---
layout: default
---
## Amazon Elastic Kubernetes Service
| Identifier | Guardrail | Rationale | Remediation | References | IAM Actions |
|:---------------------------------------------------|:----------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------|:-------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| IAM-EKS-1 | Check that the management of your EKS clusters is for authorized principals only. | It is important that access control to the management of your EKS clusters is only performed by your authorized principals. Protect against unauthorized modifications or changes to your EKS clusters by limiting access to only your administrative principals. | | | [eks:CreateCluster](https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateCluster.html)
[eks:CreateFargateProfile](https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateFargateProfile.html)
[eks:CreateNodegroup](https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateNodegroup.html)
[eks:DeleteCluster](https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteCluster.html)
[eks:DeleteFargateProfile](https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteFargateProfile.html)
[eks:DeleteNodegroup](https://docs.aws.amazon.com/eks/latest/APIReference/API_DeleteNodegroup.html)
[eks:TagResource](https://docs.aws.amazon.com/eks/latest/APIReference/API_TagResource.html)
[eks:UntagResource](https://docs.aws.amazon.com/eks/latest/APIReference/API_UntagResource.html)
[eks:UpdateClusterConfig](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateClusterConfig.html)
[eks:UpdateClusterVersion](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateClusterVersion.html)
[eks:UpdateNodegroupConfig](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateNodegroupConfig.html)
[eks:UpdateNodegroupVersion](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateNodegroupVersion.html)
|