Our Blog

Amazon EKS enhances cluster governance with new IAM condition keys

Published
April 20, 2026
https://aws.amazon.com/about-aws/whats-new/2026/04/amazon-eks-iam-condition-keys/

Amazon EKS IAM Condition Keys Update

Amazon Elastic Kubernetes Service (EKS) now supports seven additional IAM condition keys for cluster creation and configuration APIs, enhancing governance controls through IAM policies and Service Control Policies (SCPs). This update enables organizations to enforce security and compliance requirements across all clusters in multi-account environments.

New IAM Condition Keys

  • eks:endpointPublicAccess and eks:endpointPrivateAccess for private-only API endpoints
  • eks:encryptionConfigProviderKeyArns for customer-managed AWS KMS keys for secrets encryption
  • eks:kubernetesVersion to restrict clusters to approved Kubernetes versions
  • eks:deletionProtection to mandate deletion protection for production workloads
  • eks:controlPlaneScalingTier to specify control plane scaling tiers
  • eks:zonalShiftEnabled to enable zonal shift capabilities for high availability

These condition keys apply to CreateCluster, UpdateClusterConfig, UpdateClusterVersion, and AssociateEncryptionConfig APIs, integrating with AWS Organizations SCPs for centralized governance.

The new IAM condition keys are available in all AWS Regions where Amazon EKS is available at no additional charge.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2025/11/amazon-braket-spending-limits-feature-quantum-processing-units

Amazon Braket introduces spending limits feature for quantum processing units

Amazon Braket now supports spending limits, enabling customers to set spending caps on quantum processing units (QPUs) to manage costs
Read more
https://aws.amazon.com/about-aws/whats-new/2025/11/aws-transform-vmware-landingzone-configuration-generation

AWS Transform Automates Landing Zone Acceleration Network Configuration

AWS Transform for VMware now allows customers to automatically generate network configurations that can be directly imported into the Landing Zone Accelerator on AWS solution (LZA)
Read more

Why Use Infrastructure as Code?

Infrastructure as Code has become a required aspect of cloud engineering- have you experienced the issues that it can help resolve?
Read more
View all