DO NOT PROCEED with this step unless you have validated the IAM role in use by the Cloud9 IDE. You will not be able to run the necessary kubectl commands in the later modules unless the EKS cluster is built using the IAM role.
How do I check the IAM role on the workspace?
Use the GetCallerIdentity CLI command to validate that the Cloud9 IDE is using the correct IAM role.
aws sts get-caller-identity
Select the tab and validate the assumed roleā¦
The output assumed-role name should contain:
eksworkshop-admin
If the Arn contains the role name from above and an Instance ID, you may proceed.
{
"Account": "123456789012",
"UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef",
"Arn": "arn:aws:sts::123456789012:assumed-role/eksworkshop-admin/i-01234567890abcdef"
}The output assumed-role name should contain:
TeamRole
If the Arn contains the role name from above and an Instance ID, you may proceed.
{
"Account": "123456789012",
"UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef",
"Arn": "arn:aws:sts::216876048363:assumed-role/TeamRole/i-0dd09eac19be01448"
}If you do not see the correct role, please go back and validate the IAM role for troubleshooting.
If you do see the correct role, proceed to next step to create an EKS cluster.
Create an eksctl deployment file (eksworkshop.yaml) to create an EKS cluster:
cat << EOF > eksworkshop.yaml
---
apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig
metadata:
name: eksworkshop-eksctl
region: ${AWS_REGION}
version: "1.21"
managedNodeGroups:
- amiFamily: AmazonLinux2
instanceType: m5.large
name: mng-od-m5large
desiredCapacity: 2
maxSize: 3
minSize: 0
labels:
alpha.eksctl.io/cluster-name: eksworkshop-eksctl
alpha.eksctl.io/nodegroup-name: mng-od-m5large
intent: control-apps
tags:
alpha.eksctl.io/nodegroup-name: mng-od-m5large
alpha.eksctl.io/nodegroup-type: managed
k8s.io/cluster-autoscaler/node-template/label/intent: control-apps
iam:
withAddonPolicies:
autoScaler: true
cloudWatch: true
albIngress: true
privateNetworking: true
# To enable all of the control plane logs, uncomment below:
# cloudWatch:
# clusterLogging:
# enableTypes: ["*"]
EOF
Next, use the file you created as the input for the eksctl cluster creation.
eksctl create cluster -f eksworkshop.yaml
Launching EKS and all the dependencies will take approximately 15 minutes
eksctl create cluster command allows you to create the cluster and managed nodegroups in sequence. There are a few things to note in the configuration that we just used to create the cluster and a managed nodegroup.
Notice that the we add 3 node labels:
Amazon EKS adds an additional Kubernetes label eks.amazonaws.com/capacityType: ON_DEMAND, to all On-Demand Instances in your managed node group. You can use this label to schedule stateful applications on On-Demand nodes.