Wednesday, August 10, 2022

Create Amazon EKS cluster by Terraform | How to create Amazon EKS cluster in AWS cloud using Terraform | Create EKS Cluster using Terraform

What is Amazon EKS

Amazon EKS is a fully managed container orchestration service. EKS allows you to quickly deploy a production ready Kubernetes cluster in AWS, deploy and manage containerized applications more easily with a fully managed Kubernetes service. Kubernetes is an open-source system for automating deployment, scaling, and management of containerized applications.

EKS takes care of master node/control plane. We need to create worker nodes.

You can create EKS cluster with following node types:
  • Managed nodes -  Linux - Amazon EC2 instances
  • Fargate - Serverless
We will learn how to create EKS cluster based on Managed nodes (EC2 instances).

EKS cluster can be created in following different ways

1. AWS console
3. eksctl command
4. using Terraform

We will create EKS cluster nodes using Terraform.


This Lab is using an EC2 instance with following configured:

Create IAM Role with Administrator Access

You need to create an IAM role with AdministratorAccess policy.
Go to AWS console, IAM, click on Roles. create a role

Select AWS services, Click EC2, Click on Next permissions.
 Now search for AdministratorAccess policy and click

Skip on create tag.
Now give a role name and create it.

Assign the role to EC2 instance
Go to AWS console, click on EC2, select EC2 instance, Choose Security.
Click on Modify IAM Role

Choose the role you have created from the dropdown.
Select the role and click on Apply.

Create Terraform files

sudo vi

 variable "subnet_id_1" {
  type = string
  default = "subnet-ec90408a"

 variable "subnet_id_2" {
  type = string
  default = "subnet-0a911b04"

 variable "cluster_name" {
  type = string
  default = "my-eks-cluster"

sudo vi

terraform {
 required_providers {
  aws = {
   source = "hashicorp/aws"

resource "aws_iam_role" "eks-iam-role" {
 name = "devops-eks-iam-role"

 path = "/"

 assume_role_policy = <<EOF
 "Version": "2012-10-17",
 "Statement": [
   "Effect": "Allow",
   "Principal": {
    "Service": ""
   "Action": "sts:AssumeRole"


resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
 policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
 role    =
resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly-EKS" {
 policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
 role    =

resource "aws_eks_cluster" "my-eks" {
 name = var.cluster_name
 role_arn = aws_iam_role.eks-iam-role.arn

 vpc_config {
  subnet_ids = [var.subnet_id_1, var.subnet_id_2]

 depends_on = [

resource "aws_iam_role" "workernodes" {
  name = "eks-node-group-example"

  assume_role_policy = jsonencode({
   Statement = [{
    Action = "sts:AssumeRole"
    Effect = "Allow"
    Principal = {
     Service = ""
   Version = "2012-10-17"

 resource "aws_iam_role_policy_attachment" "AmazonEKSWorkerNodePolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
  role    =

 resource "aws_iam_role_policy_attachment" "AmazonEKS_CNI_Policy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
  role    =

 resource "aws_iam_role_policy_attachment" "EC2InstanceProfileForImageBuilderECRContainerBuilds" {
  policy_arn = "arn:aws:iam::aws:policy/EC2InstanceProfileForImageBuilderECRContainerBuilds"
  role    =

 resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
  role    =

 resource "aws_eks_node_group" "worker-node-group" {
  cluster_name  =
  node_group_name = "my-workernodes"
  node_role_arn  = aws_iam_role.workernodes.arn
  subnet_ids   = [var.subnet_id_1, var.subnet_id_2]
  instance_types = ["t2.medium"]

  scaling_config {
   desired_size = 2
   max_size   = 2
   min_size   = 1

  depends_on = [

Create EKS Cluster with two worker nodes using Terraform

Now execute the below command:
terraform init

This will initialize terraform working directory.
you should see like below screenshot.

Eecute the below command
terraform plan
the above command will show how many resources will be added.

Plan: 10 to add, 0 to change, 0 to destroy.

Now let's create the EKS cluster:

terraform apply

This will create 10 resources.

Update Kube config

Update Kube config by entering below command:

aws eks update-kubeconfig --name my-eks-cluster --region us-east-1

kubeconfig file be updated under /home/ubuntu/.kube folder.

you can view the kubeconfig file by entering the below command:

cat  /home/ubuntu/.kube/config

Connect to EKS cluster using kubectl commands

To view the list of worker nodes as part of EKS cluster.

kubectl get nodes

kubectl get ns

Deploy Nginx on a Kubernetes Cluster
Let us run some apps to make sure they are deployed to Kubernetes cluster. The below command will create deployment:

kubectl create deployment nginx --image=nginx

View Deployments
kubectl get deployments

Delete EKS Cluster

terraform destroy

the above command should delete the EKS cluster in AWS, it might take a few mins to clean up the cluster.

Errors during Cluster creation
If you are having issues when creating a cluster, try to delete the cluster by executing the below command and re-create it.

you can also delete the cluster under AWS console --> Elastic Kubernetes Service --> Clusters
Click on Delete cluster

No comments:

Post a Comment

DevOps Bootcamp Aug 2024 Schedule | DevOps & AWS Azure Cloud Coaching by Coach AK | DevOps and Cloud Computing Online Classes

  (Lot of new topics covered like GitHub Actions, Helm and Monitoring..) The DevOps requirements in the IT market space is expected to grow ...