Amazon EKS optimized Windows AMIs - Amazon EKS

Amazon EKS optimized Windows AMIs

Windows Amazon EKS optimized AMIs are built on top of Windows Server 2019 and Windows Server 2022. They are configured to serve as the base image for Amazon EKS nodes. By default, the AMIs include the following components:

Note

You can track security or privacy events for Windows Server with the Microsoft security update guide.

Amazon EKS offers AMIs that are optimized for Windows containers in the following variants:

  • Amazon EKS-optimized Windows Server 2019 Core AMI

  • Amazon EKS-optimized Windows Server 2019 Full AMI

  • Amazon EKS-optimized Windows Server 2022 Core AMI

  • Amazon EKS-optimized Windows Server 2022 Full AMI

Note

The Amazon EBS CSI driver version 1.12 or higher has support for Windows Server 2022, but it hasn't been released as an add-on. To enable support, you can install the driver using Helm. Refer to the aws-ebs-csi-driver Windows README.md on GitHub.

Important

The Amazon EKS-optimized Windows Server 20H2 Core AMI is deprecated. No new versions of this AMI will be released.

The latest Amazon EKS optimized AMI IDs are in the following tables. You can also retrieve the IDs with an AWS Systems Manager parameter using different tools. For more information, see Retrieving Amazon EKS optimized Windows AMI IDs.

Both Windows Server 2019 and Windows Server 2022 are Long-Term Servicing Channel (LTSC) releases, whereas Versions 20H2 is a Semi-Annual Channel (SAC) release. We no longer support SAC releases. For more information about these release types, see Windows Server release information in the Microsoft documentation. For more information about Windows OS version support, see Intro to Windows support in Kubernetes.

1.24
Kubernetes version 1.24
AWS Region Windows Server 2022 Core Windows Server 2022 Full Windows Server 2019 Core Windows Server 2019 Full
US East (Ohio) (us-east-2) View AMI ID View AMI ID View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Jakarta) (ap-southeast-3) View AMI ID View AMI ID View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID View AMI ID View AMI ID
Middle East (UAE) (me-central-1) View AMI ID View AMI ID View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID View AMI ID View AMI ID
1.23
Kubernetes version 1.23
AWS Region Windows Server 2022 Core Windows Server 2022 Full Windows Server 2019 Core Windows Server 2019 Full
US East (Ohio) (us-east-2) View AMI ID View AMI ID View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID View AMI ID View AMI ID
Asia Pacific (Jakarta) (ap-southeast-3) View AMI ID View AMI ID View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID View AMI ID View AMI ID
Middle East (UAE) (me-central-1) View AMI ID View AMI ID View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID View AMI ID View AMI ID
1.22
Kubernetes version 1.22
AWS Region Windows Server 2019 Core Windows Server 2019 Full
US East (Ohio) (us-east-2) View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID
Asia Pacific (Jakarta) (ap-southeast-3) View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID
Middle East (UAE) (me-central-1) View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID
1.21
Kubernetes version 1.21
AWS Region Windows Server 2019 Core Windows Server 2019 Full
US East (Ohio) (us-east-2) View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID
Asia Pacific (Jakarta) (ap-southeast-3) View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID
Middle East (UAE) (me-central-1) View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID
1.20
Kubernetes version 1.20
AWS Region Windows Server 2019 Core Windows Server 2019 Full
US East (Ohio) (us-east-2) View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID
Asia Pacific (Jakarta) (ap-southeast-3) View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID
1.19
Kubernetes version 1.19
AWS Region Windows Server 2019 Core Windows Server 2019 Full
US East (Ohio) (us-east-2) View AMI ID View AMI ID
US East (N. Virginia) (us-east-1) View AMI ID View AMI ID
US West (Oregon) (us-west-2) View AMI ID View AMI ID
US West (N. California) (us-west-1) View AMI ID View AMI ID
Africa (Cape Town) (af-south-1) View AMI ID View AMI ID
Asia Pacific (Hong Kong) (ap-east-1) View AMI ID View AMI ID
Asia Pacific (Mumbai) (ap-south-1) View AMI ID View AMI ID
Asia Pacific (Tokyo) (ap-northeast-1) View AMI ID View AMI ID
Asia Pacific (Seoul) (ap-northeast-2) View AMI ID View AMI ID
Asia Pacific (Osaka) (ap-northeast-3) View AMI ID View AMI ID
Asia Pacific (Singapore) (ap-southeast-1) View AMI ID View AMI ID
Asia Pacific (Sydney) (ap-southeast-2) View AMI ID View AMI ID
Asia Pacific (Jakarta) (ap-southeast-3) View AMI ID View AMI ID
Canada (Central) (ca-central-1) View AMI ID View AMI ID
China (Beijing) (cn-north-1) View AMI ID View AMI ID
China (Ningxia) (cn-northwest-1) View AMI ID View AMI ID
Europe (Frankfurt) (eu-central-1) View AMI ID View AMI ID
Europe (Ireland) (eu-west-1) View AMI ID View AMI ID
Europe (London) (eu-west-2) View AMI ID View AMI ID
Europe (Milan) (eu-south-1) View AMI ID View AMI ID
Europe (Paris) (eu-west-3) View AMI ID View AMI ID
Europe (Stockholm) (eu-north-1) View AMI ID View AMI ID
Middle East (Bahrain) (me-south-1) View AMI ID View AMI ID
South America (São Paulo) (sa-east-1) View AMI ID View AMI ID
AWS GovCloud (US-East) (us-gov-east-1) View AMI ID View AMI ID
AWS GovCloud (US-West) (us-gov-west-1) View AMI ID View AMI ID

Amazon EKS Windows AMI release calendar

The following table lists the release and end of support dates for Windows versions on Amazon EKS. If an end date is blank, it's because the version is still supported.

Windows version Amazon EKS release Amazon EKS end of support
Windows Server 2022 Core 10/17/2022
Windows Server 2022 Full 10/17/2022
Windows Server 20H2 Core 8/12/2021 8/9/2022
Windows Server 2004 Core 8/19/2020 12/14/2021
Windows Server 2019 Core 10/7/2019
Windows Server 2019 Full 10/7/2019
Windows Server 1909 Core 10/7/2019 12/8/2020

Bootstrap script configuration parameters

When you create a Windows node, there's a script on the node that allows for configuring different parameters. Depending on your setup, this script can be found on the node at a location similar to: C:\Program Files\Amazon\EKS\Start-EKSBootstrap.ps1. The script includes the following parameters:

  • -EKSClusterName – Specifies the Amazon EKS cluster name for this worker node to join.

  • -KubeletExtraArgs – Specifies extra arguments for kubelet (optional).

  • -KubeProxyExtraArgs – Specifies extra arguments for kube-proxy (optional).

  • -APIServerEndpoint – Specifies the Amazon EKS cluster API server endpoint (optional). Only valid when used with -Base64ClusterCA. Bypasses calling Get-EKSCluster.

  • -Base64ClusterCA – Specifies the base64 encoded cluster CA content (optional). Only valid when used with -APIServerEndpoint. Bypasses calling Get-EKSCluster.

  • -DNSClusterIP – Overrides the IP address to use for DNS queries within the cluster (optional). Defaults to 10.100.0.10 or 172.20.0.10 based on the IP address of the primary interface.

  • -ContainerRuntime – Specifies the container runtime to be used on the node.

Enable the containerd runtime bootstrap flag

For Kubernetes version 1.23 or earlier, you can use an optional bootstrap flag to enable the containerd runtime for Amazon EKS optimized Windows AMIs. This feature gives you a clear path to migrate to containerd when updating to version 1.24 or later. Amazon EKS ended support for Docker starting with the Kubernetes version 1.24 launch. For more information, see Amazon EKS ended support for Dockershim.

For Amazon EKS version 1.23 or earlier, the supported values for the container runtime are docker and containerd. The container runtime is specified when launching the Windows nodes using either eksctl or the AWS Management Console.

  • If the specified value is docker and the Amazon EKS version is 1.23 or earlier, then Docker is used as the runtime on the node.

  • If the specified value is containerd and the Amazon EKS version is later than 1.20, then containerd is selected as the runtime. If the Amazon EKS version is earlier than 1.21, then the bootstrap fails and nodes are unable to join the cluster.

  • If any other value is specified, then the bootstrap fails and the node isn't able to join the cluster.

  • If this flag isn't specified, then the default value of the container runtime is selected. For Amazon EKS version 1.23 and earlier, the default is Docker. For 1.24 and later clusters, it is containerd.

When launching Windows nodes in your Amazon EKS cluster, follow the steps in Launching self-managed Windows nodes. Windows self-managed nodes with the containerd runtime can be launched using eksctl or the AWS Management Console.

eksctl

To enable the containerd runtime with eksctl

For Windows self-managed nodes, the container runtime can be specified in the configuration while creating new node groups. You can use the following test-windows-with-containerd.yaml as reference.

Note

You must use eksctl version 0.95.0 or later to use the containerRuntime setting in the configuration file.

apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: windows-containerd-cluster region: us-west-2 version: '1.21' nodeGroups: - name: windows-ng instanceType: m5.2xlarge amiFamily: WindowsServer2019FullContainer volumeSize: 100 minSize: 2 maxSize: 3 containerRuntime: containerd - name: linux-ng amiFamily: AmazonLinux2 minSize: 2 maxSize: 3

The node groups can then be created using the following command.

eksctl create cluster -f test-windows-with-containerd.yaml
Note

Starting with eksctl version 0.95, you can no longer use preBootstrapCommands to configure ContainerRuntime for Windows nodes.

For more information, see Creating a nodegroup from a config file, defining containerd runtime, and Config file schema in the eksctl documentation.

AWS Management Console

To enable the containerd runtime with the AWS Management Console

In the AWS CloudFormation template, there's a parameter named BootstrapArguments which can be used to pass in additional arguments to the bootstrap script. A parameter named ContainerRuntime can be used to select a particular runtime on the node.

Specify the following in BootstrapArguments to enable the containerd runtime:

-ContainerRuntime containerd

Launch self-managed Windows Server 2022 nodes with eksctl

Amazon EKS optimized Windows Server 2022 AMIs are available for Kubernetes version 1.23 or higher. You can use the following test-windows-2022.yaml as reference for running Windows Server 2022 as self-managed nodes.

Note

You must use eksctl version 0.116.0 or later to run self-managed Windows Server 2022 nodes.

apiVersion: eksctl.io/v1alpha5 kind: ClusterConfig metadata: name: windows-2022-cluster region: us-west-2 version: '1.23' nodeGroups: - name: windows-ng instanceType: m5.2xlarge amiFamily: WindowsServer2022FullContainer volumeSize: 100 minSize: 2 maxSize: 3 - name: linux-ng amiFamily: AmazonLinux2 minSize: 2 maxSize: 3

The node groups can then be created using the following command.

eksctl create cluster -f test-windows-2022.yaml