Back to blog

EKS Cluster: The Basics and Creating Your First Cluster

Itay Gershon

Product Manager, Intel Granulate

What Is AWS EKS?

Amazon Web Services (AWS) Elastic Kubernetes Service (EKS) is a managed container service that allows users to run and scale Kubernetes applications in the AWS cloud or on-premises. 

EKS automates key tasks such as patch management, node provisioning, and updates, making it easier to deploy, manage, and scale containerized applications using Kubernetes on AWS.

EKS integrates with other AWS services to provide scalability and security for your applications, including Amazon Elastic Compute Cloud (EC2) for computing capacity and Amazon VPC for isolation. By leveraging AWS EKS, developers can focus on building their applications without having to manage the underlying infrastructure.

In this article:

Amazon EKS Cluster Architecture

An Amazon EKS cluster is structured around two main components: the control plane and worker nodes. 

The control plane manages the cluster’s Kubernetes software, including etcd and the Kubernetes API server, ensuring that it runs across multiple Availability Zones for high availability. It operates on EC2 instances within an AWS-managed account, securely interacting with worker nodes through an exposed API endpoint.

Worker nodes, residing in the user’s AWS account, execute the container workloads assigned by the control plane. These nodes connect to the control plane via its API server endpoint and a unique certificate file for each cluster. 

This architecture supports a secure and scalable environment for deploying containerized applications, leveraging AWS services like Elastic Load Balancing and Elastic Network Interfaces to ensure reliable communication between the control plane and worker nodes.

On Demand Webinar: Lower your TCO of Kubernetes ebook CTA

What Is AWS Cluster Insights?

AWS Cluster Insights for Amazon EKS offers recommendations that can help users adhere to best practices for Amazon EKS and Kubernetes. It conducts regular, automatic checks against a list of best practices curated by Amazon EKS, providing insights into the cluster’s operational status. These checks are managed by EKS and include advice on addressing identified issues, focusing on readiness for Kubernetes version upgrades.

The service simplifies upgrade planning by identifying potential issues that might affect cluster upgrades, ensuring application reliability on newer Kubernetes versions. By scanning clusters against a continuously updated list of checks, it aids administrators in preparing for upgrades and allows them to leverage the latest Kubernetes features with confidence. 

Insights are updated periodically, with no manual refresh option available; users must wait for the next cycle to see updates after resolving issues.

Tutorial: Creating an Amazon EKS Cluster 


Before deploying an Amazon EKS cluster, make sure you have an existing VPC and subnets that comply with EKS requirements. If these resources are not already in place, they can be created using the official EKS CloudFormation template.

Additionally, the kubectl command line tool must be installed on your device or within AWS CloudShell. Its version should match or be within one minor version of your cluster’s Kubernetes version. The AWS Command Line Interface (AWS CLI) version 2.12.3 or later, or version 1.27.160 or later, also needs to be installed and configured on your device or AWS CloudShell.

Create an Amazon EKS Cluster 

To create an EKS cluster, you need an IAM role with the necessary permissions. This role allows EKS to make calls to other AWS services on your behalf. 

  1. Start by creating an IAM trust policy file named eks-cluster-role-trust-policy.json with the following content:
  "Version": "2012-10-17",
  "Statement": [
      "Effect": "Allow",
      "Principal": {
        "Service": ""
      "Action": "sts:AssumeRole"

This JSON file defines a trust relationship allowing the EKS service to assume this role. 

  1. Next, create the IAM role using the AWS CLI and attach the AmazonEKSClusterPolicy managed policy for necessary permissions:
aws iam create-role --role-name exampleEKSClusterRole --assume-role-policy-document file://"eks-cluster-role-trust-policy.json"
aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy --role-name exampleEKSClusterRole
  1. With the IAM role in place, proceed to create your EKS cluster. If using eksctl, ensure it’s updated to version 0.180.0 or later. Execute the following command, replacing placeholders with appropriate values for your setup:
eksctl create cluster --name example-cluster --region region-code --version 1.29 --vpc-private-subnets subnet-ExampleID1,subnet-ExampleID2 --without-nodegroup

This command initiates the creation of an Amazon EKS cluster named my-cluster in your specified region and version, using private subnets you’ve defined. Note that creating a cluster can take several minutes; upon completion, eksctl confirms that your cluster is ready for use.

  1. Enable kubectl communication with your newly created cluster by updating your kubeconfig file:
aws eks update-kubeconfig --region region-code --name example-cluster

This command configures kubectl to interact with your cluster, setting up a new context within your kubeconfig file and ensuring you can manage Kubernetes resources deployed in EKS.

New call-to-action

Update the EKS Cluster 

To update your EKS cluster to a new Kubernetes version:

  1. Start by ensuring your nodes are compatible with the intended upgrade. Check the current Kubernetes version of your cluster’s control plane and nodes. The node groups’ Kubernetes versions must match or be compatible with your control plane’s version to prevent issues during and after the update process. Use these kubectl commands:
    1. For the control plane: kubectl version –short
    2. For the nodes: kubectl get nodes

These commands display the respective Kubernetes versions, enabling a comparison to ensure compatibility before proceeding with the upgrade. 

  1. Proceed with updating your cluster using eksctl, for most users this method is easier compared to AWS Management Console or AWS CLI. Ensure you have eksctl version 0.180.0 or later installed, then execute:
eksctl upgrade cluster --name example-cluster --version 1.30 --approve

This command triggers an update process that might take several minutes, during which new API server nodes are deployed and health checks performed to ensure a successful transition to the new version without impacting running applications.

Optimize application performance.

Save on cloud costs.

Start Now
Back to blog