Amazon Web Services and EKS

Tigera and AWS work together to provide active, zero-trust based security for cloud-native applications running on containers and Kubernetes in AWS and Amazon EKS


Calico enables cloud users in Amazon Web Services (AWS) and Amazon EKS to avail of active, zero-trust based security for cloud-native applications running on containerized workloads and in Kubernetes. Its Cloud-Native Application Protection Platform (CNAPP) prevents, detects, troubleshoots, and automatically mitigates exposure risks of security issues in build, deploy, and runtime stages.

AWS and Tigera have native integration benefits of Security Groups, AWS Egress Gateway and, AWS Control Tower.



Protect your container and Kubernetes workloads running on Amazon Elastic Kubernetes Service (EKS) and AWS applications with pod-level access controls


Create and enforce compliance policies in EKS and AWS as per regulatory and organizational requirements

Security & Observability

Identify and resolve connectivity issues and security policy violations between namespaces, microservices, and pods in EKS and AWS

Top Use Cases

Cloud Workload Access Controls

Security teams need to control the flow of data between Kubernetes clusters and external resources, in order to mitigate the risk of unauthorized access to applications and data, exposure of sensitive data such as personally identifiable information (PII), and introduction of malware and ransomware.

Implement pod-level workload access controls and protect containerized environments in AWS and EKS from outside threats, while enabling applications and workloads to securely communicate with resources outside the cluster behind a firewall or other control point.

Regulatory and Compliance

Businesses, subject to corporate and/or regulatory compliance requirements, need to isolate workloads containing sensitive data, or restrict access to specific resources. Auditors need proof of control enforcement, but capturing the information required to show proof is challenging, especially in a dynamic, distributed microservices environment where containers are short lived.

Create compliance policies for any compliance framework including PCI, SOC 2, and more. Continuously monitor compliance for your container, Kubernetes, and cloud environment. Retain a daily history of your compliance status. Generate on-demand or scheduled audit reports.

Faster Troubleshooting

Kubernetes workloads are highly dynamic, ephemeral, and are deployed on a distributed and agile infrastructure. As a result, fast troubleshooting of Kubernetes workloads is challenging. Teams require better visibility, and contextual information for microservices, their dependencies, how they are interconnected, and which other clients and applications access them.

Enable faster troubleshooting of Kubernetes workloads and applications with Dynamic Service Graph, Dynamic Packet Capture, anomaly detection, and performance hotspots, leading to shorter time-to-resolution, less application downtime, and improved quality of service.

Quick Start

Developers and administrators who want to apply security-policy enforcement to ( EKS) or Amazon Elastic Compute Cloud clusters can get started with Calico Cloud in just a few minutes. Calico Cloud provides a rich networking and security policy model for containers and Kubernetes that helps secure communications by controlling traffic flows.

How It Works


Calico provides common networking and security policy model, using Kubernetes constructs like labels and selectors to control and restrict access to specific namespaces, microservices, and pods for Amazon EC2 and EKS.

Key Capabilities

Get Started

Getting started with Calico and Amazon EKS is easy. Everything you need to get up and running is available here:

User Guide

Learn More

Calico Open Source and EKS

Learn More


AWS Marketplace

Learn More

Reference Deployment

Learn More


Learn More

Become a Tigera Partner