Best practices for using Amazon EKS - Modular and Scalable Amazon EKS Architecture

Best practices for using Amazon EKS

Use CloudFormation for ongoing management

We recommend using AWS CloudFormation to manage updating and deleting the resources that are created by this Quick Start. Using the Amazon EC2 console, AWS CLI, or API to change or delete created by this Quick Start can cause future AWS CloudFormation operations on the stack to behave unexpectedly.

Monitor additional resource usage

This deployment enables users of the Amazon EKS cluster to be able to create Elastic Load Balancing load balancers and Amazon EBS volumes as part of their Kubernetes applications. As these carry additional costs, we recommend that you grant users of the Amazon EKS cluster only the permissions they require via Kubernetes Role Based Access Control (RBAC) and that you monitor the resource usage by using the Kubernetes CLI or the Kubernetes API to describe the persistent volume claims (PVC) and LoadBalancer resources across all namespaces. To disable this functionality, you can update the ControlPlaneRole IAM role created in the IAM child stack to deny the Kubernetes control plane access to specific AWS APIs like ec2:CreateVolume or elb:CreateLoadBalancer.