Chainguard EKS add-ons are now available in the AWS Marketplace
Amazon EKS powers Kubernetes for AWS customers, from fast-moving startups to the largest enterprises on the planet. At the core of every EKS cluster are foundational add-ons: kube-proxy, CoreDNS, VPC CNI, EBS CSI, and EFS CSI. These components handle networking, DNS resolution, storage provisioning, and traffic management. They're not optional. They're the infrastructure that makes everything else work.
For platform teams in regulated industries, ensuring EKS workloads meet stringent security and compliance standards, such as FIPS 140-3, has typically meant custom images, additional controls, and bespoke workflows on top of standard deployments. While EKS Auto Mode provides a fully managed path with FIPS-compatible infrastructure, enterprises that require granular control over individual add-ons have lacked a frictionless marketplace option until now. Chainguard is now the only third-party provider delivering zero-known-CVE, FIPS 140-3 validated EKS add-on images in AWS Marketplace, providing a drop-in replacement for teams that manage their own add-on lifecycle.
Chainguard EKS add-ons, now in AWS Marketplace
Built for the engineers and platform teams running Kubernetes in production, we're publishing Chainguard-built variants of the five most widely deployed EKS add-ons directly in AWS Marketplace, making it easy for engineers to discover and adopt FIPS-validated add-ons.
Here's what's available at launch:
kube-proxy: Network rules on each node for Service connectivity
CoreDNS: Cluster-internal DNS resolution
VPC CNI: Pod networking using AWS VPC-native IP addresses
All Chainguard Containers are rebuilt from source daily with zero known vulnerabilities. These are the same container images, available in our catalog of 2300+ containers, that hundreds of organizations already rely on.
Why this matters right now
The complexity of managing security and compliance across foundational infrastructure is increasing. Nation-state actors are targeting the software supply chain, while teams face growing pressure to meet regulatory requirements without slowing development velocity. At the same time, AI is surfacing vulnerabilities faster than maintainers can patch them, making traditional approaches like post-deployment scanning and patching insufficient on their own.
This pressure hits hardest at the base of your cluster: your kube-system namespace. Ensuring these core components meet security and compliance standards is critical, especially for organizations working toward FedRAMP requirements.
With Chainguard EKS add-ons, teams can now meet these requirements using AWS-native workflows—reducing the time, effort, and operational overhead required to deploy and maintain compliant infrastructure.
Here's what changes with Chainguard EKS add-ons:
FIPS-validated add-ons: We're the only provider offering FIPS 140-3-validated EKS add-ons on AWS Marketplace for your regulatory audits.
Zero CVEs: Every Chainguard container image is continuously rebuilt from source with zero CVEs. Ensuring your kube-system namespace stays free of vulnerabilities without placing an operational burden on your platform team.
No more workarounds: If you have already adopted Chainguard Containers for components like kube-proxy and CoreDNS, you know the security benefits. With this new path of EKS add-ons with Helm charts, AWS-native lifecycle management, you can now also avoid maintaining custom configurations and manual upgrades.
More control: Many large enterprises also need fine-grained control over their clusters. Chainguard EKS add-ons deliver the compliance benefits without giving up that control.
What's next
This is step one, and we will continue to work closely with AWS to get Chainguard’s trusted open source into the hands of more organizations worldwide.
As the threat landscape continues to evolve, we’re helping customers strengthen their software supply chain with containers, libraries, VMs, OS packages, CI/CD actions, and AI agent skills. For teams that need FIPS-validated add-ons in their EKS clusters, this is a natural starting point.
We will continue to work closely with AWS to get Chainguard's trusted open source products into the hands of more organizations worldwide.
Get started
Find the Chainguard EKS add-on listings in the AWS Marketplace, and check out our documentation. For questions about FIPS validation and EKS compatibility, contact us.
Share this article
Related articles
- product
Going beyond CVEs: Chainguard’s one day KEV SLA
Reid Tatoris, VP of Product, and Alex Burrage, Director of Product Security
- product
Chainguard Libraries is now free until June 30, 2026 — no commitment required
Ross Gordon, Staff Product Marketing Manager
- product
SecDB is the past, OSV is the future
Tazin Progga, Senior Product Manager
- product
Introducing the Activity Center: One place for every change that matters
Matt Stead, Product Marketing Manager, and Ron Norman, Director of UX and Design
- product
Introducing Chainguard OS Packages: Secure ingredients for custom container builds
Anushka Iyer, Product Marketing Manager, and John Slack, Senior Product Manager
- product
Introducing Chainguard Repository: A unified experience for secure-by-default open source artifacts
Ross Gordon, Staff Product Marketing Manager, and Angela Zhang, Senior Product Manager