This article announces native support for Kubernetes Network Policies in Amazon VPC CNI, enabling fine-grained traffic control in EKS clusters without third-party plugins.

• Amazon VPC CNI now natively enforces Kubernetes Network Policies using eBPF technology
• Replaces iptables with eBPF for better performance and scalability in large clusters
• Three key components: Network Policy Controller, Node Agent, and eBPF SDK
• Supported on EKS clusters running Kubernetes 1.25+ with kernel version 5.10+
• Feature disabled by default; enable via Amazon VPC CNI configuration parameters
• Provides granular pod-to-pod traffic control using labels, namespaces, and IP blocks
• Works alongside security groups for pods as defense-in-depth security layer
• Requires migration from third-party CNI plugins; in-place migration not supported
• Available for self-managed Kubernetes clusters with network policy controller deployment

Amazon VPC CNI network policy support simplifies cluster security by eliminating third-party plugin management while enabling principle-of-least-privilege pod communication controls.