Amazon EKS enables network access restrictions to Kubernetes cluster public endpoints

Amazon EKS supports public and private endpoints for the Kubernetes API server, which is secured using a combination of AWS Identity and Access Management (IAM) and native Kubernetes Role Based Access Control (RBAC). The private endpoint is accessible only from within your cluster’s VPC. Previously, the public endpoint was open to the internet, and there was no way to restrict clients from making requests to the public endpoint without disabling it.

Now, when the public endpoint is enabled, you can choose to further restrict access by specifying IPv4 address ranges from which connection requests can be made. Any client with an IP address outside this range will not be able to connect to the public endpoint. This access control can be configured using the AWS Console, AWS SDKs, or eksctl.