CIS Hardened Image Level 1 on EKS-Optimized Amazon Linux 2

Our usual use cases for Amazon EKS  include IoT applications for edge computing devices, where we deploy some of our proprietary IoT applications to edge devices running in multiple locations, and artificial intelligence deployment to multiple systems, with a couple of them purely on the cloud where we manage bundled infrastructures into Amazon EKS  for several proprietary customers.

The features and capabilities of Amazon EKS that I have found most valuable include the ease of deployment and the interesting part being the cost, which is not as expensive as setting up other cloud infrastructure.

Amazon EKS's support for AWS  tools integration has influenced our application development and management process by being quite easy, with the integration being straightforward. Whenever issues arise, we talk to the support team who provide us with documentation, which is how we basically sort out most of those issues.

Amazon EKS's self-healing nodes help minimize administrative burdens in my organization by being wonderful and seamless, as it reduces the need for a whole lot of people on the team to handle issues, and it has really been seamless for us.

An area of Amazon EKS that could be improved in the future is its use for edge computing, which has been a small issue for us, especially since most of our recent work has been on edge computing applications such as Raspberry Pi and Jetson. If they could integrate things such as K3s, that would really be helpful as K8s feels a little bit bulky for edge computing deployment.

I have been working with Amazon EKS since last year, when we started moving some of our solutions to AWS  EKS.

My experience with the stability and reliability of Amazon EKS has been very positive, with only a couple of intermittent shutdowns previously, but recently there have been no issues at all.

My impression of Amazon EKS's scalability has been positive, though we have not done very large-scale deployments. Most of what we've done has been on a much smaller but continuous scaling for multiple systems, and there has not been an issue on that aspect so far, although we haven't scaled up to a million or five million devices yet.

I often communicate with Amazon EKS technical support, as they have been our main go-to people.

An example of my interaction with Amazon EKS technical support was during the initial setup when we talked with them, and they provided us an easier route by suggesting how we should bundle our solutions in Docker  for easy deployment.

Positive

Before Amazon EKS, I did not use a different solution for these use cases, as our path has always been with Amazon EKS.

My experience with the initial setup of Amazon EKS was straightforward with no challenges at all on my part, although the interns might complain about some snags. It's basically about studying the documentation.

My setup process involves building the application on GitHub , bundling it in Docker , and connecting with Amazon EKS.

I have seen a return on investment with Amazon EKS for time, as it has helped me save a significant amount of time. However, the cost side has not been as positive since some of the applications run in dollars, leading to complaints from customers and ourselves about the cost, particularly when providing services to customers across Nigeria and some African countries. The return on investment has not been great due to the foreign exchange rate, but for time savings, it has been wonderful in helping with deployment.

My opinion on the pricing and licensing of Amazon EKS is that it is quite varied, especially when doing projects in the African continent. It's quite expensive considering the local currency with respect to the conversions to dollars or euros, and if this could be lowered, it would help more deployments on our side with Amazon EKS.

Before choosing Amazon EKS, I evaluated other options or technologies, including Kubernetes  on AWS, Google Cloud , and Microsoft Azure , but most of our experiences came from AWS, so we stayed with AWS.

I have not utilized Amazon EKS's integration with IAM  solution.

I have not encountered specific benefits using Amazon EKS's automated patching feature for my Kubernetes  clusters, but it has been satisfactory as we haven't actually had many issues with using Kubernetes.

The impact of Amazon EKS on my organization's ability to manage complex workflows effectively has been purely managed by my colleague, and it has been quite seamless with no issues on that particular aspect.

Some of the benefits and positive impact that I have received from Amazon EKS include getting cloud credits through Activate and certain deployments around migration, which have been quite beneficial, along with business support credit and support during certain issues. During the initial times of integrations and migrations, AWS connected us with more specialists in different locales with much more experience while also paying for their services.

Based on my overall experience with Amazon EKS, I would rate it an eight out of ten due to the lack of K3s from Rancher.

Our use cases for Amazon EKS  include deploying and managing microservice-based applications, where Kubernetes  excels at orchestrating microservices and Amazon EKS  handles the heavy lifting of managing the control plane. We also use it for application modernization such as migrating legacy applications to containers and for hybrid and multi-cloud deployments, running Kubernetes  workloads across on-premise and cloud environments. Additionally, we run secure and compliant workloads that require strict security and compliances, utilizing AWS  IAM , VPC, and security services.

Furthermore, we leverage CI/CD pipelines to automate build, test, and deployment processes, and for machine learning, we implement SageMaker .

The most valuable features of Amazon EKS are the managed Kubernetes control plane, where AWS  handles the provisioning, scaling, and maintenance, ensuring high availability and automatic patching. Integrations with AWS services offer seamless access such as IAM  for access control, CloudWatch for monitoring, ELB and ALB for load balancing, and storage options including EBS, EFS, and S3 . In terms of security and compliance, we utilize fine-grained access control through IAM  role service accounts, support for private clusters, and network policies.

Amazon EKS supports both EC2  for full control over nodes and Fargate for serverless Kubernetes pods.

The positive impacts I have seen from using Amazon EKS include enhanced security and compliance with a managed control plane, automatic patching, updates, IAM  integration for secure access to AWS services, private clusters, network policies, and encryption options. Additionally, I experience operational efficiency, scalability, performance, developer productivity, flexibility, portability, and observability and monitoring through CloudWatch, Prometheus, Grafana , and OpenTelemetry , which assists in troubleshooting issues and optimizing resources, ultimately leading to cost optimization.

Areas for improvement within Amazon EKS include the management of infrastructure. Prior to using Amazon EKS, we handled manual provisioning, patching, and scaling of our Kubernetes cluster, but now AWS manages control plane operations, automatic patching, and scaling, which has reduced our operational burden and resulted in fewer infrastructure-related incidents.

I believe only operational management could be improved in the next releases of Amazon EKS.

When it comes to stability and reliability in Amazon EKS, the reliability of the control plane managed by AWS is paramount, running across three availability zones in each region to ensure high availability and fault tolerance. AWS also automatically manages the scalability and health of crucial components such as the Kubernetes API server and etcd cluster. We have options for worker nodes, including auto mode, Fargate, managed node groups, and self-managed nodes, ensuring data plane reliability.

Regarding scalability in Amazon EKS, we see managed node groups and Fargate profiles, where we can automatically scale the number of EC2  instances in a node group using Cluster Autoscaler or Karpenter. For serverless pods, Amazon EKS can scale without managing EC2 nodes, and we can utilize horizontal pod auto-scaling based on CPU, memory, or custom metrics, along with support for cluster limits, multi-cluster, and multi-region load scalability.

Amazon EKS is highly scalable, showing improvement in areas such as infrastructure management, security, and cost efficiency, with features such as auto-scaling for pods and nodes, making it suitable for bursty and high-demand workloads.

Before using Amazon EKS, we relied on self-managed Kubernetes on EC2 as well as Docker  Swarm for our workloads.

We decided to switch from Docker  Swarm to Amazon EKS because it is a managed service that simplifies the handling of complex scalable and modern application workflows.

Setting up Amazon EKS for the first time involves prerequisites such as installing and configuring the Amazon CLI, then installing `kubectl`, and while `eksctl` is optional, I install it for easier setup. IAM permissions are also needed to create EKS resources.

My experience with the initial setup has been straightforward, and I did not face any challenges so far, especially with `eksctl`, although there are common challenges such as IAM role configuration, network complexity, and cluster access control.

We have managed to estimate savings of around 20 to 40% using Amazon EKS, specifically achieving savings on Fargate ranging from $30 to $45 per month based on our usage.

I consider Amazon EKS to be an affordable product overall.

Before choosing Amazon EKS, I did not evaluate other solutions as I found it to be the best one for us after checking the market.

The integration of Amazon EKS with IAM enhances our authentication process as IAM users or roles can be granted access to the Kubernetes API server, managed via the AWS Auth ConfigMap in the EKS cluster, allowing us to map IAM roles or users to Kubernetes RBAC roles.

When it comes to Amazon EKS integrating IAM into application development, we utilize IAM roles for service accounts that allow our application pods to securely access services such as S3  and DynamoDB without storing credentials. We first create a Kubernetes service account and associate it with IAM roles using annotations, enabling the pod to use this role to access AWS services via temporary credentials, providing a significant developer benefit by eliminating the need to manage secrets manually and ensuring access is secure and scoped per pod.

The benefits of Amazon EKS's automated patching feature for our Kubernetes clusters primarily include improved security through the automatic application of critical security patches to the control plane and worker nodes, which reduces exposure to known vulnerabilities such as CVEs and ensures compliance with security standards. A second benefit is the reduction of operational overhead, and thirdly, enhanced cluster stability, minimized downtime, and consistency across environments. With intelligent patch management, Amazon EKS often tests patches before release.

When it comes to managing complex workflows effectively on Amazon EKS, I find that it simplifies infrastructure management by abstracting away the complexity of managing Kubernetes control planes, allowing us not to worry about patching, scaling, or securing the master nodes. It also supports scalability for high-demand applications with auto-scaling features for both pods and nodes and provides enterprise-grade security.

I utilize the AWS EKS official documentation, accessible via docs.aws.amazon.com.

My impression of the documentation is that it is very easy to learn from scratch, making it accessible even for beginners, as it is comprehensive, well-structured, and production-ready. Especially for developers and DevOps engineers such as myself, we find the user guide, best practice guide, API reference, CI tools, and workshops to be highly reliable, developer-friendly, scalable, and flexible for deployment needs.

On a scale of 1-10, I rate Amazon EKS an 8.

I have been working in my current field since I work in the cloud, and I worked for AWS  and for Amazon EKS  because all of my customers are using Amazon EKS  or application container solutions.

My use cases for Amazon EKS involve working for an AWS  partner, one of the biggest in LATAM, where we have many customers or clients around the world with different solutions. I have a client that had many applications in Amazon EKS, and I had the full administration of the cluster. I manage not only networking, pods, or resources but also security, monitoring, the billing for the expenses, access to the cluster, and to the AWS account. I think that is a big field that I can handle within Amazon EKS.

What I appreciate most about Amazon EKS is that I use tools such as Datadog  for monitoring and reporting, and if I have a problem with the cost, I use Prometheus, Grafana , and Loki, as this Prometheus package is cheaper than Datadog . I use Helm to install packages or applications, making it easier and secure to install, uninstall, or update them. I also use Argo CD for CI/CD workflows. In general, these are the main package solutions that I use for Amazon EKS.

Regarding the downsides of Amazon EKS, I remember a case where I used a network add-on different from what is provided by AWS because the pods request one IP address for each pod. The solution had many pods, and the blocks in the VPC were limited. I didn't have enough addresses to assign to the pods, and I had to change the add-on to handle the IP address using another third-party solution not from AWS. This was one of the first challenges I encountered with Amazon EKS.

Since then, AWS still hasn't fixed this issue or given me an opportunity to use the IPs that I needed.

Basically, the problem was that we did not have enough IP addresses for the pods, and we had to change the network add-on in Amazon EKS.

I have been using Amazon EKS in my career for three and a half years since I worked in the cloud.

It took me approximately one month to learn how to use Amazon EKS. The tricky part was implementing Amazon EKS cluster completely from Terraform , as creating all of the resources is challenging. If you create the cluster from the AWS console, many resources are created behind the scenes, but in Terraform , you must create each resource one by one, which was quite difficult. Overall, it took about one month.

Regarding stability, I have not experienced any lagging, crashing, downtime, or instability with Amazon EKS. I think that Amazon EKS, and Kubernetes  in general, is stable. I have had problems with billing because it's expensive, but not with stability.

When it comes to scalability, I use Carpenter with Amazon EKS because it is a tool that offers significant granularity for configuration, and it works really well and fast. The inherent scalability of Kubernetes  is not the best for me based on resources, but Carpenter works really nicely.

I have contacted the technical support of Amazon EKS when I had issues with the IP addresses, and they helped me solve it by installing another network add-on. On a scale from 1 to 10, I would give the support of Amazon EKS a nine because it was nice and fast.

Positive

I have used a direct alternative to Amazon EKS, which is ECS in AWS. I have many clients using ECS, Elastic Container Service, which is the native service for containers in AWS. It's not the same as Amazon EKS; it's another orchestrator, but it works fine when your application is not big.

The initial deployment with Amazon EKS was easy, but I remember that my first deployment was done with a YAML file, just using kubectl. I used kubectl run and the YAML file, and after that, I learned about Argo CD, which made the process much easier.

Amazon EKS does require maintenance on my end. Last year, Kubernetes had many updates, which was a difficult task. This is why I use Helm to install all of the applications in the cluster. If the application is built for you, you can create the Helm chart for this application and install it using this tool. I think that is the best option when you need to update the cluster. I know that AWS now offers many new applications add-ons included in the console, making it easier, but I still think that maintenance is one of the most complicated aspects of the cluster.

On a scale of 1-10, I rate Amazon EKS a nine.

We use Amazon EKS  for hosting our applications. It is also a version of compute service with its own perks. Amazon EKS  is built on Kubernetes . Kubernetes  is complex and is not something used for basic or simple applications due to its complex nature. It is really meant for complex apps such as banking applications or AI-enabled applications that have many services.

When dealing with microservices, if an application has around 20 microservices, then Kubernetes generally begins to make sense. Then it becomes a question of whether to host it on Amazon EKS, Azure  Kubernetes Services, or Google Kubernetes Engine . That is basically what we use Amazon EKS for.

Amazon EKS is fairly reliable. The latest feature that was added last year, Amazon EKS auto mode, helps manage compute instances and EC2  instances. Amazon EKS auto mode is a very good addition as it helps reduce stress since users do not have to worry about upgrading Kubernetes versions. For example, when Kubernetes 1.34 is released, Amazon EKS handles the upgrade automatically.

Another beneficial feature of Amazon EKS is the Fargate offering. It helps run some compute instances on AWS Fargate , which means they only run when needed. Unlike typical EC2  instances that keep running once turned on, with Fargate, charges only apply when someone visits that service. For instance, in a banking app with multiple services, including a reviews service, Fargate can be utilized to ensure charges only occur when someone actually uses the review feature.

Amazon EKS is fairly stable and highly available. Once configured properly, it requires minimal maintenance. It integrates effectively with other services such as API Gateway, security groups, and load balancers.

The integration capabilities could be improved compared to Azure . While AWS  services are integrated with Amazon EKS, there is room for enhancement.

For example, Azure DevOps  provides better pipeline integration. When writing pipelines in Azure DevOps , users can easily import various built-in tasks into pipeline YAML files, such as kubectl tasks or native Kubernetes plugins, once a service connection to Azure is created.

We encountered challenges with WebSocket integration when implementing chat functionality on Amazon EKS. The chat service, which was part of our microservices running on Amazon EKS, needed to be exposed on application load balancer. Despite both application load balancer and network load balancer having native WebSocket integration on AWS , the connections were unstable. This required extensive tweaking of network load balancer configurations to manage API calls through the API Gateway. AWS could improve WebSocket integration across API Gateway, network load balancer, and Amazon EKS.

We have not used it recently because we prefer to make patches ourselves.

When auto mode is enabled, self-healing functionality becomes active. If a node encounters issues or someone makes incorrect configurations, Amazon EKS automatically resets it to maintain standard configurations. This is particularly useful when someone SSH's into Amazon EKS instances and modifies Linux kernel configurations, as the self-healing node resets it to normal, helping reduce administrative burden.

We only escalated questions regarding increasing CPU and memory allocations for Fargate. We contacted AWS through their service quota system. The process required submitting a request with justification for increasing the quota for CPU and memory on Fargate. The resolution was quick after providing a brief justification for the quota increase.

Positive

The setup process is very straightforward.

When considering Amazon EKS, it is important to use Infrastructure as Code  (IAC), not just Terraform . Having a repeatable configuration of infrastructure as code is essential for creating clusters, as manual cluster creation is not common in professional production environments.

It is crucial to consider Fargate carefully, as it can help save costs. Fargate is particularly useful when parts of an application or the entire application are not used constantly, as it can reduce costs compared to running on EC2 instances.

On a scale of 1-10, this solution rates as an 8.

The main use cases for Amazon EKS  are that we use it normally in some new projects to optimize our costs. Instead of having many ECS services running, we prefer to set up a Kubernetes  cluster and set everything there. For me, it is primarily for optimizing our resources.

What I find valuable about Amazon EKS  is that it helps us manage all the Kubernetes . It isn't the workload, it is the main part of the Kubernetes, the head of all the cluster. Automatic updates are available, and we can set everything we created in AWS  in Kubernetes, including IAM  configuration. We can create policies such as creating a private endpoint for S3 . The integration of Kubernetes with the AWS  ecosystem is the best feature that Amazon EKS provides.

The IAM  integration in Amazon EKS helps enhance the authentication processes because we can do this in a more granular way. Using IAM , you can set exactly what the service needs. If a service or application needs to upload objects or data to S3 , connect to RDS , or perform other tasks, using IAM  is the easiest way. The benefit is that it works in a granular way and it's easy to set up and validate. When you examine the permissions and rules to ensure everything has the correct permission at the correct moment, using IAM is perfect because you can validate and set up everything effectively.

Amazon EKS's support for different AWS tools integrations has accelerated our application development because we can think about all aspects comprehensively. We can architect using AWS services and objects, and Amazon EKS accepts this seamlessly. We don't need to translate the idea for AWS. We can write this idea using AWS objects and services, and Amazon EKS corresponds to that. It accelerates projects and is easy to manage because we can use Terraform  to implement it.

I am using the self-healing nodes in the Amazon EKS solution. We have a client with a production workload running on spot instances. When a spot or node crashes, Amazon EKS starts a new node and moves everything before the node stopped. This self-healing is excellent because we don't experience disruptions. We don't face situations where a node stops and we need five minutes to start a new one. We use it in specific environments and can observe the difference when enabling or disabling Amazon EKS self-healing.

We are utilizing the automated patching in Amazon EKS. The valuable benefits I have experienced using the automated patching feature for the Kubernetes clusters directly increase security. Kubernetes typically releases patches focused on security rather than new features. It's beneficial because we can focus on our work without constantly thinking about new patch releases or upgrade deployments. Amazon EKS handles this automatically for us.

We face some issues with Amazon EKS when using the node group to control which nodes can start. We have a limitation where we need to set just one kind of instance - only large instances, only small instances, or only extra-large instances. This is a problem. It would be beneficial if we could specify that certain containers or services start on small instances rather than large ones.

I am uncertain whether Amazon EKS supports all LTS versions, and I think this would be something beneficial. Additionally, AWS has great AI features, so when we need to make updates to Amazon EKS, it would be helpful if AI could assist with planning, identifying migration requirements, and considering costs.

I have been working with Amazon EKS for about two years in production. Including study time and other experiences, I have been involved with it for approximately four years.

I faced challenges in the initial stages with Amazon EKS. The main challenge is that when we set up the cluster, it appears as a huge infrastructure just for a small application. When you set up Amazon EKS, it is configured at a large scale by default. You can't start small and gradually expand. This makes sense because for smaller applications, ECS works effectively. If you want a more integrated ecosystem, you can use Amazon EKS. The challenge lies in migrating everything, as you can't start using Amazon EKS on a small scale. It typically requires a big cluster with one, two, or three nodes. We also faced challenges with developers needing to adapt their mindset to the new way of doing things.

I have escalated questions to the technical support of Amazon EKS two or three times, and they always provided good solutions. When we don't understand the questions, we schedule a call to demonstrate the issue, and we always receive the correct answer.

I reached out for technical support with Amazon EKS because we faced issues starting a service. The way we declared the services was incorrect, but we weren't aware of this. We called AWS support for assistance. Another issue involved a security problem that we identified and reported to AWS.

I would rate the technical support of Amazon EKS a 10. The documentation is good, and when human interaction is needed, it's readily available.

Positive

From my perspective, I don't see any disadvantages of Amazon EKS compared to competitors in the market. Amazon EKS represents the state of the art. While Google has a powerful engine that offers more granular control, the additional configuration can be overwhelming. Amazon EKS balances the power of custom configuration with ease of setup.

I find the pricing of Amazon EKS complicated because I live in Brazil, where we use reals. With the exchange rate and taxes, the price appears six times higher. However, when viewed in dollars, it offers great features at reasonable pricing. Lower prices are always beneficial, and a reduction in hourly cost or promotional discounts would be appreciated, but the current price-to-benefit ratio is worthwhile.

My advice to other organizations considering Amazon EKS for their environment is to plan carefully. I strongly recommend planning and reading the documentation because Amazon EKS is resourceful and typically offers multiple ways to accomplish the same task. Careful planning, reviewing case studies for comparison, and thoughtful migration to Amazon EKS are worthwhile investments. Overall, I rate Amazon EKS a 9 out of 10.