awsdocs · fincd-aws · Jun 10, 2025 · Jun 5, 2025 · Jun 5, 2025 · Jun 5, 2025
@@ -99,7 +99,7 @@ Use the following procedure to enable the network policy parameter for the add-o
 . In the left navigation pane, select *Clusters*, and then select the name of the cluster that you want to configure the Amazon VPC CNI add-on for.
 . Choose the *Add-ons* tab.
 . Select the box in the top right of the add-on box and then choose *Edit*.
-. On the *Configure [.replaceable]`name of add-on`* page:
+. On the *Configure `Amazon VPC CNI`* page:
 +
 .. Select a `v1.14.0-eksbuild.3` or later version in the *Version* list.
 .. Expand the *Optional configuration settings*.
@@ -173,23 +173,29 @@ sudo mount -t bpf bpffs /sys/fs/bpf
 [#cni-network-policy-setup]
 == Step 4: Configure your cluster to use Kubernetes network policies
 
-Configure the cluster to use Kubernetes network policies. You can set this for an Amazon EKS add-on or self-managed add-on.
+You can set this for an Amazon EKS add-on or self-managed add-on.
 
 
 [#cni-network-policy-setup-procedure-add-on]
 .Amazon EKS add-on
 [%collapsible]
 ====
 
-[#cni-network-policy-setup-console]
-[discrete]
-=== {aws-management-console}
+Using the {aws} CLI, you can configure the cluster to use Kubernetes network policies by running the following command. Replace `my-cluster` with the name of your cluster and the IAM role ARN with the role that you are using.
+[source,shell,subs="verbatim,attributes"]
+----
+aws eks update-addon --cluster-name my-cluster --addon-name vpc-cni --addon-version v1.14.0-eksbuild.3 \
+    --service-account-role-arn {arn-aws}iam::123456789012:role/AmazonEKSVPCCNIRole \
+    --resolve-conflicts PRESERVE --configuration-values '{"enableNetworkPolicy": "true"}'
+----
+
+To configure this using the {aws} Management Console, follow the below steps:
 
 . Open the link:eks/home#/clusters[Amazon EKS console,type="console"].
 . In the left navigation pane, select *Clusters*, and then select the name of the cluster that you want to configure the Amazon VPC CNI add-on for.
 . Choose the *Add-ons* tab.
 . Select the box in the top right of the add-on box and then choose *Edit*.
-. On the *Configure [.replaceable]`name of addon`* page:
+. On the *Configure `Amazon VPC CNI`* page:
 +
 .. Select a `v1.14.0-eksbuild.3` or later version in the *Version* list.
 .. Expand the *Optional configuration settings*.
@@ -204,19 +210,6 @@ The following screenshot shows an example of this scenario.
 +
 image::images/console-cni-config-network-policy.png[{aws-management-console} showing the VPC CNI add-on with network policy in the optional configuration.,scaledwidth=80%]
 
-[#cni-network-policy-setup-cli]
-[discrete]
-=== {aws} CLI
-
-. Run the following {aws} CLI command. Replace `my-cluster` with the name of your cluster and the IAM role ARN with the role that you are using.
-+
-[source,shell,subs="verbatim,attributes"]
-----
-aws eks update-addon --cluster-name my-cluster --addon-name vpc-cni --addon-version v1.14.0-eksbuild.3 \
-    --service-account-role-arn {arn-aws}iam::123456789012:role/AmazonEKSVPCCNIRole \
-    --resolve-conflicts PRESERVE --configuration-values '{"enableNetworkPolicy": "true"}'
-----
-
 ====
 
 [#cni-network-policy-setup-procedure-self-managed-add-on]
@@ -306,4 +299,4 @@ You can now deploy Kubernetes network policies to your cluster.
 
 To implement Kubernetes network policies you create Kubernetes `NetworkPolicy` objects and deploy them to your cluster. `NetworkPolicy` objects are scoped to a namespace. You implement policies to allow or deny traffic between Pods based on label selectors, namespaces, and IP address ranges. For more information about creating `NetworkPolicy` objects, see https://kubernetes.io/docs/concepts/services-networking/network-policies/#networkpolicy-resource[Network Policies] in the Kubernetes documentation.
 
-Enforcement of Kubernetes `NetworkPolicy` objects is implemented using the Extended Berkeley Packet Filter (eBPF). Relative to `iptables` based implementations, it offers lower latency and performance characteristics, including reduced CPU utilization and avoiding sequential lookups. Additionally, eBPF probes provide access to context rich data that helps debug complex kernel level issues and improve observability. Amazon EKS supports an eBPF-based exporter that leverages the probes to log policy results on each node and export the data to external log collectors to aid in debugging. For more information, see the https://ebpf.io/what-is-ebpf/#what-is-ebpf[eBPF documentation].
+Enforcement of Kubernetes `NetworkPolicy` objects is implemented using the Extended Berkeley Packet Filter (eBPF). Relative to `iptables` based implementations, it offers lower latency and performance characteristics, including reduced CPU utilization and avoiding sequential lookups. Additionally, eBPF probes provide access to context rich data that helps debug complex kernel level issues and improve observability. Amazon EKS supports an eBPF-based exporter that leverages the probes to log policy results on each node and export the data to external log collectors to aid in debugging. For more information, see the https://ebpf.io/what-is-ebpf/#what-is-ebpf[eBPF documentation].
@@ -42,7 +42,7 @@ Network policy logs require an additional 1 vCPU for the `aws-network-policy-age
 .. In the left navigation pane, select *Clusters*, and then select the name of the cluster that you want to configure the Amazon VPC CNI add-on for.
 .. Choose the *Add-ons* tab.
 .. Select the box in the top right of the add-on box and then choose *Edit*.
-.. On the *Configure [.replaceable]`name of addon`* page:
+.. On the *Configure [.replaceable]`Amazon VPC CNI`* page:
 +
 ... Select a `v1.14.0-eksbuild.3` or later version in the *Version* dropdown list.
 ... Expand the *Optional configuration settings*.
@@ -162,7 +162,7 @@ Only the network policy logs are sent by the node agent. Other logs made by the
 .. In the left navigation pane, select *Clusters*, and then select the name of the cluster that you want to configure the Amazon VPC CNI add-on for.
 .. Choose the *Add-ons* tab.
 .. Select the box in the top right of the add-on box and then choose *Edit*.
-.. On the *Configure [.replaceable]`name of addon`* page:
+.. On the *Configure [.replaceable]`Amazon VPC CNI`* page:
 +
 ... Select a `v1.14.0-eksbuild.3` or later version in the *Version* dropdown list.
 ... Expand the *Optional configuration settings*.