Amazon EKS - Managed Kubernetes That Actually Works

Amazon EKS is AWS's managed Kubernetes offering that costs $0.10/hour ($73/month) just for the control plane before you even run a single pod. Launched in 2018 after everyone begged AWS to stop making us choose between self-hosting Kubernetes or using their proprietary ECS bullshit.

The deal is simple: AWS runs the master nodes (API server, etcd, scheduler, controller-manager) across multiple AZs so they don't fail, and you handle everything else. It's not "eliminating operational complexity" - you still need to understand VPCs, security groups, IAM roles, CNI plugins, and why your pods keep getting OOMKilled. But at least when the control plane breaks, you can blame AWS instead of your teammate who thought editing etcd directly was a good idea.

How EKS Actually Works

EKS runs the Kubernetes control plane in AWS's account while your worker nodes run in your VPC. The masters live in a service VPC you can't access. Great when it works, nightmare when AWS breaks something and you can't debug it.

Your worker nodes can be:

• EC2 instances: You manage the OS, security patches, and get to debug why kubelet won't start after the latest AMI update
• Fargate: AWS manages everything but charges you 4x more and takes 30+ seconds to cold start, making it useless for anything latency-sensitive
• Hybrid Nodes: Run on-premises if you enjoy the complexity of both cloud and on-prem simultaneously

Pro tip: Start with EC2 unless you really hate managing servers. Fargate sounds great until you realize every pod restart is a 30-second timeout waiting for AWS to find you a server.

Why Use EKS Instead of DIY Kubernetes

It's Actually Kubernetes: EKS is CNCF certified, so your kubectl commands work and you're not learning another AWS-specific API. Your Helm charts won't randomly break because AWS decided to "improve" the Kubernetes API.

AWS Integration That Actually Helps: The IAM integration is solid once you figure out the RBAC mapping (plan 2-3 hours for this). EBS volumes just work, ALBs can route to your services without hacking ingress controllers, and VPC networking mostly makes sense if you already understand AWS networking.

Security You Don't Have to Think About: Control plane gets patched automatically, etcd is encrypted, API server has TLS, and you can integrate with AWS security theater like GuardDuty if your compliance team demands it. Pod Security Standards work, network policies work, and you don't have to convince your security team that you've hardened everything correctly.

EKS Auto Mode: AWS Picks Your Servers

Launched in late 2024, EKS Auto Mode is AWS's attempt to manage even more of your infrastructure. They pick your EC2 instance types, configure your networking, and manage storage - basically Fargate but with EC2 instances you can't see.

It sounds amazing until you need a specific instance type, want to tune networking performance, or need to install custom drivers. Auto Mode is great for "just run my app" workloads but terrible when you need control. The cost savings are real (20-40% reduction in compute costs) but you're trading flexibility for AWS magic.

When to use it: Microservices that don't care about the underlying infrastructure
When to avoid it: Anything that needs custom AMIs, specific instance families, or non-standard networking setups

EKS works best when you're already neck-deep in AWS and need Kubernetes without the operational nightmare of running masters. It's expensive but solid - here's when the math works out.

Your Three Choices (Each With Different Pain Points)

EC2 Managed Node Groups: You get real servers with SSH access and full control. AWS handles the AMI updates and instance replacement dance, but you're still responsible when the kubelet crashes or disk fills up. Use this unless you have a compelling reason not to.

Fargate: Serverless containers that take 30+ seconds to cold start and cost 4x more than EC2. Great for batch jobs and demos, terrible for web apps that need to respond quickly. AWS provisions exactly what you request - no sharing, no cost savings from utilization.

Hybrid Nodes: Run EKS on your own hardware if you enjoy combining cloud complexity with datacenter management. Useful for data residency requirements or when you need local processing, but you're essentially running two infrastructure stacks simultaneously.

When People Actually Use EKS

ML Training: GPUs are expensive and you want to burst from zero to 100 instances when training starts. EKS with spot instances can cut your training costs by 70%, but you need to handle spot interruptions gracefully. SageMaker is easier but more expensive.

Legacy Migration: You have a bunch of services running on EC2 and want to containerize gradually. EKS lets you move piece by piece without rebuilding everything, but expect IAM role mapping to take weeks to get right.

Multi-Environment Deployment: EKS Anywhere actually works for running the same Kubernetes distribution everywhere. It's one of AWS's better products, but you're still managing servers in your datacenter alongside cloud infrastructure.

Who Actually Pays For This

Financial Companies: Banks use EKS because AWS has SOC 2 compliance and they're already paying Amazon billions. The audit checkboxes get ticked automatically. Actual compliance still requires work, but the paper trail is easier.

Startups on AWS Credits: When you have $100k in AWS credits, the $73/month control plane cost doesn't matter. Just don't be surprised when the free money runs out and your bill becomes real.

Enterprises Avoiding Multi-Cloud: If you're all-in on AWS anyway, EKS integrates better than running GKE or AKS. We moved to EKS after spending 6 months trying to get our security team to approve self-managed Kubernetes. EKS checked their compliance boxes immediately.

Making EKS Less Expensive (It's Still Expensive)

Spot Instances: EC2 Spot can save 70-90% on compute, but instances disappear with 2 minutes notice. Great for batch jobs, terrible for databases. Your app needs to handle nodes vanishing randomly.

Auto Mode: AWS picks your instance types and you save 20-40% on compute costs. Auto Mode saved us about $400/month on a medium cluster, but we had to give up our custom AMI with the security agents our compliance team demanded.

Storage Reality Check: EBS is solid but expensive ($0.10/GB/month). EFS is convenient but slow and really expensive ($0.30/GB/month). Use EBS for databases, EFS only when you actually need shared storage across multiple pods.

Don't Use EKS For: Single containers (use Lambda), simple web apps with < 1000 users (use Elastic Beanstalk), or anything that runs fine on a single server (use EC2). The $73/month minimum makes EKS economics terrible for small workloads.