Skip to content

Security

eksctl provides some options that can improve the security of your EKS cluster.

withOIDC

Enable withOIDC to automatically create an IRSA for the amazon CNI plugin and limit permissions granted to nodes in your cluster, instead granting the necessary permissions only to the CNI service account. The background is described in this AWS documentation.

disablePodIMDS

For managed and unmanaged nodegroups, disablePodIMDS option is available prevents all non host networking pods running in this nodegroup from making IMDS requests.

Note

This can not be used together with withAddonPolicies.

Back to top