Amazon Web Services

Get Kubernetes security, observability, and networking on Amazon Elastic Kubernetes Service (Amazon EKS), and for self-managed Kubernetes on Amazon Elastic Compute Cloud (Amazon EC2)


Calico Cloud gives teams a single pane of glass across multi-cluster and multi-cloud Kubernetes environments to deploy a standard set of egress access controls, enforce consistent security policies for compliance, and easily observe and troubleshoot applications. You can use Calico for both networking and policy management, or policy management only. For example, you can use Calico for policies and use your Amazon EKS Container Network Interface (CNI) for networking.


With AWS and Tigera you can address the three most common use cases for Kubernetes networking, security, and observability in EKS with Calico:

  • Manage egress access: Kubernetes has no built-in capability to enforce network policy. Calico can securely control egress access to external resources with the following:
    • AWS Security Group integration
    • DNS policy
    • Egress Access Gateway
  • Apply existing compliance controls to Kubernetes: Many applications have compliance requirements, such as workload isolation, ensuring developers cannot talk to production, and implementing network zones; for example, microservices in the DMZ can communicate with the public internet but not directly with your backend databases. Calico lets you apply existing compliance controls to your Kubernetes environment to ensure consistency with traditional environments.
  • Observe and Troubleshoot: Detect, identify and resolve the performance hotspots, anomalies and connectivity issues between microservices running on EKS clusters.
  • Unified Controls: Enable security and observability across multi-cluster, multi-cloud and hybrid cloud environments, and provide a single pane of glass to ensure consistent application of security controls across both containers and VMs.

How It Works


Calico provides a common networking and security policy model using Kubernetes constructs like labels and selectors to control and restrict access to specific pods for.

Get Started

Getting started with Calico and Amazon EKS is easy. Everything you need to get up and running is available here:


Learn More

User Guide

Learn More

Calico Open Source and EKS

Learn More


AWS Marketplace

Learn More

Reference Deployment

Learn More


Learn More

Become a Tigera Partner