{"id":15157915,"url":"https://github.com/JaredPersonalOrganization/AWS-EKS-AURORA","last_synced_at":"2025-10-24T14:31:15.554Z","repository":{"id":256253164,"uuid":"854319243","full_name":"JaredPersonalOrganization/AWS-EKS-AURORA","owner":"JaredPersonalOrganization","description":"AWS Kubernetes Cluster with an Aurora Serverless V2 PostgreSQL DB ","archived":false,"fork":false,"pushed_at":"2024-11-02T20:20:29.000Z","size":715,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-02T15:51:16.232Z","etag":null,"topics":["aws","aws-cdk","eks","eksctl","golang","kubernetes","postgresql","sql"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JaredPersonalOrganization.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-09-09T00:15:39.000Z","updated_at":"2024-11-02T23:24:38.000Z","dependencies_parsed_at":"2024-09-09T21:44:33.277Z","dependency_job_id":"ee245dea-32c0-4b02-95ec-ca16309d9b76","html_url":"https://github.com/JaredPersonalOrganization/AWS-EKS-AURORA","commit_stats":{"total_commits":15,"total_committers":2,"mean_commits":7.5,"dds":0.06666666666666665,"last_synced_commit":"40eb251efdbfcac02ca36bafcd395a262bd2f604"},"previous_names":["jaredhane98/aws-eks-aurora","jaredpersonalorganization/aws-eks-aurora"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JaredPersonalOrganization%2FAWS-EKS-AURORA","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JaredPersonalOrganization%2FAWS-EKS-AURORA/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JaredPersonalOrganization%2FAWS-EKS-AURORA/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JaredPersonalOrganization%2FAWS-EKS-AURORA/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JaredPersonalOrganization","download_url":"https://codeload.github.com/JaredPersonalOrganization/AWS-EKS-AURORA/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":237982337,"owners_count":19397246,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","aws-cdk","eks","eksctl","golang","kubernetes","postgresql","sql"],"created_at":"2024-09-26T20:20:34.256Z","updated_at":"2025-10-24T14:31:13.773Z","avatar_url":"https://github.com/JaredPersonalOrganization.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"This repository sets up an EKS Cluster with an Aurora Serverless V2 PostgreSQL database. It assumes that you have the following tools installed: [Cilium CLI](https://kubernetes.io/docs/reference/kubectl/), [EKSCTL](https://eksctl.io/installation/), [kubectl](https://kubernetes.io/docs/reference/kubectl/), [docker](https://docs.docker.com/engine/install/). Additionally you must have the necessary permissions to create the database. You should also be aware these resources may incur costs.\n\n\nFirst off clone the repository if you already haven’t.\n\n```bash\ngit clone https://github.com/JaredHane98/AWS-EKS-AURORA.git\n```\n\n# Deploying the cluster\n\nNagivate to  the CreateEKSCluster directory\n\n```bash\ncd ./AWS-EKS-AURORA/CreateEKSCluster\n```\n\nNext, create the cluster. Make sure to take note of the VPC created by the cluster, as it will be used in the subsequent steps.\n\n```bash\neksctl create cluster -f cluster-launch.yml\n```\n\nCheck the progress of the VPC using the CLI. You can also use AWS console.\n\n```bash\naws ec2 describe-vpcs\n{\n            \"CidrBlock\": \"192.168.0.0/16\",\n            \"DhcpOptionsId\": DHPC_OPTIONS_ID,\n            \"State\": \"available\",\n            \"VpcId\": VPC_ID,\n            \"OwnerId\": ACCOUNT_ID,\n            \"InstanceTenancy\": \"default\",\n            \"CidrBlockAssociationSet\": [\n                {\n                    \"AssociationId\": VPC_ASSOCIATION_ID,\n                    \"CidrBlock\": \"192.168.0.0/16\",\n                    \"CidrBlockState\": {\n                        \"State\": \"associated\"\n                    }\n                }\n            ],\n            \"IsDefault\": false,\n            \"Tags\": [\n                {\n                    \"Key\": \"aws:cloudformation:stack-name\",\n                    \"Value\": \"eksctl-db-cluster-1-cluster\"\n                },\n```\n\n# Deploying Aurora Serverless V2 RDS Database\n\nCreate another window and navigate to the CreateAuroraCDK directory.\n\n```bash\ncd CreateAuroraCDK\n```\n\nNow we need to create a few enviromental variables for the CDK\n\n```bash\nexport AWS_REGION=YOUR-REGION\nexport VPC_ID=vpc-YOUR-VPC_ID\nexport AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)\n```\n\nThen deploy the resources to AWS\n\n```bash\ncdk deploy\n```\n\n# Installing Cilium\n\nReturn to the window where the cluster is being created and wait for the process to complete. Once it’s finished, install Cilium using the following commands.\n\n```bash\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/standard/gateway.networking.k8s.io_gatewayclasses.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/standard/gateway.networking.k8s.io_gateways.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/standard/gateway.networking.k8s.io_httproutes.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/standard/gateway.networking.k8s.io_referencegrants.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/standard/gateway.networking.k8s.io_grpcroutes.yaml\nkubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/gateway-api/v1.1.0/config/crd/experimental/gateway.networking.k8s.io_tlsroutes.yaml\ngit clone https://github.com/cilium/cilium.git\ncd cilium\ncilium install --chart-directory ./install/kubernetes/cilium --set kubeProxyReplacement=true --set gatewayAPI.enabled=true\n```\n\nValidate Cilium has  been properly installed\n\n```bash\ncilium status --wait\n```\n\nRun a network test with Cilium to check network connectivity\n\n```bash\ncilium connectivity test\n```\n\n# Setup IAM Service Account\n\nWith the cluster set up and Cilium in place, we can now create a service account for the deployment. Note that the upcoming steps will require the Secret ARN created by the Aurora instance.\n\n\nCreate an IAM OIDC identity provider for our cluster\n\n```bash\ncd ..\ncluster_name=db-cluster-1\noidc_id=$(aws eks describe-cluster --name $cluster_name --query \"cluster.identity.oidc.issuer\" --output text | cut -d '/' -f 5)\necho $oidc_id\naws iam list-open-id-connect-providers | grep $oidc_id | cut -d \"/\" -f4\neksctl utils associate-iam-oidc-provider --cluster $cluster_name --approve\n```\n\nCreate an enviromental variable for the RDS_SECRET_ARN\n\n```bash\nexport RDS_SECRET_ARN=SECRET_ARN_FROM_CDK\n```\n\nCreate an IAM policy file\n\n```bash\ncat \u003eiam-policy.json \u003c\u003cEOF\n{\n    \"Version\": \"2012-10-17\",\n    \"Statement\": [\n        {\n            \"Sid\": \"SecretsManagerDbCredentialsAccess\",\n            \"Effect\": \"Allow\",\n            \"Action\": [\n                \"secretsmanager:GetSecretValue\"\n            ],\n            \"Resource\": \"$RDS_SECRET_ARN\"\n        }\n    ]\n}\nEOF\n```\n\nCreate the IAM Policy\n\n```bash\naws iam create-policy --policy-name db-policy-1 --policy-document file://iam-policy.json\n```\n\nCreate the service account. Replace the --attach-policy-arn with the one from the previous step.\n\n```bash\neksctl create iamserviceaccount --name db-service-account-1 --namespace default --cluster db-cluster-1 \\\n --attach-policy-arn arn:aws:iam::111122223333:policy/my-policy --approve\n```\n\n# Create the RDS Table\n\nInstead of launching an EC2 instance within the VPC, you can use the RDS Query Editor to create a table. Log in to the editor using the RDS_SECRET_ARN and RDS_DATABASE_NAME provided in the CDK outputs. Then, create a table using the following command.\n\n```sql\ncreate table EmployeeTable (\n  id uuid PRIMARY KEY,\n  first_name text,\n  last_name text,\n  field text,\n  start_time date,\n  dob date,\n  salary INT\n);\n```\n\n# Create the containers\n\nGo back to the console and navigate to the EKSApp directory.\n\n```bash\ncd EKSApp\n```\n\nBuild the container using docker\n\n```bash\ndocker build --tag eks-app .\n```\n\nThe next steps depend on your choice of repository. I personally use [AWS ECR](https://aws.amazon.com/ecr/).\n\n```bash\ndocker tag eks-app ACCOUNT_ID.dkr.ecr.us-east-1.amazomaws.com/aurora/containers:eks-app\ndocker push ACCOUNT_ID.dkr.ecr.us-east-1.amazomaws.com/aurora/containers:eks-app\n```\n\nRegardless of your choice you must remember the image URL.\n\n# Deploying the pods\n\nNavigate back to the CreateEKSCluster directory.\n\n```bash\ncd ..\n```\n\nCreate a few enviromental variables using the CDK output and container image URL.\n\n```bash\nexport CONTAINER_IMAGE_URL=01234567912.dkr.ecr.us-east-1.amazomaws.com/aurora/containers:eks-app\nexport RDS_SECRET=RDS_SECRET_FROM_CDK\n```\n\nCreate a deployment file.\n\n```bash\ncat \u003edeployment.yml \u003c\u003c EOF\n---\napiVersion: v1\nkind: Service                    # Type of kubernetes resource\nmetadata:\n  name: eks-app                  # Name of the resource\nspec:\n  ports:                         # Take incoming HTTP requests on port 9090 and forward them to the targetPort of 8080\n  - name: http\n    port: 8080\n  selector:\n    app: eks-app         # Map any pod with label app1\n---\napiVersion: apps/v1\nkind: Deployment                 # Type of Kubernetes resource\nmetadata:\n  name: eks-app                    # Name of the Kubernetes resource\nspec:\n  replicas: 3                    # Number of pods to run at any given time\n  selector:\n    matchLabels:\n      app: eks-app                # This deployment applies to any Pods matching the specified label\n  template:                      # This deployment will create a set of pods using the configurations in this template\n    metadata:\n      labels:                    # The labels that will be applied to all of the pods in this deployment\n        app: eks-app \n    spec:                        # Spec for the container which will run in the Pod\n      serviceAccountName: db-service-account-1\n      containers:\n      - name: eks-app\n        image: $CONTAINER_IMAGE_URL\n        imagePullPolicy: Always   # only attempts to pull if not local\n        ports:\n          - containerPort: 8080   # Should match the port number that the Go application listens on\n        livenessProbe:            # To check the health of the Pod\n          httpGet:\n            path: /health\n            port: 8080\n            scheme: HTTP\n          initialDelaySeconds: 5\n          periodSeconds: 15\n          timeoutSeconds: 5\n        readinessProbe:          # To check if the Pod is ready to serve traffic or not\n          httpGet:\n            path: /readiness\n            port: 8080\n            scheme: HTTP\n          initialDelaySeconds: 5\n          timeoutSeconds: 1\n        resources:\n          requests:\n            cpu: 300m\n            memory: 128Mi\n          limits:\n            cpu: 500m\n            memory: 256Mi \n        env:\n        - name: RDS_TABLE_NAME\n          value: EmployeeTable\n        - name: RDS_SECRET\n          value: $RDS_SECRET\n      affinity:\n        nodeAffinity:\n          requiredDuringSchedulingIgnoredDuringExecution:\n            nodeSelectorTerms:\n            - matchExpressions:\n              - key: \"kubernetes.io/os\"\n                operator: In\n                values:\n                - linux\n              - key: \"kubernetes.io/arch\"\n                operator: In\n                values:\n                - amd64\nEOF\n```\n\nNow launch the deployment and gateway.\n\n```bash\nkubectl apply -f deployment.yml\nkubectl apply -f gateway.yml\n```\n\nCheck the pods status\n\n```bash\nkubectl get pods -o wide\n```\n\nThey should look similarly to this.\n\n```bash\nNAME                       READY   STATUS    RESTARTS   AGE   IP                NODE                             NOMINATED NODE   READINESS GATES\neks-app-867567dc4b-b5v4m   1/1     Running   0          12s   192.168.109.107   ip-192-168-121-59.ec2.internal   \u003cnone\u003e           \u003cnone\u003e\neks-app-867567dc4b-dkw67   1/1     Running   0          12s   192.168.99.113    ip-192-168-121-59.ec2.internal   \u003cnone\u003e           \u003cnone\u003e\neks-app-867567dc4b-l7c6g   1/1     Running   0          12s   192.168.120.32    ip-192-168-121-59.ec2.internal   \u003cnone\u003e           \u003cnone\u003e\n```\n\nGet the assigned URL\n\n```bash\nGATEWAY=$(kubectl get gateway basic-gateway -o jsonpath='{.status.addresses[0].value}')\n```\n\nAdd an employee to the registry\n\n```markup\ncurl --header \"Content-Type: application/json\" --request POST --data '{\"id\": \"ebae8ff2-2e25-49b1-b7a6-3d6f5e8a20bd\", \"first_name\": \"Jared\", \"last_name\": \"Hane\", \"sector\": \"Programmer\", \"start_time\": \"2024-1-27\", \"dob\": \"1996-10-23\", \"salary\": 134903 }' http://$GATEWAY/employee\n```\n\nGet an employee\n\n```bash\ncurl --request GET http://$GATEWAY/employee/ebae8ff2-2e25-49b1-b7a6-3d6f5e8a20bd\n```\n\nUpdate an employee\n\n```bash\ncurl --header \"Content-Type: application/json\" --request PUT --data '{\"salary\": 150000}' http://$GATEWAY/employee/ebae8ff2-2e25-49b1-b7a6-3d6f5e8a20bd\n```\n\nVerify the salary has been updated\n\n```bash\ncurl --request GET http://$GATEWAY/employee/ebae8ff2-2e25-49b1-b7a6-3d6f5e8a20bd\n```\n\nRemove an employee\n\n```bash\ncurl --request DELETE http://$GATEWAY/employee/ebae8ff2-2e25-49b1-b7a6-3d6f5e8a20bd\n```\n\n# Cleaning up\n\nNavigate to the CreateAuroraCDK directory and run\n\n```bash\ncdk destroy\n```\n\nNavigate to the CreateEKSCluster and run\n\n```bash\neksctl delete cluster -f cluster-launch.yml --disable-nodegroup-eviction\n```\n\nYou may also have to manually delete the VPC and associated load balancer in the AWS console.\n\n# Things to add\n\n* Horizontal scaling\n* Cluster node scaling\n* Stress test using K6 or any other platform\n* Improved Aurora Scaling\n* Create a job initialize the database\n* TLS Certification\n\n# Final words\n\nThere’s another project in the directory named CreateDatabase. It generates over 4,000 random entries that you can use.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJaredPersonalOrganization%2FAWS-EKS-AURORA","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FJaredPersonalOrganization%2FAWS-EKS-AURORA","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FJaredPersonalOrganization%2FAWS-EKS-AURORA/lists"}