Does EKS Auto Mode support Security Groups Per Pod?

EKS Auto Mode does not support Security Groups Per Pod (SGPP). This limitation is explicitly documented by AWS.

EKS Auto Mode is designed to manage most networking components automatically, but it has certain restrictions on the networking features it supports. Security Groups Per Pod is one of the features that is not compatible with EKS Auto Mode.

It's important to note that while EKS Auto Mode doesn't support SGPP, this feature is available in standard EKS deployments. In regular EKS clusters, you can assign security groups to individual pods, allowing for more granular network security control.

If you require the ability to use Security Groups Per Pod, you would need to use a standard EKS deployment rather than EKS Auto Mode. This would give you more flexibility in terms of pod-level network security, but it also means you'd have more networking components to manage manually.

The lack of SGPP support in EKS Auto Mode is likely due to the simplified networking model that Auto Mode employs to reduce operational complexity. While this limitation exists, EKS Auto Mode does support other security features like EKS Network Policies, which can be used to control pod-to-pod communication within the cluster.
Sources
Learn about VPC Networking and Load Balancing in EKS Auto Mode - Amazon EKS
AWS re:Invent 2024 - Securing Kubernetes workloads in Amazon EKS | AWS re:Post