{"id":28566590,"url":"https://github.com/notharshhaa/aws-eks_terraform","last_synced_at":"2025-06-17T20:41:34.647Z","repository":{"id":283005784,"uuid":"692644201","full_name":"NotHarshhaa/AWS-EKS_Terraform","owner":"NotHarshhaa","description":"PROVISION EKS (Amazon Elastic Kubernetes Service) CLUSTER ON AWS USING TERRAFORM","archived":false,"fork":false,"pushed_at":"2025-03-18T04:31:34.000Z","size":27,"stargazers_count":19,"open_issues_count":0,"forks_count":53,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-06-10T15:11:33.102Z","etag":null,"topics":["aws-ec2","aws-ecr","aws-s3","aws-terraform","eks","eks-cluster","terraform","terraform-modules"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/NotHarshhaa.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-09-17T06:03:15.000Z","updated_at":"2025-04-15T18:03:22.000Z","dependencies_parsed_at":"2025-03-18T23:45:58.676Z","dependency_job_id":null,"html_url":"https://github.com/NotHarshhaa/AWS-EKS_Terraform","commit_stats":null,"previous_names":["notharshhaa/aws-eks_terraform"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/NotHarshhaa/AWS-EKS_Terraform","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotHarshhaa%2FAWS-EKS_Terraform","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotHarshhaa%2FAWS-EKS_Terraform/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotHarshhaa%2FAWS-EKS_Terraform/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotHarshhaa%2FAWS-EKS_Terraform/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/NotHarshhaa","download_url":"https://codeload.github.com/NotHarshhaa/AWS-EKS_Terraform/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/NotHarshhaa%2FAWS-EKS_Terraform/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":260439068,"owners_count":23009269,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws-ec2","aws-ecr","aws-s3","aws-terraform","eks","eks-cluster","terraform","terraform-modules"],"created_at":"2025-06-10T15:11:21.778Z","updated_at":"2025-06-17T20:41:29.623Z","avatar_url":"https://github.com/NotHarshhaa.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🚀 **Provision Amazon EKS Cluster on AWS using Terraform**  \n\n![EKS Banner](https://imgur.com/oU5TMcv.png)  \n\n## 🔥 **Introduction**  \n\n### 🟢 What is Amazon EKS?  \n\nAmazon Elastic Kubernetes Service (**Amazon EKS**) is a **fully managed** Kubernetes service that simplifies deploying, managing, and scaling containerized applications on AWS.  \n\n### 🟢 What is Terraform?  \n\nTerraform is an **open-source Infrastructure as Code (IaC) tool** that enables declarative provisioning and management of cloud infrastructure.  \n\n---\n\n## ✅ **Prerequisites**  \n\nBefore proceeding, ensure you have the following:  \n\n- **AWS Account** (Free Tier Available)  \n- **AWS CLI** ([Install AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html))  \n- **Terraform** ([Install Terraform](https://developer.hashicorp.com/terraform/tutorials/aws-get-started/install-cli))  \n- **Kubectl** ([Install Kubectl](https://docs.aws.amazon.com/eks/latest/userguide/install-kubectl.html))  \n- **VS Code** (Recommended IDE)  \n\n---\n\n## 📂 **Project Structure**  \n\n```bash\n📦 eks-cluster-terraform\n├── 📜 provider.tf               # AWS Provider Configuration\n├── 📜 eks-backend-terra.tf       # S3 Backend for Terraform State\n├── 📜 vpc.tf                     # VPC Configuration\n├── 📜 subnets.tf                 # Public Subnets\n├── 📜 internetgw.tf              # Internet Gateway\n├── 📜 route.tf                   # Route Table\n├── 📜 sg.tf                      # Security Groups\n├── 📜 iam_role.tf                # IAM Roles \u0026 Policies\n├── 📜 eks_cluster.tf             # EKS Cluster Configuration\n├── 📜 eks_node_group.tf          # EKS Worker Nodes\n└── 📜 README.md                  # Project Documentation\n```  \n\n---\n\n## 📚 **References**  \n\n- **[Terraform Registry](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs)**  \n- **[AWS CLI Installation Guide](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)**  \n- **[EKS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html)**  \n\n🔗 _This project follows AWS best practices for EKS deployment using Terraform._  \n\n---\n\n_**Warning!!! You might incur costs in your AWS account by doing this**_\n\n## 📌 **Getting Started**\n\nHead to your AWS account and navigate to the S3 section. This is where we will store our **tf.state file** as it is considered best practice to keep our state file in a Remote Location. The primary purpose of Terraform state is to store bindings between objects in a remote system and resources declared in your configuration and I am going to keep mine in Amazon S3.\n\nCreate an S3 Bucket. You can choose whatever name suits your purpose, I am naming mine `terra-eks-backend`. You can provision your bucket in any region that suits your purpose but I am provisioning mine in the `us-east-1`.\n\n![aws-eks](https://imgur.com/r1hBcxO.png)\n\nIt is highly recommended that you enable [Bucket Versioning](https://docs.aws.amazon.com/AmazonS3/latest/userguide/manage-versioning-examples.html) on the S3 bucket to allow for state recovery in the case of accidental deletions and human error.\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:1400/format:webp/1*r_Qbo1YHAPMfcjjFyQJOAw.png)\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*CtasAJc5N0WaX-P1y3CDnQ.png)\n\nTo make my `tf.state file` consistent I am going to enable State-Locking. File locking is a data management feature that allows only one user or process access to a file at any given time. It restricts other users from changing the file while it is being used by another user or process. In other to achieve this I need to create a Dynamo DB Table so let's head to Dynamo DB in our AWS account and create a Dynamo DB table\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*--_Q2-Jr_OLP4kGCjvapbA.png)\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*rw6mSFdFnIM-LBWdNFxkLQ.png)\n\nYou can choose any name for your DynamoDB Table but it is important to note that the partition key is case sensitive. I named the Partition Key LOCKID because this will enable Dynamo DB to lock and release the file. Scroll down the page and click on Create Table\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*QJZKwa4UpaqGzkl5Y5NE2w.png)\n\n### **CREATE TERRAFORM FILES**\n\n**eks-backend-terra.tf**\n\n```hashicorp\nterraform {\n  backend \"s3\" {\n    bucket         = \"your-s3-bucket-name\"\n    key            = \"terraform/state/eks-cluster.tfstate\"\n    region         = \"us-east-1\"\n    encrypt        = true\n    dynamodb_table = \"your-dynamodb-table-name\"\n  }\n}\n```\n\n**Provider.tf**\n\nName of provider AWS\n\nOur source will be defined as hashicorp/aws. This is a short abbreviation for ```registry.terraform.io/hashicorp/aws```\n\nThe version is set to ~\u003e5.0\n\nRegion is us-east-1\n\n```hashicorp\nterraform {\n  required_version = \"\u003e= 1.3.0\"\n\n  required_providers {\n    aws = {\n      source  = \"hashicorp/aws\"\n      version = \"\u003e= 5.0\"\n    }\n  }\n}\n\nprovider \"aws\" {\n  region = \"us-east-1\"\n}\n```\n\n**Vpc.tf**\n\n```hashicorp\nresource \"aws_vpc\" \"main\" {\n  cidr_block           = \"10.0.0.0/16\"\n  enable_dns_support   = true\n  enable_dns_hostnames = true\n\n  tags = {\n    Name = \"pc-vpc\"\n    Environment = \"dev\"\n  }\n}\n```\n\nThe vpc.tf contains codes to create a new Vpc. The CIDR block is 10.0.0.0/16 and I have tagged the name of the VPC as PC-VPC\n\n**subnets.tf**\n\n```hashicorp\nresource \"aws_subnet\" \"public_1\" {\n  vpc_id                  = aws_vpc.main.id\n  cidr_block              = \"10.0.1.0/24\"\n  availability_zone       = \"us-east-1a\"\n  map_public_ip_on_launch = true\n\n  tags = {\n    Name        = \"public-sub-1\"\n    Environment = \"dev\"\n  }\n}\n\nresource \"aws_subnet\" \"public_2\" {\n  vpc_id                  = aws_vpc.main.id\n  cidr_block              = \"10.0.2.0/24\"\n  availability_zone       = \"us-east-1b\"\n  map_public_ip_on_launch = true\n\n  tags = {\n    Name        = \"public-sub-2\"\n    Environment = \"dev\"\n  }\n}\n\nresource \"aws_subnet\" \"private_1\" {\n  vpc_id            = aws_vpc.main.id\n  cidr_block        = \"10.0.3.0/24\"\n  availability_zone = \"us-east-1a\"\n\n  tags = {\n    Name        = \"private-sub-1\"\n    Environment = \"dev\"\n  }\n}\n\nresource \"aws_subnet\" \"private_2\" {\n  vpc_id            = aws_vpc.main.id\n  cidr_block        = \"10.0.4.0/24\"\n  availability_zone = \"us-east-1b\"\n\n  tags = {\n    Name        = \"private-sub-2\"\n    Environment = \"dev\"\n  }\n}\n```\n\nEKS requires a minimum of two subnets to function so this is creating two public subnets in two availability zones namely us-east-1a and us-east-1b respectively. I have also set _map public IP on launch = true_. This will assign our subnets with public IPV4 addresses. I have given the CIDR range of 10.0.1.0/24 to public-1 and 10.0.2.0/24 to public-2.\n\n**Internetgw.tf**\n\n```hashicorp\nresource \"aws_internet_gateway\" \"main_gw\" {\n  vpc_id = aws_vpc.main.id\n\n  tags = {\n    Name        = \"main-gateway\"\n    Environment = \"dev\"\n  }\n}\n```\n\nThis will create and attach the internet gateway to the Vpc created\n\n**Route.tf**\n\n```hashicorp\nresource \"aws_route_table\" \"public_rt\" {\n  vpc_id = aws_vpc.main.id\n\n  route {\n    cidr_block = \"0.0.0.0/0\"\n    gateway_id = aws_internet_gateway.main_gw.id\n  }\n\n  tags = {\n    Name        = \"public-route-table\"\n    Environment = \"dev\"\n  }\n}\n\nresource \"aws_route_table_association\" \"public_subnet_1_assoc\" {\n  subnet_id      = aws_subnet.public-1.id\n  route_table_id = aws_route_table.public_rt.id\n}\n\nresource \"aws_route_table_association\" \"public_subnet_2_assoc\" {\n  subnet_id      = aws_subnet.public-2.id\n  route_table_id = aws_route_table.public_rt.id\n}\n```\n\nThis will create the Route table. The route table has been associated with the two subnets (public-1,public-2). An internet gateway id has also been associated with the Route table and the Vpc id has been assigned to the Route table.\n\n**Sg.tf**\n\n```hashicorp\nresource \"aws_security_group\" \"eks_sg\" {\n  name        = \"eks-cluster-sg\"\n  description = \"Security group for EKS cluster\"\n  vpc_id      = aws_vpc.main.id\n\n  ingress {\n    description = \"Allow SSH access\"\n    from_port   = 22\n    to_port     = 22\n    protocol    = \"tcp\"\n    cidr_blocks = [\"0.0.0.0/0\"]\n  }\n\n  ingress {\n    description = \"Allow HTTPS traffic\"\n    from_port   = 443\n    to_port     = 443\n    protocol    = \"tcp\"\n    cidr_blocks = [\"0.0.0.0/0\"]\n  }\n\n  ingress {\n    description = \"Allow HTTP traffic\"\n    from_port   = 80\n    to_port     = 80\n    protocol    = \"tcp\"\n    cidr_blocks = [\"0.0.0.0/0\"]\n  }\n\n  egress {\n    from_port   = 0\n    to_port     = 0\n    protocol    = \"-1\"\n    cidr_blocks = [\"0.0.0.0/0\"]\n  }\n\n  tags = {\n    Name        = \"eks-cluster-sg\"\n    Environment = \"dev\"\n  }\n}\n```\n\nThis will create the security group attached to the created Vpc with both ingress and egress rules. Ingress rules allow incoming(inbound) connection with our Vpc while egress rule allows outgoing (outbound) connection.\n\n**iam_role.tf**\n\n```hashicorp\nresource \"aws_iam_role\" \"eks_cluster_role\" {\n  name = \"eks-cluster-role\"\n\n  assume_role_policy = \u003c\u003cPOLICY\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Principal\": {\n        \"Service\": \"eks.amazonaws.com\"\n      },\n      \"Action\": \"sts:AssumeRole\"\n    }\n  ]\n}\nPOLICY\n}\n\nresource \"aws_iam_role_policy_attachment\" \"eks_cluster_policy\" {\n  policy_arn = \"arn:aws:iam::aws:policy/AmazonEKSClusterPolicy\"\n  role       = aws_iam_role.eks_cluster_role.name\n}\n\nresource \"aws_iam_role_policy_attachment\" \"eks_service_policy\" {\n  policy_arn = \"arn:aws:iam::aws:policy/AmazonEKSServicePolicy\"\n  role       = aws_iam_role.eks_cluster_role.name\n}\n\nresource \"aws_iam_role_policy_attachment\" \"eks_vpc_resource_controller\" {\n  policy_arn = \"arn:aws:iam::aws:policy/AmazonEKSVPCResourceController\"\n  role       = aws_iam_role.eks_cluster_role.name\n}\n\nresource \"aws_iam_role\" \"eks_worker_role\" {\n  name = \"eks-worker-role\"\n\n  assume_role_policy = \u003c\u003cPOLICY\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Principal\": {\n        \"Service\": \"ec2.amazonaws.com\"\n      },\n      \"Action\": \"sts:AssumeRole\"\n    }\n  ]\n}\nPOLICY\n}\n\nresource \"aws_iam_policy\" \"eks_autoscaler_policy\" {\n  name   = \"eks-autoscaler-policy\"\n  policy = \u003c\u003cEOF\n{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Action\": [\n        \"autoscaling:DescribeAutoScalingGroups\",\n        \"autoscaling:DescribeAutoScalingInstances\",\n        \"autoscaling:DescribeTags\",\n        \"autoscaling:DescribeLaunchConfigurations\",\n        \"autoscaling:SetDesiredCapacity\",\n        \"autoscaling:TerminateInstanceInAutoScalingGroup\",\n        \"ec2:DescribeLaunchTemplateVersions\"\n      ],\n      \"Effect\": \"Allow\",\n      \"Resource\": \"*\"\n    }\n  ]\n}\nEOF\n}\n\nresource \"aws_iam_role_policy_attachment\" \"eks_worker_policy\" {\n  policy_arn = \"arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy\"\n  role       = aws_iam_role.eks_worker_role.name\n}\n\nresource \"aws_iam_role_policy_attachment\" \"eks_cni_policy\" {\n  policy_arn = \"arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy\"\n  role       = aws_iam_role.eks_worker_role.name\n}\n\nresource \"aws_iam_role_policy_attachment\" \"ssm_managed_instance\" {\n  policy_arn = \"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore\"\n  role       = aws_iam_role.eks_worker_role.name\n}\n\nresource \"aws_iam_role_policy_attachment\" \"ecr_readonly\" {\n  policy_arn = \"arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly\"\n  role       = aws_iam_role.eks_worker_role.name\n}\n\nresource \"aws_iam_role_policy_attachment\" \"xray_daemon_write\" {\n  policy_arn = \"arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess\"\n  role       = aws_iam_role.eks_worker_role.name\n}\n\nresource \"aws_iam_role_policy_attachment\" \"s3_readonly\" {\n  policy_arn = \"arn:aws:iam::aws:policy/AmazonS3ReadOnlyAccess\"\n  role       = aws_iam_role.eks_worker_role.name\n}\n\nresource \"aws_iam_role_policy_attachment\" \"autoscaler_attachment\" {\n  policy_arn = aws_iam_policy.eks_autoscaler_policy.arn\n  role       = aws_iam_role.eks_worker_role.name\n}\n\nresource \"aws_iam_instance_profile\" \"eks_worker_profile\" {\n  depends_on = [aws_iam_role.eks_worker_role]\n  name       = \"eks-worker-profile\"\n  role       = aws_iam_role.eks_worker_role.name\n}\n```\n\nThis will create all the necessary IAM roles and Policies for the EKS cluster. It will be attached to the EKS cluster once the EKS Cluster is created. This will enable the EKS Cluster to have all the necessary permissions needed.\n\n**eks_cluster.tf**\n\n```hashicorp\nresource \"aws_eks_cluster\" \"eks\" {\n  name     = \"pc-eks-cluster\"\n  role_arn = aws_iam_role.eks_cluster_role.arn\n\n  vpc_config {\n    subnet_ids = [aws_subnet.public-1.id, aws_subnet.public-2.id]\n  }\n\n  depends_on = [\n    aws_iam_role_policy_attachment.eks_cluster_policy,\n    aws_iam_role_policy_attachment.eks_service_policy,\n    aws_iam_role_policy_attachment.eks_vpc_resource_controller\n  ]\n}\n```\n\nThis will create the EKS Cluster. depends_on =[ means that the EKS Cluster being created depends on the completion of the creation of the IAM roles. The two subnet IDs have also been mentioned here as well.\n\n**eks_node_group.tf**\n\n```hashicorp\nresource \"aws_instance\" \"kubectl_server\" {\n  ami                         = \"ami-06ca3ca175f37dd66\"\n  key_name                    = \"EKS_KEY_PAIR\"\n  instance_type               = \"t2.micro\"\n  associate_public_ip_address = true\n  subnet_id                   = aws_subnet.public-1.id\n  vpc_security_group_ids      = [aws_security_group.allow_tls.id]\n\n  tags = {\n    Name = \"kubectl-server\"\n  }\n}\n\nresource \"aws_eks_node_group\" \"eks_node_group\" {\n  cluster_name    = aws_eks_cluster.eks.name\n  node_group_name = \"pc-node-group\"\n  node_role_arn   = aws_iam_role.eks_worker_role.arn\n  subnet_ids      = [aws_subnet.public-1.id, aws_subnet.public-2.id]\n  capacity_type   = \"ON_DEMAND\"\n  disk_size       = 20\n  instance_types  = [\"t2.small\"]\n\n  remote_access {\n    ec2_ssh_key               = \"EKS_KEY_PAIR\"\n    source_security_group_ids = [aws_security_group.allow_tls.id]\n  }\n\n  labels = {\n    env = \"dev\"\n  }\n\n  scaling_config {\n    desired_size = 2\n    max_size     = 3\n    min_size     = 1\n  }\n\n  update_config {\n    max_unavailable = 1\n  }\n\n  depends_on = [\n    aws_iam_role_policy_attachment.eks_worker_node_policy,\n    aws_iam_role_policy_attachment.eks_cni_policy,\n    aws_iam_role_policy_attachment.ec2_container_registry_read_only\n  ]\n}\n```\n\nThis will create 2 resources.\n\nThe first block will create an EC2 instance for the Kubectl server.\n\nNote that you need a key pair in your AWS account in the region you are deploying this in other to be able to ssh into the kubectl server. If you do not have one then you will need to create one.\n\nThe second block will create the AWS EKS node group, capacity type is set to ON DEMAND, instance type is t2.small, and disk size is set to 20. Scaling Config, maximum size is 3, desired size is 2, and minimum size is set to 1.\n\nNow that the Terraform codes are ready its time to run our Terraform commands\n\n```\nterraform init\n```\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*UxeZbeBl51QevGrL9iPWvg.png)\n\n```\nterraform validate\nterraform plan\nterraform apply\n```\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*_LTmj4Wzy4Vl7l9TB2Y92w.png)\n\nTerraform is creating the resources after running the terraform apply command.\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*gsglbUoHSzkiB5fiPcQVsw.png)\n\nAll resources have been created successfully. Let's check our AWS Account\n\n### EKS Cluster created\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*xdnnYnrCLBVXNlUVIw_NOw.png)\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*LBjDPi-3Wxc9Gzsir6xUXQ.png)\n\nLet's check the Kubectl Server and the other instances created\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*alier38pVsZJvOOfCTOFCA.png)\n\nLet's check the VPC and Security Group, Route Table, and Subnets\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*7n4JnMcd23EC-dAd89rXAg.png)\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*YDKnJEyfFUdE0UuaD8Gq4Q.png)\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*ji5fWaBvWiyfLMOBX24yrQ.png)\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*UPpOOPJa5WF194R7SOryRQ.png)\n\nNow that all resources have been provisioned by Terraform next step is to try to ssh into the Kubectl server.\n\nI am using a newer version of Windows so I do not need to ssh with putty. If you are using an older version of Windows you will need to ssh into your instance using putty. You can learn how to do that here\n\n[Putty Installation for Connect to your Linux instance from Windows](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/putty.html?source=post_page-----e37f4c5c66ad--------------------------------)\n\nClick on the Instance Kubectl\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:640/format:webp/1*VcGdXFmmyd0grNY0l5pqAA.png)\n\nOn the next page click on connect\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*pgwyVO5GT4k5H5Gd9sL-sA.png)\n\nCopy the ssh — i under Example\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*WG5suJgZlBfMOD9Ts4a6Cw.png)\n\nNow head to your cmd line on your machine and cd into the directory where your Keypair(.pem) is stored. In my case, it's stored in the Downloads directory. Yours could be different so take note. Once you are in the directory where your Keypair is stored paste in the ssh line you copied and press enter\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*iLCh9pQQkNYATzYO0rlkRA.png)\n\nI had connected to mine earlier so there was no prompt but if you are connecting for the first time there will be a prompt. Just type yes and you will be connected to your ec2 instance.\n\nLet's install AWS CLI on the Kubectl Server\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*GEglP0MPpnyRehMMElW6ag.png)\n\nNext up is to set up Kubectl on the ec2 instance. For that, we will run these command\n\n```\ncurl -O https://s3.us-west-2.amazonaws.com/amazon-eks/1.27.1/2023-04-19/bin/linux/amd64/kubectl\nopenssl sha1 -sha256 kubectl\nchmod +x ./kubectl\nmkdir -p $HOME/bin \u0026\u0026 cp ./kubectl $HOME/bin/kubectl \u0026\u0026 export PATH=$HOME/bin:$PATH\nkubectl version --short --client\n```\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*6yw33fTuQHPY0utoQxgh7A.png)\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*gQgmbljBM5PuuAhuG5RzCQ.png)\n\nLet's set up our EKS Cluster on the Kubectl Server. These two commands should do just that\n\n```\naws eks --region us-east-1 describe-cluster --name pc-eks --query cluster.status\naws eks --region us-east-1 update-kubeconfig --name pc-eks\n```\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*lUEeeOGPreofeKEayrxEWQ.png)\n\nWhile the first command showed our Kubectl is active the second command updated the Kubectl server by adding my aws:arn to the Kubectl server config\n\nFinally, we will run this last command\n\n```\nkubectl get nodes\n```\n\n![aws-eks](https://miro.medium.com/v2/resize:fit:750/format:webp/1*1YG8YBSMiRE8Ib_aNSlnBA.png)\n\nAnd here are the two nodes.\n\n_**Note: Run terraform destroy to remove all provisioned infrastructures from your AWS account so as not to incur unnecessary bills on your account. Also, remember to delete the S3 bucket and the DynamoDB table**_\n\n---\n\n## **CONCLUSION**  \n\nThis guide provides a **step-by-step approach** to provisioning an **Amazon Elastic Kubernetes Service (EKS) cluster** on AWS using **Terraform**. It covers:  \n\n✅ Setting up prerequisites, including an **S3 backend for state storage** and **DynamoDB for state locking**.  \n✅ Creating **Terraform configuration files** to provision **networking, IAM roles, security groups, and the EKS cluster**.  \n✅ Running **Terraform commands** to deploy infrastructure and verifying resources in the AWS account.  \n✅ **Accessing the Kubectl server via SSH**, installing **AWS CLI \u0026 Kubectl**, and setting up cluster authentication.  \n✅ Deploying an **EKS node group** for running workloads and ensuring **high availability**.  \n✅ Verifying the **EKS cluster status** and managing it using **kubectl commands**.  \n\nBy following this guide, you can **successfully deploy, configure, and manage an EKS cluster** on AWS using Terraform. 🚀  \n\n---\n\n## 🤝 **Contributing**  \n\nContributions are welcome! If you'd like to improve this project, feel free to submit a pull request.  \n\n---\n\n## **Hit the Star!** ⭐\n\n**If you find this repository helpful and plan to use it for learning, please give it a star. Your support is appreciated!**\n\n---\n\n## 🛠️ **Author \u0026 Community**  \n\nThis project is crafted by **[Harshhaa](https://github.com/NotHarshhaa)** 💡.  \nI’d love to hear your feedback! Feel free to share your thoughts.  \n\n---\n\n### 📧 **Connect with me:**\n\n[![LinkedIn](https://img.shields.io/badge/LinkedIn-%230077B5.svg?style=for-the-badge\u0026logo=linkedin\u0026logoColor=white)](https://linkedin.com/in/harshhaa-vardhan-reddy) [![GitHub](https://img.shields.io/badge/GitHub-181717?style=for-the-badge\u0026logo=github\u0026logoColor=white)](https://github.com/NotHarshhaa)  [![Telegram](https://img.shields.io/badge/Telegram-26A5E4?style=for-the-badge\u0026logo=telegram\u0026logoColor=white)](https://t.me/prodevopsguy) [![Dev.to](https://img.shields.io/badge/Dev.to-0A0A0A?style=for-the-badge\u0026logo=dev.to\u0026logoColor=white)](https://dev.to/notharshhaa) [![Hashnode](https://img.shields.io/badge/Hashnode-2962FF?style=for-the-badge\u0026logo=hashnode\u0026logoColor=white)](https://hashnode.com/@prodevopsguy)  \n\n---\n\n### 📢 **Stay Connected**  \n\n![Follow Me](https://imgur.com/2j7GSPs.png)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnotharshhaa%2Faws-eks_terraform","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnotharshhaa%2Faws-eks_terraform","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnotharshhaa%2Faws-eks_terraform/lists"}