Skip to content

Amazon VPC

The Amazon VPC CNI uses the native AWS networking for Pods. Every pod gets an Elastic Network Interface (ENI) on the node it is running and an IP address belonging to the subnets assigned to the node.

WARNING: The Amazon VPC CNI is not compatible with Ubuntu 22.04 and kOps versions earlier than 1.29. See kubernetes/kops#15720 and aws/amazon-vpc-cni-k8s#2103 for more info (Fix was applied via kubernetes/kops#16313 in kOps 1.29).


To use Amazon VPC, specify the following in the cluster spec:

    amazonvpc: {}

in the cluster spec file or pass the --networking amazonvpc option on the command line to kOps:

export ZONES=<mylistofzones>
kops create cluster \
  --zones $ZONES \
  --networking amazonvpc \
  --yes \

Important: pods use the VPC CIDR, i.e. there is no isolation between the master, node/s and the internal k8s network. In addition, this CNI does not enforce network policies.


Configuration options for the Amazon VPC CNI plugin can be set through env vars defined in the cluster spec:

      - name: WARM_IP_TARGET
        value: "10"
      - name: AWS_VPC_K8S_CNI_LOGLEVEL
        value: debug


In case of any issues the directory /var/log/aws-routed-eni contains the log files of the CNI plugin. This directory is located in all the nodes in the cluster.