DO NOT PROCEED with this step unless you have validated the IAM role in use by the Cloud9 IDE. You will not be able to run the necessary kubectl commands in the later modules unless the EKS cluster is built using the IAM role.
How do I check the IAM role on the workspace?
Use the GetCallerIdentity CLI command to validate that the Cloud9 IDE is using the correct IAM role.
aws sts get-caller-identity
Select the tab and and validate the assumed role…
The output assumed-role name should contain:
eksworkshop-admin
If the Arn contains the role name from above and an Instance ID, you may proceed.
{
"Account": "123456789012",
"UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef",
"Arn": "arn:aws:sts::123456789012:assumed-role/eksworkshop-admin/i-01234567890abcdef"
}The output assumed-role name should contain:
TeamRole
If the Arn contains the role name from above and an Instance ID, you may proceed.
{
"Account": "123456789012",
"UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef",
"Arn": "arn:aws:sts::216876048363:assumed-role/TeamRole/i-0dd09eac19be01448"
}If you do not see the correct role, please go back and validate the IAM role for troubleshooting.
If you do see the correct role, proceed to next step to create an EKS cluster.
The following command will create an eks cluster with the name eksworkshop-eksctl
.It will also create a nodegroup with 2 on-demand instances.
eksctl create cluster --version=1.16 --name=eksworkshop-eksctl --node-private-networking --managed --nodes=2 --alb-ingress-access --region=${AWS_REGION} --node-labels="lifecycle=OnDemand,intent=control-apps" --asg-access
eksctl allows us to pass parameters to initialize the cluster. While initializing the cluster, eksctl does also allow us to create nodegroups.
The managed nodegroup will have two m5.large nodes and it will bootstrap with the labels lifecycle=OnDemand and intent=control-apps.
Launching EKS and all the dependencies will take approximately 15 minutes
The command above, created a Managed Nodegroup. Amazon EKS managed node groups automate the provisioning and lifecycle management of nodes. Managed Nodegroups use the latest EKS-optimized AMIs. The node run in your AWS account provisioned as apart of an EC2 Auto Scaling group that is managed for you by Amazon EKS. This means EKS takes care of the lifecycle management and undifferentiated heavy lifting on operations such as node updates, handling of terminations, gracefully drain of nodes to ensure that your applications stay available.