Amazon EKS enhances cluster governance with new IAM condition keys

Amazon Web Services has expanded Amazon Elastic Kubernetes Service (EKS) with seven new IAM condition keys that provide enhanced governance controls for cluster creation and configuration. The new condition keys enable organizations to enforce specific security and compliance requirements through IAM policies and Service Control Policies, including mandating private-only API endpoints, requiring customer-managed KMS keys for encryption, restricting Kubernetes versions, and enabling deletion protection for production workloads. The condition keys apply to core EKS APIs including CreateCluster, UpdateClusterConfig, UpdateClusterVersion, and AssociateEncryptionConfig, allowing administrators to establish proactive guardrails rather than relying on post-deployment validation. Organizations can now centrally enforce policies across multi-account environments through AWS Organizations SCPs, with granular control over endpoint access configuration, encryption key management, control plane scaling tiers, and zonal shift capabilities for high availability scenarios. The enhanced IAM condition keys are immediately available across all AWS regions where EKS operates at no additional cost, integrating with existing AWS identity and access management frameworks to provide centralized governance for Kubernetes cluster deployments.