Skip to main content
HashnodeShreyash Bhise's blog

Command Palette

Search for a command to run...

Provisioning AWS EKS with Terraform

Updated
3 min read
Provisioning AWS EKS with Terraform
S
Shreyash Bhise

*Shreyash Bhise | Aspiring Mern Stack Developer and DevOps enthusiast,

Certainly! Let's go through each step in your Terraform configuration to understand what each section is doing.

Step 1: AWS Provider Configuration

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 5.0"
    }
  }
}

provider "aws" {
  region = "us-east-1"
}

This section sets up the AWS provider, specifying the AWS region as "ap-south-1" and ensuring that the required version of the AWS provider is used.

Step 2: IAM Role for EKS Cluster

data "aws_iam_policy_document" "assume_role" {
  statement {
    effect = "Allow"
    principals {
      type        = "Service"
      identifiers = ["eks.amazonaws.com"]
    }
    actions = ["sts:AssumeRole"]
  }
}

resource "aws_iam_role" "example" {
  name               = "eks-cluster-kubernetes"
  assume_role_policy = data.aws_iam_policy_document.assume_role.json
}

resource "aws_iam_role_policy_attachment" "example-AmazonEKSClusterPolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
  role       = aws_iam_role.example.name
}

In this step, an IAM role (eks-cluster-kubernetes) is created with a policy allowing Amazon EKS to assume this role. The role is attached to the policy AmazonEKSClusterPolicy.

Step 3: Enable Security Groups for Pods (Optional)

resource "aws_iam_role_policy_attachment" "example-AmazonEKSVPCResourceController" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"
  role       = aws_iam_role.example.name
}

This attaches the policy AmazonEKSVPCResourceController to the IAM role. It's optional and related to enabling Security Groups for Pods.

Step 4: Create VPC

data "aws_vpc" "default" {
  default = true
}

This fetches information about the default VPC in the specified region.

Step 5: Get the Public Subnet for Cluster

data "aws_subnets" "public" {
  filter {
    name   = "vpc-id"
    values = [data.aws_vpc.default.id]
  }
}

This retrieves information about public subnets associated with the default VPC.

Step 6: EKS Cluster Provisioning

resource "aws_eks_cluster" "example" {
  name     = "eks_demo_cluster"
  role_arn = aws_iam_role.example.arn

  vpc_config {
    subnet_ids = data.aws_subnets.public.ids
  }

  depends_on = [
    aws_iam_role_policy_attachment.example-AmazonEKSClusterPolicy,
  ]
}

This provisions an Amazon EKS cluster named "eks_demo_cluster" in the specified VPC and public subnets. It depends on the IAM role being attached to the cluster.

Step 7: IAM Role for EKS Node Group

resource "aws_iam_role" "example1" {
  name = "eks-node-group"

  assume_role_policy = jsonencode({
    Statement = [{
      Action = "sts:AssumeRole"
      Effect = "Allow"
      Principal = {
        Service = "ec2.amazonaws.com"
      }
    }]
    Version = "2012-10-17"
  })
}

This creates an IAM role (eks-node-group-demo-cloud) for the EKS node group.

Step 8: Attach Policies to IAM Role for EKS Node Group

resource "aws_iam_role_policy_attachment" "example-AmazonEKSWorkerNodePolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
  role       = aws_iam_role.example1.name
}

resource "aws_iam_role_policy_attachment" "example-AmazonEKS_CNI_Policy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
  role       = aws_iam_role.example1.name
}

resource "aws_iam_role_policy_attachment" "example-AmazonEC2ContainerRegistryReadOnly" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
  role       = aws_iam_role.example1.name
}

These resources attach policies to the IAM role created for the EKS node group.

Step 9: Create EKS Node Group

resource "aws_eks_node_group" "example" {
  cluster_name    = aws_eks_cluster.example.name
  node_group_name = "example"
  node_role_arn   = aws_iam_role.example1.arn
  subnet_ids      = data.aws_subnets.public.ids

  scaling_config {
    desired_size = 1
    max_size     = 2
    min_size     = 1
  }
  instance_types = ["t2.micro"]

  depends_on = [
    aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy,
    aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy,
    aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly,
  ]
}

This creates an EKS node group associated with the specified EKS cluster, using the IAM role, subnets, and instance configuration.

These steps collectively set up an Amazon EKS cluster with associated IAM roles, policies, and a node group. The configurations define the necessary components to run and manage an EKS environment.

#provisioning-aws-eks-with-terraform

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

Shreyash Bhise's blog

55 posts