AWS has integrated Argo CD as a managed capability for its EKS Kubernetes platform, announced at re:Invent 2025. This allows teams to deploy GitOps workflows directly from the EKS console or via IaC. The capability uses a new service principal, `capabilities.eks.amazonaws.com`, and requires creating an IAM role with a specific trust policy to act on the cluster's behalf.

Setup involves configuring AWS Identity Centre for single sign-on and mapping users or groups to Argo CD RBAC roles (Admin, Editor, Viewer). While the console offers a quick path, the post details a full CloudFormation template approach. A critical first step is attaching the `AWSSecretsManagerClientReadOnlyAccess` managed policy to the capability role for initial access to secrets.

After deployment, the capability adds Argo CD's core Custom Resource Definitions (CRDs) to the cluster. However, the default access policies may lack permissions for listing cluster-scoped resources like PersistentVolumes. The guide notes that developers must associate an additional policy, such as `AmazonEKSClusterAdminPolicy`, to the capability's access entry for full functionality and successful application syncing.