Amazon EKS now envelope encrypts all Kubernetes API data by default

News

Amazon EKS now provides default envelope encryption for all Kubernetes API data in clusters running Kubernetes version 1.28 or higher, enhancing security for Kubernetes applications.

Uses AWS Key Management Service (KMS) with Kubernetes KMS provider v2
Provides an additional layer of security for Kubernetes API objects
AWS owns the encryption keys by default, but users can bring their own keys
Automatically enabled for EKS clusters running Kubernetes 1.28+
No additional charge and available in all commercial and GovCloud regions

This update represents an improved, managed security approach for Kubernetes cluster data encryption, offering defense-in-depth without requiring customer intervention.

Go to article

The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Jan 24
2025

Amazon EKS and Amazon EKS Distro now supports Kubernetes version 1.32

Dec 26
2024

Amazon EKS introduces programmatic access to Kubernetes version availability

Jan 23
2024

Amazon EKS now supports Kubernetes version 1.29

Jun 4
2025

Amazon EKS add-ons now supports Private CA Connector for Kubernetes

The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.

Amazon EKS now envelope encrypts all Kubernetes API data by default

Related articles