This workshop has been deprecated and archived. The new Amazon EKS Workshop is now available at

Securing your cluster with network policies

In this chapter, we are going to use two tools to secure our cluster by using network policies and then integrating our cluster’s network policies with EKS security groups.

First we will use Project Calico to enforce Kubernetes network policies in our cluster, protecting our various microservices.

After that, we will use Calico Enterprise to

  • Implement Egress Access Controls to enable your EKS workloads to communicate with other Amazon services (for example: RDS or EC2 instances) or other API endpoints.
  • Troubleshoot microservices that are unable to communicate with each other
  • Implement and report on Enterprise Security Controls in EKS


calico Enterprise