✅ AWS Gateway API Controller Setup Verification Checklist for Kubernetes Gateway API (EKS)
This guide ensures a full production-ready setup for AWS Gateway API Controller integrated with Amazon VPC Lattice and Kubernetes Gateway API. It includes installation, configuration, network validation, and health check debugging.
✅ AWS Gateway API Controller Setup Verification Checklist
📦 A. Cluster & Core Setup
| Checkpoint | Command | Expected Output |
|---|---|---|
| ✅ EKS cluster is running | kubectl get nodes | Shows Ready nodes |
| ✅ Correct context set | kubectl config current-context | Matches your EKS cluster |
| ✅ Kubernetes version | kubectl version --short | Server >= 1.24 |
🧱 B. Kubernetes Gateway API Installed
| Checkpoint | Command | Expected Output |
|---|---|---|
| ✅ Gateway CRDs installed | `kubectl get crds | grep gateway.networking.k8s.io` |
| ✅ Gateway API version supported | kubectl get gatewayclass | Returns valid list |
🔌 C. AWS Gateway API Controller Installed
| Checkpoint | Command | Expected Output |
|---|---|---|
| ✅ Controller pods running | kubectl get pods -n aws-application-networking-system | Pods show Running |
| ✅ Helm chart installed | helm list -n aws-application-networking-system | Includes gateway-api-controller |
| ✅ GatewayClass registered | kubectl get gatewayclass | Name: amazon-vpc-lattice, Controller: application-networking.k8s.aws/gateway-api-controller |
🔐 D. IAM / IRSA / Permissions
| Checkpoint | Command | Expected Output |
|---|---|---|
| ✅ OIDC provider enabled | eksctl utils associate-iam-oidc-provider ... | OIDC provider is associated |
| ✅ IAM policy created | `aws iam list-policies | grep VPCLatticeControllerIAMPolicy` |
| ✅ IAM role for controller exists | kubectl describe sa -n aws-application-networking-system | Linked with correct role |
🌐 E. VPC Lattice-Specific Setup
| Checkpoint | Command | Expected Output |
|---|---|---|
| ✅ CRDs installed | `kubectl get crds | grep servicenetwork` |
✅ ServiceNetwork exists | kubectl get servicenetworks.application-networking.k8s.aws | my-hotel or similar |
| ✅ Gateway references Service Network | kubectl get servicenetworkattachments.application-networking.k8s.aws | Shows status Active |
| ✅ Gateway programmed | kubectl get gateway <name> -o yaml | status.Programmed: True |
🧪 F. DNS + Public Access
| Checkpoint | Command | Expected Output |
|---|---|---|
| ✅ VPC Lattice service DNS created | aws vpc-lattice list-services + get-service | Shows dnsEntry.domainName |
| ✅ DNS reachable | nslookup <lattice-dns-name> or dig | Resolves to public IP |
| ✅ TLS termination (optional) | Check if tls.mode: Terminate & ACM cert used | HTTPS enabled |
🛠️ G. Readiness for Sample App
| Checkpoint | Notes |
|---|---|
✅ Deployment and Service manifest ready | Your app must have a Kubernetes Service pointing to the Pod |
✅ GRPCRoute or HTTPRoute ready | Should match the Gateway and backend service |
| ✅ Port and Protocols correct | gRPC → port: 443, protocol: GRPC, TLS: Passthrough or Terminate |
✅ You’re Now Production Ready!
Your AWS Gateway API Controller setup is now complete, secure, and operational with VPC Lattice. Perfect for gRPC, HTTP, and future service-to-service connectivity.
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
