How to Enable NetworkPolicy in AWS EKS?

3 min readSep 27, 2023

AWS VPC CNI NetworkPolicy support has been available for a while.

I will demonstrate how to activate the NetworkPolicy plugin in an EKS cluster.

Photo by JJ Ying on Unsplash

You may activate VPC CNI with the following command:

eksctl create addon --name vpc-cni --version v1.15.0-eksbuild.2 --cluster YOUR_CLUSTER_NAME --service-account-role-arn arn:aws:iam::account:role/AmazonEKSCNIAccess --force

You may not be able to activate VPC CNI without the — forceargument.

You may enable VPC CNI through the AWS Management Console:

On your EKS Console, click add-ons:

Click more add-ons:

Select Amazon VPC CNI:

Click next. Then select the latest version:

Click next. Review your configuration:

Click create. You may see the progress in the Add-ons tab

It is enabled:

Open the Amazon VPC CNI’s configuration:

Expand the “Optional configuration settings”:

Update the configuration values with a JSON value:

Here’s the configuration value:

{"enableNetworkPolicy": "true"}

Then, click “Save changes”

In the vpc-cni add-on page, you may see the progress:

Enjoy your Network Policies in your EKS Cluster: