Table of contents
Project description
The project is about provisioning the AWS EKS cluster using HCL scripting. Along with this all the required dependent resources like VPC, Subnet, Route table, IAM policies, etc, are to be spun up using Terraform. Terraform is an open-source infrastructure as code (IaC) tool developed by HashiCorp. It allows to define and provision of infrastructure resources in a declarative manner using a high-level configuration language. With Terraform, you can manage resources across various cloud providers, as well as on-premises infrastructure.
Pre-requisites
Install Terraform in your local system or in AWS EC2 instance.
Create an IAM user with the required policy and connect with VS Code in the local system or with the AWS EC2 instance.
Project Steps
Define the provider required for the Terraform script for spinning resources. This will contain the region in which the resources will be spun up.
# Define AWS provider provider "aws" { region = "eu-west-2" }Create VPC required for the AWS resource spin-up.
# Create VPC resource "aws_vpc" "eks_vpc" { cidr_block = "10.0.0.0/16" }Create the internet gateway required as a dependency for creating the resource.
# Create internet gateway resource "aws_internet_gateway" "eks_igw" { vpc_id = aws_vpc.eks_vpc.id }Create subnets in different AZs.
# Create subnets in different AZs resource "aws_subnet" "eks_subnet_1" { vpc_id = aws_vpc.eks_vpc.id cidr_block = "10.0.0.0/24" availability_zone = "eu-west-2a" } resource "aws_subnet" "eks_subnet_2" { vpc_id = aws_vpc.eks_vpc.id cidr_block = "10.0.1.0/24" availability_zone = "eu-west-2b" }Use the internet gateway, VPC and subnet to create a route table in AWS.
# Create route table and associate with subnets resource "aws_route_table" "eks_route_table" { vpc_id = aws_vpc.eks_vpc.id route { cidr_block = "0.0.0.0/0" gateway_id = aws_internet_gateway.eks_igw.id } } resource "aws_route_table_association" "eks_route_table_association_1" { subnet_id = aws_subnet.eks_subnet_1.id route_table_id = aws_route_table.eks_route_table.id } resource "aws_route_table_association" "eks_route_table_association_2" { subnet_id = aws_subnet.eks_subnet_2.id route_table_id = aws_route_table.eks_route_table.id }Create a security group to provision Ingress and Egress rules in AWS to access the resource.
# Create security group for EKS cluster resource "aws_security_group" "eks_sg" { name = "eks-cluster-sg" description = "Security group for EKS cluster" vpc_id = aws_vpc.eks_vpc.id ingress { from_port = 443 to_port = 443 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }Create an IAM role and attach appropriate policies for accessing EKS cluster in AWS.
# Create IAM role for EKS cluster resource "aws_iam_role" "my_eks_role" { name = "my-eks-role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "Service": "eks.amazonaws.com" }, "Action": "sts:AssumeRole" } ] } EOF } # Attach policies to the IAM role resource "aws_iam_role_policy_attachment" "my_eks_role_policy" { role = aws_iam_role.my_eks_role.name policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy" }Finally, write the script to provision the EKS cluster.
# Create EKS cluster resource "aws_eks_cluster" "my_eks_cluster" { name = "my-eks-cluster" role_arn = aws_iam_role.my_eks_role.arn vpc_config { subnet_ids = [aws_subnet.eks_subnet_1.id, aws_subnet.eks_subnet_2.id] security_group_ids = [aws_security_group.eks_sg.id] } }Initialise terraform to make sure all required providers are installed.
Now, apply the terraform file to provision all the resources in AWS.
Now, navigate to AWS eu-west-2 region and navigate to EKS to view the cluster.
Thanks for reading my article. Have a nice day.
You can follow me on LinkedIn for my daily updates:- linkedin.com/in/bandan-kumar-sahoo-131412203