shivani singh- January 14, 2023
Steps to Create EKS Cluster & Node Group Role on AWS using Terraform
Hello,In this blog we are discussing how to create eks cluster & node-group role on aws using Terraform.Terraform helps to create IAM role for eks cluster & node -group on aws console.It is an open source infrastructure setup tool,which is created by HashiCorp.
There are some steps to create eks cluster & node-group role using Terraform:
Step 1: Update the System.
apt-get update
Step 2: First Install Terraform on system so click on Link https://www.hackerxone.com/2021/05/06/how-install-configure-terraform-ubuntu/
- Check terraform version.
terraform version
Step 3: Create a folder.
mkdir project
Step 4: To change the directory & Create a .tf file.
cd project
- Create a file & write the terraform code to create EKS & NodeGroup Role on AWS.
vim eks-role.tf
- Paste the following code:
provider "aws" {
region = "type-region"
access_key = "type_aws_access_key"
secret_key = "type_aws_secret_key"
}
# Creating IAM role for Kubernetes clusters to make calls to other AWS services on your behalf to manage the resources that you use with the service.
resource "aws_iam_role" "iam-role-eks-cluster" {
name = "type-ekscluster-role-name"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
POLICY
}
# Attaching the EKS-Cluster policies to the terraformekscluster role.
resource "aws_iam_role_policy_attachment" "eks-cluster-AmazonEKSClusterPolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
role = "${aws_iam_role.iam-role-eks-cluster.name}"
}
# Creating IAM role for EKS nodes to work with other AWS Services.
resource "aws_iam_role" "eks_nodes" {
name = "type-nodegroup-role-name"
assume_role_policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
POLICY
}
# Attaching the different Policies to Node Members.
resource "aws_iam_role_policy_attachment" "AmazonEKSWorkerNodePolicy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy"
role = aws_iam_role.eks_nodes.name
}
resource "aws_iam_role_policy_attachment" "AmazonEKS_CNI_Policy" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy"
role = aws_iam_role.eks_nodes.name
}
resource "aws_iam_role_policy_attachment" "AmazonEC2ContainerRegistryReadOnly" {
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly"
role = aws_iam_role.eks_nodes.name
}
Step 5: To Initialize the working directory.
terraform init
- Here is the command output.
- To check the configuration.
terraform plan
- Here is the command output.
- To verify the configuration.
terraform validate
- Here is the command output.
root@ip-172-31-40-83:/home/ubuntu/project# terraform validate
Success! The configuration is valid.
- To run the code.
terraform apply
- Here is the command output.
- Type yes & Enter.
- Finally,EKS & Node-group Role created.
Step 6: Open AWS Console.
- Go to IAM Service.
- Click on Role & check the created role name.
- To delete the role.
terraform destroy