Chainguard EKS add-ons are now available in the AWS Marketplace

Amazon EKS powers Kubernetes for AWS customers, from fast-moving startups to the largest enterprises on the planet. At the core of every EKS cluster are foundational add-ons: kube-proxy, CoreDNS, VPC CNI, EBS CSI, and EFS CSI. These components handle networking, DNS resolution, storage provisioning, and traffic management. They're not optional. They're the infrastructure that makes everything else work.

For platform teams in regulated industries, ensuring EKS workloads meet stringent security and compliance standards, such as FIPS 140-3, has typically meant custom images, additional controls, and bespoke workflows on top of standard deployments. While EKS Auto Mode provides a fully managed path with FIPS-compatible infrastructure, enterprises that require granular control over individual add-ons have lacked a frictionless marketplace option until now. Chainguard is now the only third-party provider delivering zero-known-CVE, FIPS 140-3 validated EKS add-on images in AWS Marketplace, providing a drop-in replacement for teams that manage their own add-on lifecycle.   

Chainguard EKS add-ons, now in AWS Marketplace

Built for the engineers and platform teams running Kubernetes in production, we're publishing Chainguard-built variants of the five most widely deployed EKS add-ons directly in AWS Marketplace, making it easy for engineers to discover and adopt FIPS-validated add-ons.

Here's what's available at launch:

• kube-proxy: Network rules on each node for Service connectivity

• CoreDNS: Cluster-internal DNS resolution

• VPC CNI: Pod networking using AWS VPC-native IP addresses

All Chainguard Containers are rebuilt from source daily with zero known vulnerabilities. These are the same container images, available in our catalog of 2300+ containers, that hundreds of organizations already rely on. 

Why this matters right now

The complexity of managing security and compliance across foundational infrastructure is increasing. Nation-state actors are targeting the software supply chain, while teams face growing pressure to meet regulatory requirements without slowing development velocity. At the same time, AI is surfacing vulnerabilities faster than maintainers can patch them, making traditional approaches like post-deployment scanning and patching insufficient on their own.

This pressure hits hardest at the base of your cluster: your kube-system namespace. Ensuring these core components meet security and compliance standards is critical, especially for organizations working toward FedRAMP requirements.

With Chainguard EKS add-ons, teams can now meet these requirements using AWS-native workflows—reducing the time, effort, and operational overhead required to deploy and maintain compliant infrastructure.

Here's what changes with Chainguard EKS add-ons:

FIPS-validated add-ons: We're the only provider offering FIPS 140-3-validated EKS add-ons on AWS Marketplace for your regulatory audits.

Zero CVEs: Every Chainguard container image is continuously rebuilt from source with zero CVEs. Ensuring your kube-system namespace stays free of vulnerabilities without placing an operational burden on your platform team.

No more workarounds: If you have already adopted Chainguard Containers for components like kube-proxy and CoreDNS, you know the security benefits. With this new path of EKS add-ons with Helm charts, AWS-native lifecycle management, you can now also avoid maintaining custom configurations and manual upgrades.

More control: Many large enterprises also need fine-grained control over their clusters. Chainguard EKS add-ons deliver the compliance benefits without giving up that control.

What's next

This is step one, and we will continue to work closely with AWS to get Chainguard’s trusted open source into the hands of more organizations worldwide.

As the threat landscape continues to evolve, we’re helping customers strengthen their software supply chain with containers, libraries, VMs, OS packages, CI/CD actions, and AI agent skills. For teams that need FIPS-validated add-ons in their EKS clusters, this is a natural starting point.

We will continue to work closely with AWS to get Chainguard's trusted open source products into the hands of more organizations worldwide.

Get started

Find the Chainguard EKS add-on listings in the AWS Marketplace, and check out our documentation. For questions about FIPS validation and EKS compatibility, contact us.