Verifying the Prerequisites

Prerequisites for configuring Protegrity Anonymization API on Amazon Elastic Kubernetes Service (EKS).

Ensure that the following prerequisites are met:

  • Base machine - This might be a Linux machine instance that is used to communicate with the Kubernetes cluster. This instance can be on-premise or on AWS. Ensure that Helm is installed on this Linux instance. You must also install Docker on this Linux instance to communicate with the Container Registry, where you want to upload the Docker images.

    For more information about the minimum hardware requirements, refer to the section Prerequisites for Deploying the Protegrity Anonymization API.

  • Access to an AWS account.

  • Permissions to create a Kubernetes cluster.

  • IAM user:

    • Required to create the Kubernetes cluster. This user requires the following policy permissions managed by AWS:

      • AmazonEC2FullAccess
      • AmazonEKSClusterPolicy
      • AmazonS3FullAccess
      • AmazonSSMFullAccess
      • AmazonEKSServicePolicy
      • AmazonEKS_CNI_Policy
      • AWSCloudFormationFullAccess
      • Custom policy that allows the user to create a new role and an instance profile, retrieve information regarding a role and an instance profile, attach a policy to the specified IAM role, and so on. The following actions must be permitted on the IAM service:
        • GetInstanceProfile
        • GetRole
        • AddRoleToInstanceProfile
        • CreateInstanceProfile
        • CreateRole
        • PassRole
        • AttachRolePolicy
      • Custom policy that allows the user to delete a role and an instance profile, detach a policy from a specified role, delete a policy from the specified role, remove an IAM role from the specified EC2 instance profile, and so on. The following actions must be permitted on the IAM service:
        • GetOpenIDConnectProvider
        • CreateOpenIDConnectProvider
        • DeleteInstanceProfile
        • DeleteRole
        • RemoveRoleFromInstanceProfile
        • DeleteRolePolicy
        • DetachRolePolicy
        • PutRolePolicy
      • Custom policy that allows the user to manage EKS clusters. The following actions must be permitted on the EKS service:
        • ListClusters
        • ListNodegroups
        • ListTagsForResource
        • ListUpdates
        • DescribeCluster
        • DescribeNodegroup
        • DescribeUpdate
        • CreateCluster
        • CreateNodegroup
        • DeleteCluster
        • DeleteNodegroup
        • UpdateClusterConfig
        • UpdateClusterVersion
        • UpdateNodegroupConfig
        • UpdateNodegroupVersion

      For more information about creating an IAM user, refer to Creating an IAM User in Your AWS Account. Contact your system administrator to create the IAM users.

      For more information about the AWS-specific permissions, refer to API Reference document for Amazon EKS.

  • Access to the Amazon Elastic Kubernetes Service (EKS) to create a Kubernetes cluster.

  • Access to the AWS Elastic Container Registry (ECR) to upload the Protegrity Anonymization API image.


Last modified : February 18, 2026