Amazon EKS Deployment

Suggest Edit

This page includes only Amazon EKS-specific delta steps.

Review the Kubernetes Helm deployment page first, then apply the EKS changes in this guide.

Scope

This guide assumes that the baseline Helm deployment flow is complete, including:

Helm chart setup
base values.yaml preparation
installation and upgrade flow
Gateway admin and permission model

This page focuses on EKS identity integration and EKS-specific values.yaml changes.

Prerequisites

Complete all baseline prerequisites from the main Helm deployment page, and add:

An AWS IAM authentication method in Akeyless.
An EKS IAM role strategy:
- Node IAM role, or
- IAM Roles for Service Accounts (IRSA).
If using IRSA, a role bound to the target Kubernetes ServiceAccount as documented in the EKS IRSA guide.

EKS Identity Delta

Set the Gateway auth type to aws_iam and provide your AWS IAM Access ID:

globalConfig:
  gatewayAuth:
    gatewayAccessId: <AWS IAM Access ID>
    gatewayAccessType: aws_iam
  allowedAccessPermissions: {}

For IRSA, set ServiceAccount annotations with the IAM role ARN:

deployment:
  annotations: {}
  labels: {}

serviceAccount:
    create: true
    serviceAccountName: <EKS ServiceAccount Name>
    annotations:
      eks.amazonaws.com/role-arn: arn:aws:iam::<AWS Account ID>:role/<IAM Role Name>

Validation Delta

After deployment, validate that the Gateway pod uses AWS identity successfully:

Confirm the pod is running:
```
kubectl get pods -n <namespace>
```

If using IRSA, verify the ServiceAccount annotation:

kubectl get sa <EKS ServiceAccount Name> -n <namespace> -o yaml

Validate Gateway connectivity and login through the management endpoint after install.

Related Tasks

For shared Helm install and upgrade commands, use the main Kubernetes Helm deployment page.
For advanced chart settings, use Advanced Kubernetes Configuration.
For TLS configuration, use Configuring TLS.

Updated about 7 hours ago

What’s Next