Amazon EKS enables customer-routed control plane egress
Amazon EKS now supports customer-routed control plane egress, allowing Kubernetes API server traffic to flow through your VPC. This enhances security and compliance by enabling control over routing, security groups, and egress paths for sensitive operations like webhook callbacks. It's particularly beneficial for organizations with strict data perimeter requirements or private network infrastructure. The feature is available in all EKS regions at no additional cost, configurable via the controlPlaneEgressMode setting.
- →Route EKS control plane egress through your VPC
- →Enhanced control over egress traffic for security and compliance
- →Configuration and enforcement options
- →Availability and cost
Features (1) ›
- Route EKS control plane egress through your VPC
Amazon EKS introduces customer-routed control plane egress, enabling users to route outbound Kubernetes API server traffic through their own VPC. This applies to traffic such as admission webhook callbacks, OIDC provider lookups, and aggregate API server requests.
Enhancements (1) ›
- Enhanced control over egress traffic for security and compliance
This feature allows organizations to control routing, security groups, and egress paths for sensitive API server traffic. It supports reaching private OIDC providers and webhook servers within a VPC, aiding in meeting data perimeter requirements and compliance mandates.
Notes (2) ›
- Configuration and enforcement options
To enable this feature, set controlPlaneEgressMode to CUSTOMER_ROUTED during cluster creation or update. Organization-wide enforcement can be achieved using the eks:controlPlaneEgressMode IAM condition key with AWS Organizations Service Control Policies.
- Availability and cost
Customer-routed control plane egress is available at no additional cost in all AWS Regions where Amazon EKS is offered. Further details can be found in the Amazon EKS User Guide.
https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-eks-customer-routed-control-plane-egress