Teleport enhances EKS identity security with deeper audit insight

Teleport has expanded the capabilities of its Identity Security product to support Amazon Elastic Kubernetes Service (EKS), aiming to provide greater insight into activity and risks within managed Kubernetes environments.

Expanded visibility

The latest integration allows organisations to identify shadow access and privilege escalation across their Amazon EKS clusters. By incorporating EKS-specific audit logs, Teleport now enables users to monitor access and track actions even when Kubernetes clusters are accessed through Amazon Web Services (AWS) credentials instead of Teleport's systems.

Teleport's Access Graph and Investigate features are being extended to EKS, facilitating a unified view of identity activity. This includes the ability to visualise access paths and correlate actions with specific user identities, combining telemetry from AWS CloudWatch and identity data from AWS Identity and Access Management (IAM) as well as enterprise identity providers.

Addressing complex access

Traditional security tools for Kubernetes have generally enforced access policies but have lacked the ability to give a comprehensive picture of how and when clusters are accessed. According to Ben Arent, Director of Product at Teleport, this has made it difficult for organisations to accurately detect unauthorised or anomalous access patterns.

"Organisations running Amazon EKS have struggled to gain a unified view of access activity across their cloud and Kubernetes layers. By consolidating Amazon EKS audit data into Teleport Identity Security - Identity Activity Centre, we help customers expose and eliminate hidden identity risks - from shadow user access to users abusing service accounts - before they become incidents," said Ben Arent, Director of Product, Teleport.

Audit trails and session recordings have provided partial visibility in the past, but have not been able to capture activity through all potential access methods. Teleport's new approach collates and enriches audit data with detailed identity context, offering a more complete audit capability within Amazon EKS environments.

Operational benefits

With the enhanced EKS Identity Security features, both platform engineering and security operations teams can visualise access flows, investigate activity across AWS, Teleport, and EKS in one place, and detect identity-based anomalies as they occur. The company suggests that these updates will help organisations validate compliance with access control requirements and navigate audit processes more efficiently.

In addition to strengthening regulatory compliance and security posture, the changes are anticipated to support improved collaboration between technical and security teams, particularly as zero trust principles are more widely adopted in infrastructure management.

Deployment and roadmap

The new features will be made available for on-premises deployments in November 2025, with support for Teleport Cloud users coming as part of a subsequent minor software update.