EKS Auto Mode is AWS’s answer to “Kubernetes is too complicated.” It automates node management, scaling, networking, and security patching — you just define your cluster and deploy workloads. No managed node groups, no Karpenter configuration, no AMI updates.
EKS Auto Mode vs Standard EKS
| Feature | Standard EKS | EKS Auto Mode |
|---|---|---|
| Node management | You manage (node groups) | AWS manages automatically |
| Scaling | Configure Karpenter/CAS | Built-in, automatic |
| AMI updates | Manual or automation | Automatic |
| Security patches | Your responsibility | AWS handles it |
| Instance selection | You choose | AWS selects optimal instances |
| Networking | Install VPC CNI plugin | Built-in |
| Pod identity | Configure IRSA/Pod Identity | Built-in |
| Cost | EKS + EC2 | EKS + Auto Mode compute (slight premium) |
| Control | Full | Less (AWS decides instance types, patches) |
| Terraform complexity | ~100 lines | ~30 lines |
Basic EKS Auto Mode Cluster
resource "aws_eks_cluster" "main" {
name = "production"
role_arn = aws_iam_role.cluster.arn
version = "1.31"
vpc_config {
subnet_ids = var.private_subnet_ids
endpoint_private_access = true
endpoint_public_access = true
security_group_ids = [aws_security_group.cluster.id]
}
# Enable Auto Mode
compute_config {
enabled = true
node_pools = ["general-purpose"]
node_role_arn = aws_iam_role.node.arn
}
kubernetes_network_config {
elastic_load_balancing {
enabled = true
}
}
storage_config {
block_storage {
enabled = true
}
}
tags = {
Environment = var.environment
}
depends_on = [
aws_iam_role_policy_attachment.cluster_policy,
aws_iam_role_policy_attachment.compute_policy,
aws_iam_role_policy_attachment.block_storage_policy,
aws_iam_role_policy_attachment.lb_policy,
aws_iam_role_policy_attachment.networking_policy,
]
}
IAM Roles
Cluster Role
resource "aws_iam_role" "cluster" {
name = "eks-cluster-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Principal = { Service = "eks.amazonaws.com" }
Action = "sts:AssumeRole"
}]
})
}
resource "aws_iam_role_policy_attachment" "cluster_policy" {
role = aws_iam_role.cluster.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
}
resource "aws_iam_role_policy_attachment" "compute_policy" {
role = aws_iam_role.cluster.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSComputePolicy"
}
resource "aws_iam_role_policy_attachment" "block_storage_policy" {
role = aws_iam_role.cluster.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy"
}
resource "aws_iam_role_policy_attachment" "lb_policy" {
role = aws_iam_role.cluster.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy"
}
resource "aws_iam_role_policy_attachment" "networking_policy" {
role = aws_iam_role.cluster.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy"
}
Node Role
resource "aws_iam_role" "node" {
name = "eks-auto-node-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Principal = { Service = "ec2.amazonaws.com" }
Action = "sts:AssumeRole"
}]
})
}
resource "aws_iam_role_policy_attachment" "node_worker" {
role = aws_iam_role.node.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy"
}
resource "aws_iam_role_policy_attachment" "node_ecr" {
role = aws_iam_role.node.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly"
}
Custom Node Pools
Auto Mode includes a general-purpose node pool by default. Add custom pools for specific workloads:
resource "aws_eks_node_pool" "gpu" {
cluster_name = aws_eks_cluster.main.name
node_pool_name = "gpu-workloads"
node_role_arn = aws_iam_role.node.arn
node_pool_config {
node_class = "gpu" # GPU-enabled instances
}
}
resource "aws_eks_node_pool" "high_memory" {
cluster_name = aws_eks_cluster.main.name
node_pool_name = "high-memory"
node_role_arn = aws_iam_role.node.arn
node_pool_config {
node_class = "high-memory"
}
}
VPC Requirements
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
enable_dns_support = true
}
resource "aws_subnet" "private" {
count = 3
vpc_id = aws_vpc.main.id
cidr_block = cidrsubnet("10.0.0.0/16", 8, count.index)
availability_zone = data.aws_availability_zones.available.names[count.index]
tags = {
"kubernetes.io/role/internal-elb" = "1"
}
}
resource "aws_subnet" "public" {
count = 3
vpc_id = aws_vpc.main.id
cidr_block = cidrsubnet("10.0.0.0/16", 8, count.index + 100)
availability_zone = data.aws_availability_zones.available.names[count.index]
map_public_ip_on_launch = true
tags = {
"kubernetes.io/role/elb" = "1"
}
}
EKS Auto Mode vs Karpenter
| Feature | Karpenter | EKS Auto Mode |
|---|---|---|
| Setup | Install Helm chart, configure NodePool CRDs | Enable flag on cluster |
| Configuration | Full control (instance types, taints, limits) | AWS-managed defaults |
| Instance selection | You define constraints | AWS optimizes automatically |
| Spot support | ✅ Configurable | ✅ Automatic |
| Consolidation | Configurable | Automatic |
| AMI management | Custom AMI families | AWS-managed |
| Cost visibility | Detailed per-NodePool | Aggregate |
| Learning curve | Moderate | Minimal |
| Best for | Teams wanting fine control | Teams wanting simplicity |
When to Use Auto Mode
- New clusters with standard workloads
- Teams without dedicated Kubernetes platform engineers
- Environments where operational simplicity > cost optimization
- Dev/staging environments
When to Stick with Karpenter
- Need fine-grained instance selection (GPU types, ARM, Spot percentage)
- Complex scheduling requirements (taints, affinities per workload)
- Cost optimization is critical (custom consolidation policies)
- Already running Karpenter and happy with it
Hands-On Courses
- Terraform for Beginners on CopyPasteLearn
- Terraform By Example — practical code examples
Conclusion
EKS Auto Mode simplifies Kubernetes on AWS to its minimum: create a cluster, deploy workloads, and AWS handles node management, scaling, patching, and networking. The Terraform configuration drops from ~100 lines (standard EKS + node groups + Karpenter) to ~30 lines. The tradeoff is less control over instance selection and scaling behavior. For teams who don’t have dedicated platform engineers, Auto Mode is the right choice in 2026.
