This session covers how a Kubernetes cluster can be run over multiple AWS accounts to separate the control plane from the worker nodes and increase security, separate concerns, and isolate workloads. Amazon Elastic Container Service for Kubernetes (Amazon EKS) manages the Kubernetes control plane and recommends that customers launch worker nodes in their accounts. We cover in detail how we made this topology possible, the challenges we faced, and how we solved it.