Terraform + Amazon EKS








Hello Readers, hope you all are doing good. We cannot deny the fact that every technical enthusiast is crazy for kubernetes and in simple words , it has revolutionized the use of containerization when it comes to application deployment.


There are number of ways to use kubernetes, some of them are as below-


  • Vanilla Kubernetes built via kubeadm

  • Kubernetes with cloud platform ( Amazon EKS , Azure AKS and Google GKE)

  • Kubernetes deployed via KOPS, Rancher and other tools available.


Also touching upon the concept of IAC i.e infrastructure as a code, now a days people are too lazy to do anything manually , no one wants to login to the console and do multiple clicks to get the work done.

So today we are going to learn , how to deploy a 3 node Amazon EKS cluster with terraform.


What is EKS ?


  • Amazon Elastic Kubernetes Service (Amazon EKS) is a fully managed Kubernetes service.

  • EKS is deeply integrated with services such as Amazon CloudWatch, Auto Scaling Groups, AWS Identity and Access Management (IAM), and Amazon Virtual Private Cloud (VPC), providing you a seamless experience to monitor, scale, and load-balance your applications.

  • EKS integrates with AWS App Mesh and provides a Kubernetes native experience to consume service mesh features and bring rich observability, traffic controls and security features to applications.

  • Additionally, EKS provides a scale able and highly-available control plane that runs across multiple availability zones to eliminate a single point of failure.

  • EKS runs upstream Kubernetes and is certified Kubernetes conformant so you can leverage all benefits of open source tooling from the community. You can also easily migrate any standard Kubernetes application to EKS without needing to refactor your code.

  • EKS is secure by default.

  • EKS is well supported by EKS-optimized AMIs which have all the pre-requisite software already installed that makes worker nodes deployed with these AMIs compatible with the cluster and come in all packages pre-installed such as kubectl, docker, IAM authenticator etc.

  • EKS supports use of spot instances in launching the worker nodes which in turn save cost.

  • EKS provides a managed control plane, basic architecture look like below.



  • EKS provides k8s master nodes, API server, etcd layers etc.

  • 3 masters and 3 etcd nodes by default

  • Backups, etcd snapshots, autos scaling included

  • You provision and manage the EC2 worker nodes

  • Masters and etcd are multi AZ ( Availability Zone)

  • EKS scales master nodes for you

  • EKS networking (CNI plugin) works closely with amazon VPC and provision the networking so that pods and other Kubernetes objects can talk to each other.




Configure the EKS cluster with Terraform


For sure we can create an EKS cluster using console but here we are going to follow a production grade method i.e we will deploy EKS with terraform. Follow the below instructions to get your cluster up and running.


  • Login to a CentOS 7 machine with a user having sudo permissions


yum install epel-release -y
yum install python-pip -y
pip install awscli
yum install wget unzip  -y
yum install git -y

  • Download and configure terraform binary as well as the code for EKS cluster


wget https://releases.hashicorp.com/terraform/0.12.29/terraform_0.12.29_linux_amd64.zip -y
unzip terraform_0.12.28_linux_amd64.zip
mv terraform /usr/local/bin/
git clone https://github.com/linuxadvise/eks-terraform.git

  • Configure AWS credentials of an IAM user with admin permissions. We are using admin user just because it’s a demo, while working in production environment we need to provide only necessary level of access.



NOTE : It is not at all permissible to show your AWS keys publicly but this is just to show you in real time , how it is done. This key pair has already been rotated.


  • Now go to the directory where terraform code is there and execute below three commands.


terraform init
terraform plan
terraform apply 

  • This code will create a 3 node EKS cluster in ap-south-1 region

  • After the command finishes executing, output will be like below.

NOTE: Please read the README file from the code files for better understanding.



  • Download and configure kubectl


curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl

  • Download IAM authenticator


wget curl -o aws-iam-authenticator https://amazon-eks.s3.us-west-2.amazonaws.com/1.16.8/2020-04-16/bin/linux/amd64/aws-iam-authenticator
chmod +x aws-iam-authenticator
mv aws-iam-authenticator /usr/bin

  • Now execute the below commands to generate the kubeconfig file.


aws sts get-caller-identity
aws eks --region ap-south-1 update-kubeconfig --name terraform-eks-demo

  • Run the below command to access the cluster


[linuxadvise@linuxadvise .kube]$ kubectl get nodes
NAME  STATUS ROLES AGE VERSION
ip-10-0-0-212.ap-south-1.compute.internal Ready <none> 42m v1.16.12-eks-904af05
ip-10-0-1-42.ap-south-1.compute.internal Ready <none> 42m v1.16.12-eks-904af05
ip-10-0-1-77.ap-south-1.compute.internal Ready <none> 42m v1.16.12-eks-904af05
[linuxadvise@linuxadvise .kube]$

Hope you liked the article. Happy Learning.


If you are new to Terraform , please click here to study Terraform.

You can also try deploying EKS with Rancher






469 views2 comments

Recent Posts

See All