The purpose of this project is to help you build your infrastructure in your aws account.
- Create an aws account with the IAM
AdministratorAccess
permission - Install and configure aws CLI
- Install and configure terraform
There are two steps to help you create your infrastructure as follows:
Terraform saves all changes in *.tfstate
file, so we'd better store *.tfstate
in aws s3 bucket
instead of local machine. This step will build a aws s3 bucket
to store *.tfstate
file.
- Init Terraform
$ cd setup
$ terraform init
- Create s3 bucket
$ terraform apply
You will be prompted to enter an aws region code
, such as us-east-1
. After that, you need to make sure the listed resources that will be crated and then enter yes
You can see the output s3_bucket_terraform_state
below
Outputs:
s3_bucket_terraform_state = "**********-us-east-1"
Now, we begin to build the resources including VPC, subnets, EKS, Jump server etc.
- Setup remote backup
$ cd ../region/virginia
and then, update the block of s3
in providers.tf
file
backend "s3" {
bucket = "**********-us-east-1"
key = "terraform/backend.tfstate"
region = "us-east-1"
encrypt = "true"
}
The following things maybe need to be modified:
- Set
bucket
as the output ofs3_bucket_terraform_state
- Set
key
as the path to store*.tfstate
file in s3 bucket - Update
region
as the region code that you entered when creating s3 bucket above - Set
encrypt
astrue
- Create resources
You can modify the configuration in the main.tf
file according to your needs, and then run the following commands
$ terraform init
$ terraform apply
You will be prompted to enter yes
after confirmed the listed resources.
Now, all the resources have been built, The next step is to how to verify them.
We can use Jump Server
to test if they work well. We just need to verify EKS because it depends on VPC and subnets.
- Login Jump Server
We can use Session Manager
to login Jump Server
, and then setups the environment
$ sudo -s
- Configure Access Key and Secret Access Key
NOTE: You MUST use the Access Key and Secret Access Key of user that created EKS
$ aws configure
AWS Access Key ID [*******************]:
AWS Secret Access Key [*********************]:
Default region name [us-east-1]:
Default output format [json]
You can check it
$ aws sts get-caller-identity
{
"Account": "***********",
"UserId": "**********************",
"Arn": "arn:aws:iam::***********:user/****"
}
- Update or create kubeconfig
$ aws eks --region region-code update-kubeconfig --name cluster_name
region-code
is aws region code, such as us-east-1
cluster-name
is the name of the created EKS
- Access EKS cluster
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 2d2h