eksctl provides some options that can improve the security of your EKS cluster.
withOIDC to automatically create an IRSA for the amazon CNI plugin and
limit permissions granted to nodes in your cluster, instead granting the necessary permissions
only to the CNI service account. The background is described in this AWS
For managed and unmanaged nodegroups,
disablePodIMDS option is available prevents all
non host networking pods running in this nodegroup from making IMDS requests.
This can not be used together with