Security - Modular and Scalable Amazon EKS Architecture


Amazon EKS uses IAM to provide authentication to your Kubernetes cluster (through the AWS IAM Authenticator for Kubernetes), but it still relies on native Kubernetes RBAC for authorization. This means that IAM is used only for authentication of valid IAM entities. All permissions for interacting with your Amazon EKS cluster’s Kubernetes API are managed through the native Kubernetes RBAC system. We recommend that you grant least-privilege access via Kubernetes RBAC.