====== EKS (Elastic Kubernetes Service) ======

**What it is:** A managed Kubernetes service on AWS.

**What it’s for:**
  * Run Kubernetes workloads with AWS-managed control plane.
  * Integrate Kubernetes with AWS networking and IAM.

**Key ideas:**
  * Core parts:
    * [[aws:containers:eks:cluster|Cluster]]
    * [[aws:containers:eks:nodegroup|Node Group]]
    * [[aws:containers:eks:service-account|Service Account]]
  * For least-privilege AWS permissions for pods, use:
    * [[aws:containers:eks:irsa|IRSA]] + [[aws:containers:eks:oidc|OIDC Provider]]

**Exam cues:**
  * “Kubernetes on AWS” → EKS.
  * “pods need different AWS permissions” → IRSA.

**Hard words:**
  * *control plane* /kənˈtroʊl pleɪn/: lớp điều khiển
  * *workload* /ˈwɝːkloʊd/: workload
  * *integrate* /ˈɪntɪɡreɪt/: tích hợp


**Child pages:**

  *[[.:eks:rbac-vs-iam|RBAC vs IAM Permissions]]