In the world of AWS infrastructure orchestration, Terraform stands as a robust solution for managing resources effortlessly. Here, we'll explore step-by-step how to set up an EKS cluster on AWS, starting with configuring AWS settings and roles, creating necessary setups like VPCs, and finally crafting an EKS cluster using Terraform. You'll discover how Terraform simplifies this process, making AWS infrastructure management much more straightforward.
AWS Provider Configuration
We'll configure the provider and set the region, ensuring we add the required version for the AWS provider. Here, we've chosen the AWS provider and specifically mentioned the us-east-1 region.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = "us-east-1"
}
IAM Role for EKS Cluster
Here, we'll create an IAM role for our EKS cluster, which will be assumed by the EKS service itself, allowing EKS to perform actions within our AWS account. This role will be linked to the AmazonEKSClusterPolicy.
resource "aws_iam_role" "eks_cluster" {
name = "eks-cluster-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [
{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "eks.amazonaws.com"
}
}
]
})
}
resource "aws_iam_policy_attachment" "eks_cluster_policy" {
name = "eks-cluster-policy"
roles = [aws_iam_role.eks_cluster.name]
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
}
Default VPC and Public Subnets:
Next, we'll set up the default VPC and public subnets. We'll fetch details about the default VPC and identify its public subnets. The EKS cluster will be deployed within this default VPC.
data "aws_vpc" "default" {
default = true
}
data "aws_subnets" "public" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default.id]
}
filter {
name = "availabilityZone"
values = ["us-east-1a", "us-east-1b", "us-east-1c", "us-east-1d", "us-east-1f"]
}
}
AWS EKS Cluster:
Now, let's create the AWS EKS cluster. This will set up an Amazon EKS cluster named 'my_eks_cluster' in the specified VPC and public subnets. It relies on the IAM role being connected to the cluster.
resource "aws_eks_cluster" "eks" {
name = "my-eks-cluster"
role_arn = aws_iam_role.eks_cluster.arn
vpc_config {
subnet_ids = data.aws_subnets.public.ids
}
}
IAM Role for EKS Node Group
Then, we'll create an IAM role for the node group in EKS. After that, we'll attach policies to the IAM role for the EKS node group.
resource "aws_iam_role" "example" {
name = "eks-node-group-example"
assume_role_policy = jsonencode({
Statement = [{
Action = "sts:AssumeRole"
Effect = "Allow"
Principal = {
Service = "ec2.amazonaws.com"
}
}]
Version = "2012-10-17"
})
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKSWorkerNodePolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
role = aws_iam_role.example.name
}
resource "aws_iam_role_policy_attachment" "example-AmazonEKS_CNI_Policy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
role = aws_iam_role.example.name
}
resource "aws_iam_role_policy_attachment" "example-AmazonEC2ContainerRegistryReadOnly" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
role = aws_iam_role.example.name
}
Create EKS Node Group
Now we wille create an EKS node group associated with the specified EKS cluster, using the IAM role, subnets, and instance configuration
resource "aws_eks_node_group" "example" {
cluster_name = aws_eks_cluster.eks.name
node_group_name = "managed-nodes"
node_role_arn = aws_iam_role.example.arn
subnet_ids = data.aws_subnets.public.ids
scaling_config {
desired_size = 1
max_size = 2
min_size = 1
}
instance_types = ["t2.micro"]
depends_on = [
aws_iam_role_policy_attachment.example-AmazonEKSWorkerNodePolicy,
aws_iam_role_policy_attachment.example-AmazonEKS_CNI_Policy,
aws_iam_role_policy_attachment.example-AmazonEC2ContainerRegistryReadOnly,
aws_eks_cluster.eks
]
}
Now, we'll initialize our setup by running the 'terraform init' command.
Great, it seems like Terraform has been successfully initialized. Next, we'll execute the 'terraform plan' command to review the changes that will occur in our infrastructure. It's a good practice to run 'terraform plan' after 'terraform init' to see the infrastructure changes beforehand.
If everything looks good, we'll proceed with the 'terraform apply' command. Terraform will request confirmation before implementing any changes. If everything seems accurate, type 'yes' and press enter.
Looks like everything is in progress, including the IAM role, role policy, and EKS cluster creation. Let's wait for a while to see what's happening...
Wow!! Congratulations, our cluster has been created.
Now, let's check if the EKS cluster has been created properly. When we click on the cluster, we'll be able to see the cluster's details. Upon clicking, we find that within the cluster, a node group has been created and attached with an IAM role. Additionally, the instance types we provided in our code for desired capacity, maximum, and minimum size are all displaying perfectly. This means our EKS cluster has been successfully created.
Destroy Your Infrastructure
Lastly, when our task is completed, we might want to destroy the resources to avoid unnecessary costs. Terraform simplifies this process with the 'destroy' command, which deletes the existing resources determined from the Terraform files.
To execute this, simply type 'terraform destroy' and hit enter.
In conclusion, our journey through Terraform orchestration within the AWS environment has culminated in the successful creation of IAM roles, EKS clusters, and associated resources. The power of infrastructure-as-code, utilizing Terraform, has enabled swift resource deployment and efficient management. This hands-on experience sheds light on the ease and agility that comes with managing cloud infrastructure using robust orchestration tools like Terraform.
Thank you for reading this blog. If you found this blog helpful, please like, share, and follow me for more blog posts like this in the future.
— Happy Learning !!!
Let’s connect !!!