Amazon Elastic Kubernetes Service (EKS) is a managed service and certified Kubernetes conformant to run Kubernetes on AWS and on-premises.
<aside> 💡
It’s worth noting that most of this guide can be applied to Kubernetes systems regardless of where they’re hosted. Keep in mind that some of the analysis techniques and technical caveats are a result of hosting Kubernetes in AWS, though.
</aside>
<aside> 💡
Most incidents in EKS appear to root back to initial exposure to the internet (either the control or data plane) and misconfiguration. Security hygiene inside images can also be a contributing factor, introducing vulnerabilities and other weaknesses.
</aside>
Kubernetes Security Report: 2025 | Wiz
Tesla investigates claims of crypto-currency hack
“AWS is responsible for the EKS managed Kubernetes control plane and the infrastructure to deliver EKS in a secure and reliable manner. You have the ability to configure EKS and how it interacts with other applications and services, where you are responsible for making sure that secure configurations are being used.” - https://aws.amazon.com/blogs/security/how-to-detect-security-issues-in-amazon-eks-clusters-using-amazon-guardduty-part-1/
https://docs.aws.amazon.com/eks/latest/best-practices/security.html
As per the shared responsibility model; AWS manages the Kubernetes dashboard and control plane through EKS, which includes the ETCD database, Kubernetes clusters, and any other infrastructure service used by AWS to deliver a safe and dependable Kubernetes.
Amazon EKS is an AWS managed service that you can use to run Kubernetes on EC2 instances without needing to install, operate, and maintain your own Kubernetes control plane or nodes.
What is the Kubernetes Data Plane? | Spot.io
Worker nodes (i.e. VMs) on the data plane carries out commands from the control plane and can communicates with each other via the kubelet, while the kube-proxy handles the networking layer.