Our Blog

Amazon EKS now supports customer-routed control plane egress

Published
June 18, 2026
https://aws.amazon.com/about-aws/whats-new/2026/06/amazon-eks-customer-routed-control-plane-egress

Amazon EKS Introduces Customer-Routed Control Plane Egress

Amazon EKS now offers customer-routed control plane egress, allowing outbound Kubernetes API server traffic to be routed through your own Amazon VPC. This includes admission webhook callbacks, OpenID Connect (OIDC) provider lookups, and aggregate API server requests. This feature enables organizations with data perimeter requirements, compliance mandates, or private network infrastructure to reach private OIDC providers and webhook servers accessible only within their VPC, and control how that traffic routes through their network.

What to do

  • Set controlPlaneEgressMode to CUSTOMER_ROUTED when creating a new cluster or updating an existing cluster.
  • Use the eks:controlPlaneEgressMode IAM condition key with AWS Organizations Service Control Policies to enforce this configuration organization-wide.

Customer-routed control plane egress is available at no additional cost in all AWS Regions where Amazon EKS is available. To learn more, see Configure control plane egress routing in the Amazon EKS User Guide.

Source: AWS release notes




If you need further guidance on AWS, our experts are available at AWS@westloop.io. You may also reach us by submitting the Contact Us form.

Follow our blog

Get the latest insights and advice on AWS services from our experts.

By clicking Sign Up you're confirming that you agree with our Terms and Conditions.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related posts

Check out other insights from the team at West Loop Strategy.

View all
https://aws.amazon.com/about-aws/whats-new/2026/04/aws-transfer-family-ipv6-connectors-web-apps/

AWS Transfer Family now supports IPv6 for connectors and web apps

AWS Transfer Family announces Internet Protocol version 6 (IPv6) support for SFTP connectors, AS2 connectors, and Transfer Family web apps
Read more
https://aws.amazon.com/about-aws/whats-new/2026/05/aws-organizations-cloudtrail/

AWS Organizations emits CloudTrail events for account membership changes

AWS Organizations now automatically emits CloudTrail events to your management account whenever accounts join or leave your organization
Read more
https://aws.amazon.com/about-aws/whats-new/2026/03/amazon-ec2-r8a-instances-tokyo/

Amazon EC2 R8a instances are now available in Asia Pacific (Tokyo) Region

Starting today, Amazon EC2 R8a instances are now available in Asia Pacific (Tokyo) Region
Read more
View all