Deploy Cerbos on Amazon EKS
Run the Cerbos PDP on Amazon EKS using the official Helm chart or Kubernetes manifests.
Helm or manifests
Deploy with the official Cerbos Helm chart or standard Kubernetes manifests, whichever fits your workflow
Horizontal scaling
Cerbos is stateless and scales horizontally with replicas, no coordination required between instances
IAM integration
Use IAM roles for service accounts (IRSA) to grant Cerbos access to policy sources stored in AWS services
What is Cerbos?
Cerbos is an open-source authorization layer that decouples access control from your application code. It runs as a stateless Policy Decision Point (PDP) that evaluates fine-grained policies at request time.
Authorization policies are written in human-readable YAML supporting RBAC, ABAC, and conditional rules. They can be updated, tested, and deployed independently of your application.
Deploying Cerbos via Amazon Elastic Kubernetes Service gives you a production-ready authorization service that scales horizontally and fits naturally into your existing infrastructure and observability stack.
How to deploy Cerbos on Amazon EKS
- Install with Helm or apply manifests, Use
helm install cerbos cerbos/cerbosor apply Kubernetes manifests to deploy the PDP into your EKS cluster. - Configure policy loading, Point Cerbos at a ConfigMap, Git repository, or Cerbos Hub bundle for policy storage.
- Expose the service, Create a Kubernetes Service to make the PDP available to your application pods.
- Connect your services, Use a Cerbos SDK to send authorization checks from your application pods to the PDP.
FAQ
How do I deploy Cerbos on EKS?
Use the official Cerbos Helm chart or apply Kubernetes manifests to deploy the PDP into your EKS cluster. Cerbos runs as a Deployment with a Service, or as a sidecar container in your application pods.
Does Cerbos require any external dependencies?
No. Cerbos is fully stateless and requires no database or message queue. Policies can be loaded from a ConfigMap, Git repository, or Cerbos Hub.
Does Cerbos work with EKS Fargate profiles?
Yes. Cerbos runs as a standard container and is compatible with EKS Fargate profiles without modification.
Learn more about Cerbos
Related integrations
View all integrations →
Cerbos + Amazon Elastic Kubernetes Service
- Cerbos runs alongside your workloads in Amazon Elastic Kubernetes Service
- No external databases or message queues required
- Built-in metrics, distributed tracing, and structured logging
- Stateless PDP instances scale horizontally
Authorization for AI systems
By industry
By business requirement
Useful links
What is Cerbos?
Cerbos is an end-to-end enterprise authorization software for Zero Trust environments and AI-powered systems. It enforces fine-grained, contextual, and continuous authorization across apps, APIs, AI agents, MCP servers, services, and workloads.
Cerbos consists of an open-source Policy Decision Point, Enforcement Point integrations, and a centrally managed Policy Administration Plane (Cerbos Hub) that coordinates unified policy-based authorization across your architecture. Enforce least privilege & maintain full visibility into access decisions with Cerbos authorization.