{"id":39934542,"url":"https://github.com/omidraha/eks-example","last_synced_at":"2026-01-18T18:33:59.118Z","repository":{"id":245502750,"uuid":"818440540","full_name":"omidraha/EKS-Example","owner":"omidraha","description":"AWS EKS example","archived":false,"fork":false,"pushed_at":"2024-08-19T20:54:28.000Z","size":200,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-08-20T23:03:59.151Z","etag":null,"topics":["alb","aws","aws-cli","eks","eks-cluster","elasticcache","kubectl","kubernetes","rds","vpc"],"latest_commit_sha":null,"homepage":"","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/omidraha.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-06-21T21:34:00.000Z","updated_at":"2024-08-19T20:54:31.000Z","dependencies_parsed_at":"2024-08-19T22:48:14.041Z","dependency_job_id":"4f0d4da9-a0d1-4326-ba29-98b1ad475b81","html_url":"https://github.com/omidraha/EKS-Example","commit_stats":null,"previous_names":["omidraha/eks-example"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/omidraha/EKS-Example","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omidraha%2FEKS-Example","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omidraha%2FEKS-Example/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omidraha%2FEKS-Example/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omidraha%2FEKS-Example/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/omidraha","download_url":"https://codeload.github.com/omidraha/EKS-Example/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/omidraha%2FEKS-Example/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28547283,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-18T14:59:57.589Z","status":"ssl_error","status_checked_at":"2026-01-18T14:59:46.540Z","response_time":98,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["alb","aws","aws-cli","eks","eks-cluster","elasticcache","kubectl","kubernetes","rds","vpc"],"created_at":"2026-01-18T18:33:59.015Z","updated_at":"2026-01-18T18:33:59.106Z","avatar_url":"https://github.com/omidraha.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"### ReadMe.md\n\n## Purpose\n\nThis script automates the creation and configuration of an Amazon EKS cluster distributed across three availability\nzones.\n\nThe setup includes a private VPC with private subnets for the cluster nodes and a public subnet for the NAT gateway.\n\nThis configuration ensures that while the cluster can access the internet for updates and downloads,\nit remains secure by not being directly accessible from the internet.\n\n## Architecture Diagram\n\n![diagram.png](./diagram.png)\n\n## Steps Overview\n\n1. **Create VPC and Subnets**:\n    - Define the region and availability zones.\n    - Create a VPC and private subnets in three availability zones.\n    - Create a public subnet for the NAT Gateway.\n\n2. **Create and Attach Internet Gateway**:\n    - Create an Internet Gateway.\n    - Attach the Internet Gateway to the VPC.\n\n3. **Create NAT Gateway**:\n    - Allocate an Elastic IP.\n    - Create a NAT Gateway in the public subnet.\n\n4. **Create Route Tables and Routes**:\n    - Create a private route table and associate it with the private subnets.\n    - Create a public route table and associate it with the public subnet.\n\n5. **Create IAM Role for EKS**:\n    - Create an IAM role with a trust relationship for EKS.\n    - Attach the AmazonEKSClusterPolicy managed policy.\n\n6. **Create Security Group for EKS**:\n    - Create a security group and authorize necessary inbound and outbound rules.\n\n7. **Create EKS Cluster**:\n    - Create the EKS cluster with the defined subnets and security group.\n\n8. **Associate IAM OIDC Provider**:\n    - Associate the IAM OIDC provider with the EKS cluster.\n    - Retrieve OIDC URL and ARN for EKS Cluster.\n\n9. **Create IAM Role for EKS Nodes**:\n    - Create an IAM role for the EKS nodes with necessary policies.\n    - Create an instance profile and add the role to it.\n\n10. **Create Launch Template for EKS Nodes**:\n    - Define and create a launch template for the EKS nodes with necessary configurations and user data.\n\n11. **Create Node Group**:\n    - Create a node group using the launch template and associate it with the cluster.\n\n12. **Update EKS Cluster Configuration**:\n    - Update the kubeconfig file to use the new node group.\n\n13. **Apply AWS-auth ConfigMap**:\n    - Apply the AWS-auth ConfigMap to allow nodes to join the cluster.\n\n14. **Verify the Node Group (Optional)**:\n    - Verify that the nodes are properly added to the EKS cluster by checking the nodes in your cluster.\n\n15. **Create ACM Certificate**:\n    - Request an ACM certificate for the domain and configure DNS validation.\n\n16. **Create IAM Policy for AWS Load Balancer Controller**:\n    - Creating an IAM policy required for the AWS Load Balancer Controller to function.\n\n17. **Create Kubernetes Namespace**:\n    - Create Kubernetes Namespace.\n\n18. **Create Service Account**:\n    - Generate a YAML file for the Service Account and apply it using kubectl.\n\n19. **Create IAM Role for AWS Load Balancer Controller**:\n    - Create a trust relationship JSON file\n    - Create the IAM role with the trust relationship policy document.\n    - Attach the policy to the IAM role\n\n20. **Annotate the Service Account**:\n    - Annotate the Kubernetes Service Account with the IAM role ARN to establish the relationship between the service\n      account and the IAM role.\n\n21. **Install AWS Load Balancer Controller with Helm**:\n    - Install the AWS Load Balancer Controller Helm chart with the required configurations.\n\n22. **Create Security Group for ElastiCache**:\n    - Create a security group for ElastiCache and authorize necessary inbound rules.\n\n23. **Create ElastiCache Subnet Group**:\n    - Create a cache subnet group for ElastiCache.\n\n24. **Create ElastiCache Cluster**:\n    - Create the ElastiCache cluster within the VPC.\n\n25. **Create Security Group for RDS**:\n    - Create a security group for RDS and authorize necessary inbound and outbound rules.\n\n26. **Create RDS Subnet Group**:\n    - Create a subnet group for RDS.\n\n27. **Create RDS Instance**:\n    - Create the RDS instance within the VPC.\n\n28. **Wait for RDS Instance to be Available**:\n    - Wait for the RDS instance to become available and get its endpoint.\n\n### Notes\n```bash\n\nsudo amazon-linux-extras install epel -y\nsudo yum install -y redis\n```\n- Image should be set from the https://cloud-images.ubuntu.com/docs/aws/eks/\n\n### Links\n\nhttps://docs.aws.amazon.com/code-library/latest/ug/eks_example_eks_CreateNodegroup_section.html\n\nhttps://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#worker-node-fail\n\nhttps://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#instances-failed-to-join\n\nhttps://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html\n\nhttps://docs.aws.amazon.com/cli/latest/reference/eks/create-cluster.html\n\nhttps://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html\n\nhttps://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#AvailableIpPerENI\n\nhttps://docs.aws.amazon.com/eks/latest/userguide/lbc-helm.html#lbc-helm-install\n\nhttps://github.com/pulumi/pulumi-eks/pull/320\n\nhttps://marcincuber.medium.com/amazon-eks-with-oidc-provider-iam-roles-for-kubernetes-services-accounts-59015d15cb0c\n\nhttps://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/\n\nhttps://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc_verify-thumbprint.html\n\nEnable outbound IPv6 traffic using an egress-only internet gateway\n\n- https://docs.aws.amazon.com/vpc/latest/userguide/egress-only-internet-gateway.html\n- https://stackoverflow.com/a/54079844\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fomidraha%2Feks-example","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fomidraha%2Feks-example","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fomidraha%2Feks-example/lists"}