Cluster authentication
Amazon EKS uses IAM to provide authentication to your Kubernetes cluster (through the
aws eks get-token
command, available in version
1.16.156
or later of the AWS CLI, or the AWS IAM Authenticator
for Kubernetes

Amazon EKS uses the authentication token to make the sts:GetCallerIdentity
call. As a result, AWS CloudTrail events with the name GetCallerIdentity
from the
source sts.amazonaws.com
can have Amazon EKS service IP addresses for their
source IP address.
Topics