**Help improve this page**
To contribute to this user guide, choose the **Edit this page on GitHub** link that is located in the right pane of every page.
# Create a cluster with Amazon EKS Auto Mode
This chapter explains how to create an Amazon EKS cluster with Auto Mode enabled using various tools and interfaces. Auto Mode simplifies cluster creation by automatically configuring and managing the cluster’s compute, networking, and storage infrastructure. You’ll learn how to create an Auto Mode cluster using the AWS CLI, AWS Management Console, or the eksctl command line tool.
**Note**
EKS Auto Mode requires Kubernetes version 1.29 or greater.
Choose your preferred tool based on your needs: The AWS Management Console provides a visual interface ideal for learning about EKS Auto Mode features and creating individual clusters. The AWS CLI is best suited for scripting and automation tasks, particularly when integrating cluster creation into existing workflows or CI/CD pipelines. The eksctl CLI offers a Kubernetes-native experience and is recommended for users familiar with Kubernetes tooling who want simplified command line operations with sensible defaults.
Before you begin, ensure you have the necessary prerequisites installed and configured, including appropriate IAM permissions to create EKS clusters. To learn how to install CLI tools such as `kubectl`, `aws`, and `eksctl`, see [Set up to use Amazon EKS](setting-up.md).
You can use the AWS CLI, AWS Management Console, or eksctl CLI to create a cluster with Amazon EKS Auto Mode.
**Topics**
+ [
# Create an EKS Auto Mode Cluster with the eksctl CLI
](automode-get-started-eksctl.md)
+ [
# Create an EKS Auto Mode Cluster with the AWS CLI
](automode-get-started-cli.md)
+ [
# Create an EKS Auto Mode Cluster with the AWS Management Console
](automode-get-started-console.md)
# Create an EKS Auto Mode Cluster with the eksctl CLI
This topic shows you how to create an Amazon EKS Auto Mode cluster using the eksctl command line interface (CLI). You can create an Auto Mode cluster either by running a single CLI command or by applying a YAML configuration file. Both methods provide the same functionality, with the YAML approach offering more granular control over cluster settings.
The eksctl CLI simplifies the process of creating and managing EKS Auto Mode clusters by handling the underlying AWS resource creation and configuration. Before proceeding, ensure you have the necessary AWS credentials and permissions configured on your local machine. This guide assumes you’re familiar with basic Amazon EKS concepts and have already installed the required CLI tools.
**Note**
You must install version `0.195.0` or greater of eksctl. For more information, see [eksctl releases](https://github.com/eksctl-io/eksctl/releases) on GitHub.
## Create an EKS Auto Mode cluster with a CLI command
You must have the `aws` and `eksctl` tools installed. You must be logged into the AWS CLI with sufficient permissions to manage AWS resources including: EC2 instances, EC2 networking, EKS clusters, and IAM roles. For more information, see [Set up to use Amazon EKS](setting-up.md).
Run the following command to create a new EKS Auto Mode cluster with
```
eksctl create cluster --name= --enable-auto-mode
```
## Create an EKS Auto Mode cluster with a YAML file
You must have the `aws` and `eksctl` tools installed. You must be logged into the AWS CLI with sufficient permissions to manage AWS resources including: EC2 instances, EC2 networking, EKS clusters, and IAM roles. For more information, see [Set up to use Amazon EKS](setting-up.md).
Review the EKS Auto Mode configuration options in the sample ClusterConfig resource below. For the full ClusterConfig specification, see the [eksctl documentation](https://eksctl.io/usage/creating-and-managing-clusters/).
AWS suggests enabling EKS Auto Mode. If this is your first time creating an EKS Auto Mode cluster, leave the `nodeRoleARN` unspecified to create a Node IAM Role for EKS Auto Mode. If you already have a Node IAM Role in your AWS account, AWS suggests reusing it.
AWS suggests not specifying any value for `nodePools`. EKS Auto Mode will create default node pools. You can use the Kubernetes API to create additional node pools.
```
# cluster.yaml
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name:
region:
iam:
# ARN of the Cluster IAM Role
# optional, eksctl creates a new role if not supplied
# suggested to use one Cluster IAM Role per account
serviceRoleARN:
autoModeConfig:
# defaults to false
enabled: boolean
# optional, defaults to [general-purpose, system].
# suggested to leave unspecified
# To disable creation of nodePools, set it to the empty array ([]).
nodePools: []string
# optional, eksctl creates a new role if this is not supplied
# and nodePools are present.
nodeRoleARN: string
```
Save the `ClusterConfig` file as `cluster.yaml`, and use the following command to create the cluster:
```
eksctl create cluster -f cluster.yaml
```
# Create an EKS Auto Mode Cluster with the AWS CLI
EKS Auto Mode Clusters automate routine cluster management tasks for compute, storage, and networking. For example, EKS Auto Mode Clusters automatically detect when additional nodes are required and provision new EC2 instances to meet workload demands.
This topic guides you through creating a new EKS Auto Mode Cluster using the AWS CLI and optionally deploying a sample workload.
## Prerequisites
+ The latest version of the AWS Command Line Interface (AWS CLI) installed and configured on your device. To check your current version, use `aws --version`. To install the latest version, see [Installing](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html) and [Quick configuration](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-configure.html#cli-configure-quickstart-config) with aws configure in the AWS Command Line Interface User Guide.
+ Login to the CLI with sufficient IAM permissions to create AWS resources including IAM Policies, IAM Roles, and EKS Clusters.
+ The kubectl command line tool installed on your device. AWS suggests you use the same kubectl version as the Kubernetes version of your EKS Cluster. To install or upgrade kubectl, see [Set up `kubectl` and `eksctl`](install-kubectl.md).
## Specify VPC subnets
Amazon EKS Auto Mode deploy nodes to VPC subnets. When creating an EKS cluster, you must specify the VPC subnets where the nodes will be deployed. You can use the default VPC subnets in your AWS account or create a dedicated VPC for critical workloads.
+ AWS suggests creating a dedicated VPC for your cluster. Learn how to [Create an Amazon VPC for your Amazon EKS cluster](creating-a-vpc.md).
+ The EKS Console assists with creating a new VPC. Learn how to [Create an EKS Auto Mode Cluster with the AWS Management Console](automode-get-started-console.md).
+ Alternatively, you can use the default VPC of your AWS account. Use the following instructions to find the Subnet IDs.
### To find the Subnet IDs of your default VPC
**Using the AWS CLI:**
1. Run the following command to list the default VPC and its subnets:
```
aws ec2 describe-subnets --filters "Name=vpc-id,Values=$(aws ec2 describe-vpcs --query 'Vpcs[?IsDefault==`true`].VpcId' --output text)" --query 'Subnets[*].{ID:SubnetId,AZ:AvailabilityZone}' --output table
```
1. Save the output and note the **Subnet IDs**.
Sample output:
```
----------------------------------------
| DescribeSubnets |
----------------------------------------
| SubnetId | AvailabilityZone |
|--------------------|---------------------|
| subnet-012345678 | us-west-2a |
| subnet-234567890 | us-west-2b |
| subnet-345678901 | us-west-2c |
----------------------------------------
```
## IAM Roles for EKS Auto Mode Clusters
### Cluster IAM Role
EKS Auto Mode requires a Cluster IAM Role to perform actions in your AWS account, such as provisioning new EC2 instances. You must create this role to grant EKS the necessary permissions. AWS recommends attaching the following AWS managed policies to the Cluster IAM Role:
+ [AmazonEKSComputePolicy](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonEKSComputePolicy)
+ [AmazonEKSBlockStoragePolicy](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonEKSBlockStoragePolicy)
+ [AmazonEKSLoadBalancingPolicy](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonEKSLoadBalancingPolicy)
+ [AmazonEKSNetworkingPolicy](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonEKSNetworkingPolicy)
+ [AmazonEKSClusterPolicy](security-iam-awsmanpol.md#security-iam-awsmanpol-amazoneksclusterpolicy)
### Node IAM Role
When you create an EKS Auto Mode cluster, you specify a Node IAM Role. When EKS Auto Mode creates nodes to process pending workloads, each new EC2 instance node is assigned the Node IAM Role. This role allows the node to communicate with EKS but is generally not accessed by workloads running on the node.
If you want to grant permissions to workloads running on a node, use EKS Pod Identity. For more information, see [Learn how EKS Pod Identity grants pods access to AWS services](pod-identities.md).
You must create this role and attach the following AWS managed policy:
+ [AmazonEKSWorkerNodeMinimalPolicy](security-iam-awsmanpol.md#security-iam-awsmanpol-AmazonEKSWorkerNodeMinimalPolicy)
+ [AmazonEC2ContainerRegistryPullOnly](https://docs.aws.amazon.com/AmazonECR/latest/userguide/security-iam-awsmanpol.html#security-iam-awsmanpol-AmazonEC2ContainerRegistryPullOnly)
EKS Auto Mode also requires a Service-Linked Role, which is automatically created and configured by AWS. For more information, see [AWSServiceRoleForAmazonEKS](using-service-linked-roles-eks.md).
## Create an EKS Auto Mode Cluster IAM Role
### Step 1: Create the Trust Policy
Create a trust policy that allows the Amazon EKS service to assume the role. Save the policy as `trust-policy.json`:
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": [
"sts:AssumeRole",
"sts:TagSession"
]
}
]
}
```
### Step 2: Create the IAM Role
Use the trust policy to create the Cluster IAM Role:
```
aws iam create-role \
--role-name AmazonEKSAutoClusterRole \
--assume-role-policy-document file://trust-policy.json
```
### Step 3: Note the Role ARN
Retrieve and save the ARN of the new role for use in subsequent steps:
```
aws iam get-role --role-name AmazonEKSAutoClusterRole --query "Role.Arn" --output text
```
### Step 4: Attach Required Policies
Attach the following AWS managed policies to the Cluster IAM Role to grant the necessary permissions:
**AmazonEKSClusterPolicy**:
```
aws iam attach-role-policy \
--role-name AmazonEKSAutoClusterRole \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
```
**AmazonEKSComputePolicy**:
```
aws iam attach-role-policy \
--role-name AmazonEKSAutoClusterRole \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSComputePolicy
```
**AmazonEKSBlockStoragePolicy**:
```
aws iam attach-role-policy \
--role-name AmazonEKSAutoClusterRole \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy
```
**AmazonEKSLoadBalancingPolicy**:
```
aws iam attach-role-policy \
--role-name AmazonEKSAutoClusterRole \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy
```
**AmazonEKSNetworkingPolicy**:
```
aws iam attach-role-policy \
--role-name AmazonEKSAutoClusterRole \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy
```
## Create an EKS Auto Mode Node IAM Role
### Step 1: Create the Trust Policy
Create a trust policy that allows the Amazon EKS service to assume the role. Save the policy as `node-trust-policy.json`:
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
```
#### Step 2: Create the Node IAM Role
Use the **node-trust-policy.json** file from the previous step to define which entities can assume the role. Run the following command to create the Node IAM Role:
```
aws iam create-role \
--role-name AmazonEKSAutoNodeRole \
--assume-role-policy-document file://node-trust-policy.json
```
#### Step 3: Note the Role ARN
After creating the role, retrieve and save the ARN of the Node IAM Role. You will need this ARN in subsequent steps. Use the following command to get the ARN:
```
aws iam get-role --role-name AmazonEKSAutoNodeRole --query "Role.Arn" --output text
```
#### Step 4: Attach Required Policies
Attach the following AWS managed policies to the Node IAM Role to provide the necessary permissions:
**AmazonEKSWorkerNodeMinimalPolicy**:
```
aws iam attach-role-policy \
--role-name AmazonEKSAutoNodeRole \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy
```
**AmazonEC2ContainerRegistryPullOnly**:
```
aws iam attach-role-policy \
--role-name AmazonEKSAutoNodeRole \
--policy-arn arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly
```
## Create an EKS Auto Mode Cluster
### Overview
To create an EKS Auto Mode Cluster using the AWS CLI, you will need the following parameters:
+ `cluster-name`: The name of the cluster.
+ `k8s-version`: The Kubernetes version (e.g., 1.31).
+ `subnet-ids`: Subnet IDs identified in the previous steps.
+ `cluster-role-arn`: ARN of the Cluster IAM Role.
+ `node-role-arn`: ARN of the Node IAM Role.
#### Default Cluster Configurations
Review these default values and features before creating the cluster:
+ `nodePools`: EKS Auto Mode includes general-purpose and system default Node Pools. Learn more about [Node Pools](create-node-pool.md).
**Note:** Node Pools in EKS Auto Mode differ from Amazon EKS Managed Node Groups but can coexist in the same cluster.
+ `computeConfig.enabled`: Automates routine compute tasks, such as creating and deleting EC2 instances.
+ `kubernetesNetworkConfig.elasticLoadBalancing.enabled`: Automates load balancing tasks, including creating and deleting Elastic Load Balancers.
+ `storageConfig.blockStorage.enabled`: Automates storage tasks, such as creating and deleting Amazon EBS volumes.
+ `accessConfig.authenticationMode`: Requires EKS access entries. Learn more about [EKS authentication modes](grant-k8s-access.md).
#### Run the Command
Use the following command to create the cluster:
```
aws eks create-cluster \
--region ${AWS_REGION} \
--cli-input-json \
"{
\"name\": \"${CLUSTER_NAME}\",
\"version\": \"${K8S_VERSION}\",
\"roleArn\": \"${CLUSTER_ROLE_ARN}\",
\"resourcesVpcConfig\": {
\"subnetIds\": ${SUBNETS_JSON},
\"endpointPublicAccess\": true,
\"endpointPrivateAccess\": true
},
\"computeConfig\": {
\"enabled\": true,
\"nodeRoleArn\":\"${NODE_ROLE_ARN}\",
\"nodePools\": [\"general-purpose\", \"system\"]
},
\"kubernetesNetworkConfig\": {
\"elasticLoadBalancing\": {
\"enabled\": true
}
},
\"storageConfig\": {
\"blockStorage\": {
\"enabled\": true
}
},
\"accessConfig\": {
\"authenticationMode\": \"API\"
}
}"
```
### Check Cluster Status
#### Step 1: Verify Cluster Creation
Run the following command to check the status of your cluster. Cluster creation typically takes about 15 minutes:
```
aws eks describe-cluster --name "${CLUSTER_NAME}" --output json
```
#### Step 2: Update kubeconfig
Once the cluster is ready, update your local kubeconfig file to enable `kubectl` to communicate with the cluster. This configuration uses the AWS CLI for authentication.
```
aws eks update-kubeconfig --name "${CLUSTER_NAME}"
```
#### Step 3: Verify Node Pools
List the Node Pools in your cluster using the following command:
```
kubectl get nodepools
```
## Next Steps
+ Learn how to [deploy a sample workload](automode-workload.md) to your new EKS Auto Mode cluster.
# Create an EKS Auto Mode Cluster with the AWS Management Console
Creating an EKS Auto Mode cluster in the AWS Management Console requires less configuration than other options. EKS integrates with AWS IAM and VPC Networking to help you create the resources associated with an EKS cluster.
You have two options to create a cluster in the console:
+ Quick configuration (with EKS Auto Mode)
+ Custom configuration
In this topic, you will learn how to create an EKS Auto Mode cluster using the Quick configuration option.
## Create an EKS Auto Mode using the quick configuration option
You must be logged into the AWS Management Console with sufficient permissions to manage AWS resources including: EC2 instances, EC2 networking, EKS clusters, and IAM roles.
1. Navigate to the EKS Console
1. Click **Create cluster**
1. Confirm the **Quick configuration** option is selected
1. Determine the following values, or use the defaults for a test cluster.
+ Cluster **Name**
+ Kubernetes Version
1. Select the Cluster IAM Role. If this is your first time creating an EKS Auto Mode cluster, use the **Create recommended role** option.
+ Optionally, you can reuse a single Cluster IAM Role in your AWS account for all EKS Auto Mode clusters.
+ The Cluster IAM Role includes required permissions for EKS Auto Mode to manage resources including EC2 instances, EBS volumes, and EC2 load balancers.
+ The **Create recommended role** option pre-fills all fields with recommended values. Select **Next** and then **Create**. The role will use the suggested `AmazonEKSAutoClusterRole` name.
+ If you recently created a new role, use the **Refresh** icon to reload the role selection dropdown.
1. Select the Node IAM Role. If this is your first time creating an EKS Auto Mode cluster, use the **Create recommended role** option.
+ Optionally, you can reuse a single Node IAM Role in your AWS account for all EKS Auto Mode clusters.
+ The Node IAM Role includes required permissions for Auto Mode nodes to connect to the cluster. The Node IAM Role must include permissions to retrieve ECR images for your containers.
+ The **Create recommended role** option pre-fills all fields with recommended values. Select **Next** and then **Create**. The role will use the suggested `AmazonEKSAutoNodeRole` name.
+ If you recently created a new role, use the **Refresh** icon to reload the role selection dropdown.
1. Select the VPC for your EKS Auto Mode cluster. Choose the **Create VPC** to create a new VPC for EKS, or choose a VPC you previously created for EKS.
+ If you use the VPC Console to create a new VPC, AWS suggests you create at least one NAT Gateway per Availability Zone. Otherwise, you can use all other defaults.
+ For more information and details of IPv6 cluster requirements, see [Create an Amazon VPC for your Amazon EKS cluster](creating-a-vpc.md).
1. (optional) EKS Auto Mode automatically populates the private subnets for your selected VPC. You can remove unwanted subnets.
+ EKS automatically selects private subnets from the VPC following best practices. You can optionally select additional subnets from the VPC, such as public subnets.
1. (optional) Select **View quick configuration defaults** to review all configuration values for the new cluster. The table indicates some values are not editable after the cluster is created.
1. Select **Create cluster** . Note it may take fifteen minutes for cluster creation to complete.
## Next Steps
+ Learn how to [Deploy a Sample Workload to your EKS Auto Mode cluster](sample-storage-workload.md)