This documentation is for the most recent version of Anthos clusters on AWS, released on November 3rd. See the Release notes for more information. For documentation on the previous generation of Anthos clusters on AWS, see Previous generation.

Quotas and limits

Stay organized with collections Save and categorize content based on your preferences.

This page lists the quotas and limits that apply to Anthos clusters on AWS.

Cluster versions

Anthos clusters on AWS supports the following Kubernetes versions:

Kubernetes 1.24

1.24.5-gke.200

Kubernetes OSS release notes.

1.24.3-gke.2200

Kubernetes OSS release notes.

  • Fix a bug where creating a Kubernetes Service resource with type LoadBalancer and annotation service.beta.kubernetes.io/aws-load-balancer-type: nlb, would remain with an empty target group. See https://github.com/kubernetes/cloud-provider-aws/issues/301

1.24.3-gke.2100

Kubernetes OSS release notes.

  • Upload Kubernetes resource metrics to Google Cloud Monitoring for Windows node pools.
  • Provided a webhook for easy IMDS emulator injection.
  • go1.18 stops accepting certificates signed with the SHA-1 hash algorithm by default. Admission/conversion webhooks or aggregated server endpoints using these insecure certificates will break by default in 1.24. The environment variable GODEBUG=x509sha1=1 is set in Anthos on-AWS clusters as a temporary workaround to let these insecure certificates continue to work. However, the go team is anticipated to remove support on this workaround in the near coming releases. Customers should check and ensure there aren't any admission/conversion webhooks or aggregated server endpoints that are using such insecure certificates before upgrading to the upcoming breaking version.
  • Anthos clusters on AWS now supports EFS dynamic provisioning in preview mode, for Kubernetes clusters at version 1.24 or later. To use this feature, you must add the following permissions to the control plane role: ec2:DescribeAvailabilityZones elasticfilesystem:DescribeAccessPoints elasticfilesystem:DescribeFileSystems elasticfilesystem:DescribeMountTargets elasticfilesystem:CreateAccessPoint elasticfilesystem:DeleteAccessPoint
  • Improve network connectivity checks during cluster and node pool creation to help troubleshooting.

  • Security Fixes

  • Support updates to AWS control plane tags. To update tags, you need to add the following permissions to the API role - autoscaling:CreateOrUpdateTags autoscaling:DeleteTags ec2:CreateTags ec2:DescribeLaunchTemplates ec2:DescribeSecurityGroupRules ec2:DeleteTags elasticloadbalancing:AddTags elasticloadbalancing:RemoveTags

  • Upload workload metrics using Google Managed Service for Prometheus to Cloud Monarch is available as invite only private preview.

Kubernetes 1.23

1.23.11-gke.300

Kubernetes OSS release notes

1.23.9-gke.2200

Kubernetes OSS release notes

  • Fix a bug where creating a Kubernetes Service resource with type LoadBalancer and annotation service.beta.kubernetes.io/aws-load-balancer-type: nlb, would remain with an empty target group. See https://github.com/kubernetes/cloud-provider-aws/issues/301

1.23.9-gke.2100

Kubernetes OSS release notes

1.23.9-gke.800

Kubernetes OSS release notes

1.23.8-gke.1700

Kubernetes OSS release notes

1.23.7-gke.1300

Kubernetes OSS release notes.

  • Disable profiling endpoint (/debug/pprof) by default in kube-scheduler and kube-controller-manager.
  • Update kube-apiserver and kubelet to only use Strong Cryptographic Ciphers. Supported Ciphers used by Kubelet:

    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256

    Supported Ciphers used by kube api-server:

    TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384

  • Add an instance metadata server (IMDS) emulator.

  • Security Fixes

Kubernetes 1.22

1.22.15-gke.100

Kubernetes OSS release notes

1.22.12-gke.2300

Kubernetes OSS release notes

1.22.12-gke.1100

Kubernetes OSS release notes

1.22.12-gke.200

Kubernetes OSS release notes

1.22.10-gke.1500

Kubernetes OSS release notes.

1.22.8-gke.2100

Kubernetes OSS release notes.

  • Windows nodes now use pigz to improve image layer extraction performance.

1.22.8-gke.1300

  • Bug fixes
    • Fixed an issue where addons cannot be applied when Windows nodepools are enabled.
    • Fixed an issue where logging agent could fill up attached disk space.
  • Security Fixes
    • Fixed CVE-2022-1055.
    • Fixed CVE-2022-0886.
    • Fixed CVE-2022-0492.
    • Fixed CVE-2022-24769.
    • This release includes the following Role-based access control (RBAC) changes:
      • Scoped down anet-operator permissions for Lease update.
      • Scoped down anetd Daemonset permissions for Nodes and pods.
      • Scoped down fluentbit-gke permissions for service account tokens.
      • Scoped down gke-metrics-agent for service account tokens.
      • Scoped down coredns-autoscaler permissions for Nodes, ConfigMaps and Deployments.

1.22.8-gke.200

Kubernetes OSS release notes.

  • The default instance type for clusters and node pools created under Kubernetes v1.22 is now m5.large instead of t3.medium.
  • When you create a new cluster using Kubernetes version 1.22, you can now configure custom logging parameters.
  • As a preview feature, you can now choose Windows as your node pool image type when you create node pools with Kubernetes version 1.22.
  • As a preview feature, you can now configure host machines as dedicated hosts.
  • You can now view most common asynchronous cluster and nodepool boot errors in the long running operation error field. For more information, see the gcloud container aws operations list reference documentation.
  • Security Fixes

Supported regions

Google Cloud Region Associated AWS Region
asia-east2 ap-east-1
asia-northeast2 ap-northeast-1, ap-northeast-3
asia-south1 ap-south-1
asia-southeast1 ap-east-1, ap-northeast-1, ap-southeast-1
asia-southeast2 ap-southeast-3
australia-southeast1 ap-southeast-2
europe-north1 eu-north-1
europe-west1 eu-central-1, eu-north-1, eu-south-1, eu-west-1, eu-west-2, eu-west-3
europe-west2 eu-west-2
europe-west3 eu-central-1
europe-west9 eu-west-3
northamerica-northeast1 ca-central-1
southamerica-east1 sa-east-1
us-east4 ca-central-1, us-east-1, us-east-2
us-west1 us-west-1, us-west-2

Supported VM types

The following AWS VM sizes are supported:

Type Size
C5 Instances c5.large
C5 Instances c5.xlarge
C5 Instances c5.2xlarge
C5 Instances c5.4xlarge
C5 Instances c5.9xlarge
C5 Instances c5.12xlarge
C5 Instances c5.18xlarge
C5 Instances c5.24xlarge
C5 Instances c5a.large
C5 Instances c5a.xlarge
C5 Instances c5a.2xlarge
C5 Instances c5a.4xlarge
C5 Instances c5a.9xlarge
C5 Instances c5a.12xlarge
C5 Instances c5a.18xlarge
C5 Instances c5a.24xlarge
C5 Instances c5ad.large
C5 Instances c5ad.xlarge
C5 Instances c5ad.2xlarge
C5 Instances c5ad.4xlarge
C5 Instances c5ad.9xlarge
C5 Instances c5ad.12xlarge
C5 Instances c5ad.18xlarge
C5 Instances c5ad.24xlarge
C5 Instances c5d.large
C5 Instances c5d.xlarge
C5 Instances c5d.2xlarge
C5 Instances c5d.4xlarge
C5 Instances c5d.9xlarge
C5 Instances c5d.12xlarge
C5 Instances c5d.18xlarge
C5 Instances c5d.24xlarge
I3en Instances i3en.large
I3en Instances i3en.xlarge
I3en Instances i3en.2xlarge
I3en Instances i3en.3xlarge
I3en Instances i3en.6xlarge
I3en Instances i3en.12xlarge
I3en Instances i3en.24xlarge
M5 Instances m5.large
M5 Instances m5.xlarge
M5 Instances m5.2xlarge
M5 Instances m5.4xlarge
M5 Instances m5.8xlarge
M5 Instances m5.12xlarge
M5 Instances m5.16xlarge
M5 Instances m5.24xlarge
M5 Instances m5a.large
M5 Instances m5a.xlarge
M5 Instances m5a.2xlarge
M5 Instances m5a.4xlarge
M5 Instances m5a.8xlarge
M5 Instances m5a.12xlarge
M5 Instances m5a.16xlarge
M5 Instances m5a.24xlarge
M5 Instances m5ad.large
M5 Instances m5ad.xlarge
M5 Instances m5ad.2xlarge
M5 Instances m5ad.4xlarge
M5 Instances m5ad.8xlarge
M5 Instances m5ad.12xlarge
M5 Instances m5ad.16xlarge
M5 Instances m5ad.24xlarge
M5 Instances m5d.large
M5 Instances m5d.xlarge
M5 Instances m5d.2xlarge
M5 Instances m5d.4xlarge
M5 Instances m5d.8xlarge
M5 Instances m5d.12xlarge
M5 Instances m5d.16xlarge
M5 Instances m5d.24xlarge
R5 Instances r5.large
R5 Instances r5.xlarge
R5 Instances r5.2xlarge
R5 Instances r5.4xlarge
R5 Instances r5.8xlarge
R5 Instances r5.12xlarge
R5 Instances r5.16xlarge
R5 Instances r5.24xlarge
R5 Instances r5a.large
R5 Instances r5a.xlarge
R5 Instances r5a.2xlarge
R5 Instances r5a.4xlarge
R5 Instances r5a.8xlarge
R5 Instances r5a.12xlarge
R5 Instances r5a.16xlarge
R5 Instances r5a.24xlarge
R5 Instances r5ad.large
R5 Instances r5ad.xlarge
R5 Instances r5ad.2xlarge
R5 Instances r5ad.4xlarge
R5 Instances r5ad.8xlarge
R5 Instances r5ad.12xlarge
R5 Instances r5ad.16xlarge
R5 Instances r5ad.24xlarge
R5 Instances r5d.large
R5 Instances r5d.xlarge
R5 Instances r5d.2xlarge
R5 Instances r5d.4xlarge
R5 Instances r5d.8xlarge
R5 Instances r5d.12xlarge
R5 Instances r5d.16xlarge
R5 Instances r5d.24xlarge
T3 Instances t3.medium
T3 Instances t3.large
T3 Instances t3.xlarge
T3 Instances t3.2xlarge
T3 Instances t3a.medium
T3 Instances t3a.large
T3 Instances t3a.xlarge
T3 Instances t3a.2xlarge

Node image types

Anthos clusters on AWS cluster nodes run Ubuntu version 20.04. The image is similar to GKE's Ubuntu node image.

ContainerOS nodes are currently not supported.

Node pool sizes

Anthos clusters on AWS supports node pools containing up to 50 nodes.

Cluster and node pool quotas

Anthos clusters on AWS imposes several default quotas. To increase them, contact Google Cloud support.

Quota Name Default value
Number of clusters per Google Cloud project 20
Number of node pools per cluster 10
Number of pods per node 110

In addition to these quotas, your Anthos clusters on AWS installation is subject to any AWS service quotas on your AWS account, including the following:

For more information, see the AWS Service Quotas console.