---
title: "Cloud / EKS"
description: "Policies for cloud-managed Kubernetes clusters. Covers AWS EKS best practices, cloud controller configuration, and cloud-specific security controls for managed node groups."
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/cloud/
---


Kyverno policies for cloud-managed Kubernetes clusters, focused on AWS EKS and cloud controller security.

## What's Covered

- **EKS best practices** — Node group security, IAM roles for service accounts (IRSA)
- **AWS cloud controller** — Policies for cloud controller manager configuration
- **Managed node group hardening** — Enforce secure launch templates
- **IRSA enforcement** — Require workloads to use IAM Roles for Service Accounts
- **EKS add-on validation** — Ensure required add-ons are present and configured

All cloud and EKS policies are available in the [Nirmata policy library on GitHub](https://github.com/nirmata/kyverno-policies/tree/main/eks-best-practices).