Containerized applications frequently require access to other services running within the cluster as well as external AWS services, such as Amazon Relational Database Service (RDS).
On AWS, controlling network-level access between services is often accomplished via security groups.
Early versions of EKS only allowed you to assign security groups at the node level. Because all nodes inside a node group share the security group, by attaching the security group to access the RDS instance to the node group in the image below, all the pods running on these nodes would have access to the database even if only the green pod should have access:
Security groups for pods integrate Amazon EC2 security groups with Kubernetes pods. You can use Amazon EC2 security groups to define rules that allow inbound and outbound network traffic to and from pods that you deploy to nodes running on many Amazon EC2 instance types. In this lab, you will learn how to integrate security groups with an EKS cluster to access an RDS database and demonstrate the effect of Pod security groups as shown in the following environment diagram:
Upon completion of this lab, you will be able to:
Familiarity with the following will be beneficial but is not required:
The following content can be used to fulfill the prerequisite:
February 28th, 2023 - Updated to k8s 1.24
Logan has been involved in software development and research since 2007 and has been in the cloud since 2012. He is an AWS Certified DevOps Engineer - Professional, AWS Certified Solutions Architect - Professional, Microsoft Certified Azure Solutions Architect Expert, MCSE: Cloud Platform and Infrastructure, Google Cloud Certified Associate Cloud Engineer, Certified Kubernetes Security Specialist (CKS), Certified Kubernetes Administrator (CKA), Certified Kubernetes Application Developer (CKAD), and Certified OpenStack Administrator (COA). He earned his Ph.D. studying design automation and enjoys all things tech.