per cluster. AKS control plane is free.
Getting Started with EKS
Section titled “Getting Started with EKS”# Install eksctl# https://eksctl.io/installation/
# Create a cluster (takes ~15 minutes)eksctl create cluster \ --name my-cluster \ --region us-east-1 \ --nodegroup-name standard-nodes \ --node-type t3.medium \ --nodes 3 \ --nodes-min 1 \ --nodes-max 5 \ --managed
# Configure kubectlaws eks update-kubeconfig --region us-east-1 --name my-cluster
# Verifykubectl get nodeskubectl get pods -A
# Deploy a sample appkubectl create deployment nginx --image=nginxkubectl expose deployment nginx --port=80 --type=LoadBalancer
# Delete the clustereksctl delete cluster --name my-cluster --region us-east-1Fargate Profile
Section titled “Fargate Profile”Run pods on Fargate — no node management:
# eksctl Fargate profileapiVersion: eksctl.io/v1alpha5kind: ClusterConfigmetadata: name: my-cluster region: us-east-1
fargateProfiles: - name: default selectors: - namespace: default - namespace: kube-systemCost Optimization Tips
Section titled “Cost Optimization Tips”- Use Spot instances for non-critical workloads in managed node groups
- Use Karpenter instead of Cluster Autoscaler for faster, cost-aware scaling
- Right-size nodes with AWS Compute Optimizer recommendations
- Use Fargate only for small or bursty workloads (Fargate is more expensive per CPU/RAM)
- Set resource requests and limits on all pods to prevent over-provisioning