Introduction to Terraform

Blog 8 mins reading time

Creating Your First AWS EKS Cluster with Terraform (Part 3/3)

Now let’s get a  little deeper into the more technical part. let’s assume you’ve just launched a new application idea. It’s scalable, it’s modern, and it’s powered by containers. Kubernetes feels like the perfect orchestration tool to bring this dream to life. But then reality hits—managing Kubernetes clusters is complex, and you need a simple yet robust way to deploy them. Enter AWS EKS and Terraform.

(You can find an introduction to EKS and Terraform here.)

In this article, I’ll walk you through creating your first AWS EKS cluster with Terraform, empowering you to confidently navigate the world of infrastructure as code and Kubernetes management. I am going to mention other components like RDS , VPC that will be needed. Let’s proceed!

Lets understand the overall architecture

AWS EKS Cluster with TerraformFigure 1: Terraform based infrastructure setup

Key Components in the Diagram

  1. Terraform

    • Purpose: Terraform is being used as the Infrastructure as Code (IaC) tool to define and provision the AWS resources depicted in the diagram.

    • Bucket: A state bucket is used to store the Terraform state file, ensuring consistency across deployments.

  2. AWS Cloud

    • The overall infrastructure is deployed within the AWS Cloud.

  3. Virtual Private Cloud (VPC)

    • The VPC is divided into two Availability Zones (AZs) to ensure high availability.

    • Each AZ contains a Public Subnet and a Private Subnet, enabling secure and scalable application deployment.

Elements Inside the VPC

  1. Subnets

    • Public Subnets (Green):

      • Accessible via the Internet Gateway.

      • Contains the NAT Gateways used for private subnet resources to access the internet securely.

    • Private Subnets (Blue):

      • Isolated from direct internet access.

      • Hosts critical application components like EC2 instances, a MySQL database, and a cache node.

  2. Route Tables

    • Each subnet is associated with route tables for traffic management:

      • Public Subnets route traffic through the Internet Gateway.

      • Private Subnets route traffic through the NAT Gateway for secure internet access.

  3. Resources

    • NAT Gateway: Used to enable private subnet resources to connect to the internet without being exposed.

    • Amazon EC2 Instances: Hosts applications or workloads.

    • RDS MySQLDB Instance: Represents a database hosted on Amazon RDS.

    • Cache Node: Represents a caching layer (e.g., Redis or Memcached).

  4. Bastion Host

    • A bastion host is placed in the Public Subnet and acts as a secure entry point to access resources in the Private Subnets. It is protected by a Security Group.

  5. Internet Gateway

    • Connects the VPC to the internet and enables resources in the public subnets to send and receive data from the internet.

Connections and Workflow

  1. Terraform provisions all resources, including:

    • Subnets, route tables, and NAT gateways.

    • EC2 instances, databases, and caching layers.

  2. Resources in the Private Subnet communicate securely with each other, while external internet access for them is routed through the NAT Gateway in the Public Subnet.

  3. The Bastion Host is used for secure administrative access to instances in the Private Subnet.

  4. The Terraform State Bucket ensures infrastructure consistency and tracks changes across deployments.

Prerequisites

Before we begin, ensure you have the following ready:

  1. An AWS account: Guide to setting up and managing IAM permissions for creating resources like EKS clusters. AWS IAM User Guide and Amazon EKS Documentation provide detailed steps.

  2. AWS CLI: Installed and configured with your AWS credentials. AWS CLI Configuration Guide

  3. Terraform: Official Terraform documentation, which includes installation steps for various platforms like Windows, macOS, and Linux. Terraform Installation Guide

  4. A text editor: Like VS Code, IntelliJ, or any IDE of your choice.

Setup a Project Structure

Setup a Project Structure

Step by step guide:

1 . VPC setup
The VPC module defines the networking layer for the infrastructure. EKS clusters require a VPC. Creating a VPC suitable for an AWS EKS cluster involves setting up various network components including subnets, route tables, and security groups. Below is a Terraform example that demonstrates how to create a basic VPC setup for EKS. This setup includes public subnets, private subnets, intra subnets and database subnets for the EKS cluster, which allows your Kubernetes nodes to communicate with the AWS EKS control plane and other AWS services.

vpc.tf

vpc.tf adorsys

Notes on vpc.

  • CIDR: Defines the IP address range for the VPC.

  • AZs: The availability zones where subnets will be deployed.

  • Database Subnets: Specifically allocated for database instances such as RDS, ensuring they are isolated for security.

  • Intra Subnets: Used for internal communication among components like the EKS control plane and worker nodes.

  • NAT Gateway & VPN Gateway:

    • NAT Gateway: Allows resources in private subnets to access the internet without exposing them directly.

    • VPN Gateway: Enables secure connectivity with on-premises networks.

  • Subnet Tags (lines 21–22): These tags help AWS identify the role of each subnet, which is important for load balancer configuration and other integrations.

  • tags: The tags merge local tags with a special Kubernetes tag to indicate shared cluster resources.

2. E.K.S  setup

The EKS module provisions the Kubernetes control plane, worker nodes, and associated IAM roles. Below is a Terraform example that demonstrates how to create an EKS cluster using the official AWS EKS module.

eks.tf

E.K.S setup

Notes on eks.tf

  • enable_efa_support: Enables AWS’s Elastic Fabric Adapter, which improves networking performance for certain high-performance applications.

  • create_cloudwatch_log_group: When enabled, logs from the EKS cluster will be sent to Amazon CloudWatch for monitoring.

  • Node Group Name: Updated to “my_project” to keep naming consistent and parameterized if needed.

 

3. RDS setup

This section details the configuration of an Amazon RDS (Relational Database Service) instance using Terraform.

rds.tf

rds.tf adorsys

4. Provider setup

The provider.tf file specifies the cloud provider(s) and APIs Terraform interacts with to create and manage infrastructure.

provider.tf

provider.tf

Applying Terraform Code

Once the files are ready, it’s time to initialize, validate, and apply the configuration:

  1. Initialize Terraform:

Run   terraform init  to download the necessary providers and modules.

  1. Validate the Configuration:

Run  terraform plan  this validates the configuration and ensures there are no syntax errors or misconfigurations. It will give  you a preview of the changes Terraform plans to apply.

  1. Apply the Configuration:

Run terraform apply  to deploy the EKS cluster. You’ll be prompted to confirm the action.

Accessing Your EKS Cluster

After successful deployment, Terraform will output key information, including the cluster name and endpoint. You can configure `kubectl` to access the cluster:

  1. Update your kubeconfig:
    Accessing Your EKS Cluster 1

  1. Verify the connection:
    Accessing Your EKS Cluster 2

You should see the nodes in your cluster listed.

What’s Next?

Congratulations! You’ve successfully deployed your first EKS cluster using Terraform. From here, you can:

  • Deploy Kubernetes applications using Helm charts.

  • Integrate EKS add-ons like CoreDNS and Cluster Autoscaler.

  • Scale your infrastructure based on application demand.

I have walked through the process of deploying an EKS (Elastic Kubernetes Service) cluster using Terraform, providing a solid foundation for managing Kubernetes clusters in the AWS cloud. By following the steps outlined—initializing Terraform, validating your configuration, applying the changes, and accessing the cluster with kubectl—you’ve learned how to set up and interact with an EKS environment that can scale and manage containerized applications efficiently.

  1. Terraform Documentation: Learn Terraform
    The official Terraform documentation is a comprehensive guide covering everything from basic concepts to advanced modules and integrations. Terraform Documentation
  2. AWS EKS Documentation: EKS Getting Started
    AWS offers detailed documentation for setting up, managing, and scaling EKS clusters, including best practices and troubleshooting tips. EKS Getting Started Guide
  3. Kubernetes Documentation: Kubernetes Official Docs
    Kubernetes’ official documentation is the best place to dive deeper into concepts like pod management, services, deployments, and more advanced topics like Helm charts and StatefulSets. Kubernetes Official Documentation
  4. Helm Charts for Kubernetes: Helm Documentation
    Helm simplifies Kubernetes deployments. Explore how to use Helm to deploy complex applications to your EKS cluster. Helm Documentation
  5. AWS Certified Solutions Architect – Associate: Certification Prep
    If you want to deepen your AWS skills, this certification can help you understand how to design and deploy scalable systems on AWS. AWS Certified Solutions Architect – Associate

As you continue your cloud-native journey, leveraging infrastructure-as-code with Terraform and Kubernetes on AWS will open up numerous possibilities for automating and scaling your applications. Remember, the world of cloud infrastructure is vast and constantly evolving. Whether you’re just starting with EKS or looking to deepen your knowledge, there’s always more to explore.

Here are some additional learning resources to help you take your skills further:

Thank you for following this article series. I hope you found it valuable as you continue to grow in your cloud and DevOps journey. Stay curious, and don’t hesitate to revisit these resources as you expand your knowledge and tackle new challenges!

Good luck with your future projects, and happy cloud building!

Written by Hans Chia, Software Engineer at adorsys.

Next Post: