AWS EKS
Importing an AWS EKS engine connects an existing EKS cluster to AIchor without transferring ownership. AIchor schedules workloads on the cluster using IAM role assumption, while infrastructure management remains with the cluster administrator.
Prerequisites
-
The EKS cluster must already exist and be accessible.
-
An IAM role with the necessary permissions must be available. The role ARN follows the format
arn:aws:iam::account-id:role/role-name. -
The Kubernetes API server endpoint is required. Run the following command to retrieve it:
kubectl cluster-info
and look for the Kubernetes control plane endpoint.
-
Either the DNS name of the Network Load Balancer or a Base Host value must be available (see form fields below).
-
To populate the CA Data field, run the following command against the cluster:
kubectl config view --minify --raw --output 'jsonpath={..cluster.certificate-authority-data}' | base64 -d
Steps
- In the AIchor UI, open Engines and click Add Engine.
- Select In The Cloud, then AWS, then EKS.
- Select Import Existing Engine.
- Fill in the form fields described below and submit.

Form fields
| Field | Required | Description |
|---|---|---|
| Engine Name | Yes | Name of the engine in AIchor. Lowercase alphanumeric characters and hyphens. Must start with a letter. |
| EKS Cluster Name | Yes | Name of the existing EKS cluster to import in AKS. |
| Ecosystem | No | Tag passed to infrastructure-as-code tooling. Required only for specific organisations on InstaDeep recommendation. |
| API Hostname | Yes | Kubernetes API server endpoint. Found in ~/.kube/config under the cluster's server field. |
| AWS Region | Yes | Region where the cluster runs. |
| Assume Role ARN | Yes | IAM role ARN with the necessary permissions. Format: arn:aws:iam::account-id:role/role-name. |
| Load Balancer DNS | Conditional | DNS name of the Network Load Balancer. Either this or Base Host must be provided. |
| Base Host | Conditional | Alternative to Load Balancer DNS for specific organisations on InstaDeep recommendation. Either this or Load Balancer DNS must be provided. Can be ignored in most cases. |
Certificates
TLS verification behaviour is controlled through the certificate fields below. By default, certificate verification is enabled.
| Field | Required | Description |
|---|---|---|
| Insecure | No | When checked, certificate verification is skipped. Not recommended for production. |
| Server Name | No | SNI hostname used during the TLS handshake. |
| Certificate Data | No | Client certificate in PEM format. |
| CA Data | No | Certificate Authority certificate in PEM format. See the retrieval command in the Prerequisites section above. |
Authentication
Authentication to the EKS cluster is performed via IAM role assumption. The Assume Role ARN field specifies the IAM role that AIchor will assume when communicating with the cluster. Ensure the role has the required permissions to manage Kubernetes workloads on the target cluster.