DO NOT PROCEED with this step unless you have validated the IAM role in use by the Cloud9 IDE. You will not be able to run the necessary kubectl commands in the later modules unless the EKS cluster is built using the IAM role.
How do I check the IAM role on the workspace?
Use the GetCallerIdentity CLI command to validate that the Cloud9 IDE is using the correct IAM role.
aws sts get-caller-identity
Select the tab and and validate the assumed role…
The output assumed-role name should contain:
eksworkshop-admin
If the Arn contains the role name from above and an Instance ID, you may proceed.
{
"Account": "123456789012",
"UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef",
"Arn": "arn:aws:sts::123456789012:assumed-role/eksworkshop-admin/i-01234567890abcdef"
}The output assumed-role name should contain:
TeamRole
If the Arn contains the role name from above and an Instance ID, you may proceed.
{
"Account": "123456789012",
"UserId": "AROA1SAMPLEAWSIAMROLE:i-01234567890abcdef",
"Arn": "arn:aws:sts::123456789012:assumed-role/TeamRole/MasterRole"
}If you do not see the correct role, please go back and validate the IAM role for troubleshooting.
If you do see the correct role, proceed to next step to create an EKS cluster.
The following command will create an eks cluster with the name eksworkshop-eksctl
.It will also create a nodegroup with 2 on-demand instances.
eksctl create cluster --version=1.14 --name=eksworkshop-eksctl --nodes=2 --alb-ingress-access --region=${AWS_REGION} --node-labels="lifecycle=OnDemand,intent=control-apps" --asg-access
eksctl allows us to pass parameters to initialize the cluster. While initializing the cluster, eksctl does also allow us to create a nodegroup. The nodegroup will have two m5.large nodes and it will bootstrap with the labels lifecycle=OnDemand and intent=control-apps.
Launching EKS and all the dependencies will take approximately 15 minutes