By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post
/Amazon EKS service IP addresses/

Amazon EKS service IP addresses

3

Hi, where can we find the IPs of the Amazon EKS service? I want to correctly identify a CloudTrail event with the name GetCallerIdentity that is made by the EKS. EKS docs specifies the existence of such event, but on AWS IP ranges there is no EKS service. Insted the IP is in AMAZON and EC2 CIDR like any other EC2 ip.

Thank you!

Topics
ContainersManagement & GovernanceWell-Architected Framework
Tags
Amazon Elastic Kubernetes ServiceAmazon CloudTrailAWS CloudTrailSecurityNetwork Security
Raphael
asked 3 months ago32 views
1 Answers
0

The EKS cluster control plane IP addresses will vary depending on the configuration of the VPC and Subnets where the EKS cluster is configured. The cluster will configure one ENI in each selected subnet, consuming one IP address from the subnet's configured CIDR block. You can view these ENIs from the AWS Management Console, in the EC2 Dashboard, under the Network interfaces section. Keep in mind, that these IP addresses may change due to the cluster upgrades.

harrison
answered 2 months ago
  • Raphael 2 months ago

    I'm aware that the EKS cluster control plane IP addresses will vary. I need a list with the CIDRs used by the EKS control plane, to differentiate in Cloud Trail if an event is from AWS or a bad actor. For: Amazon EKS uses the authentication token to make the sts:GetCallerIdentity call. As a result, AWS CloudTrail events with the name GetCallerIdentity from the source sts.amazonaws.com can have Amazon EKS service IP addresses for their source IP address. I need the Amazon EKS service IP addresses list.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant questions