Create an Amazon VPC for EKS

Provisioning Virtual Private Cloud for EKS using Terraform

This article covers how to create an Amazon VPC (Virtual Private Cloud) using Terraform for the purposes of provisioning EKS (Elastic Kubernetes Service).

This will be particularly useful for those that use eksctl tool (see below for context). This will be a three part series with the following planned articles:

  1. Provisioning AWS VPC for EKS using Terraform
  2. Provisioning EKS with Existing VPC using eksctl
  3. Provisioning EKS with Existing VPC using Terraform

The Wonderful EKSCtl Tool

The eksctl tool is great because you can setup a complete production ready Amazon EKS cluster with a single command and a small eksctl config file to describe your cluster. The automation also can add canned policies, like access to ECR (Elastic Container Registry), Route53, ALB (Application Load Balancer), or custom policies for pods running on the cluster.

This automation is on top of automation that creates a VPC, private and public subnets, routing tables, gateways, and security groups need by EKS to function properly.

This automation is great, but comes with some drawbacks. What if you wanted to automate the VPC and EKS separately?

There can be many reasons for this, such having two EKS clusters, or perhaps integrating with other applications running outside of EKS on their own EC2 (Elastic Compute Cloud), or maybe a jump box or bastion host running on one of the public subnets.

You can add these things, but this will add frustration later when you try to delete either the VPC or EKS, as they are tethered together, and you won’t be and the deletion may fail, because of a security group or something else uses a component on the VPC created by eksctl.

For the greatest flexibility and re-use, the ideal scenario is to create these separately, and then use eksctl on the existing infrastructure. How do we do this?

The Tools Involved

You will need to get these tools:

  • Terraform: tool that does the cloud provisioning
  • AWS CLI: tool that allows access to automate AWS cloud services.

Part 1: The VPC Module

We’re going to create module that has the parameters we want, which then ultimately passes this Terraform AWS VPC module.

Create Project Area

Create some place to put out code:

mkdir -p ~/my_vpc_project
export PROJECT=~/my_vpc_project

Create Structure and Files for the VPC Module

Using bash we create the files we’ll use for this exercise with:

mkdir -p $PROJECT/vpc
touch $PROJECT/vpc/{locals,main,variables,versions}.tf

Versions

This code will require Terraform 0.12 and above, and we should use a recent version of AWS provider.

vpc/versions.tf

Variables

We’ll set some default variables that’ll use for this the VPC. We’ll specify an optional eks_cluster_name used for tagging the subnets for a future EKS.

vpc/variables.tf

Locals

We can set a local variable to default to name if eks_cluster_name is blank.

vpc/locals.tf

Main

We pass all these variables and locals to external public domain vpc module that is published on Terraform registry.

vpc/main.tf

Part 2: Using the VPC Module

So now we have a usable module, let’s use it.

First create files required for the exercise:

touch $PROJECT/{main,provider}.tf $PROJECT/terraform.tfvars

Provider

At this level, we want to specify all the providers that we will use, which in this case is just AWS. We have to tell the provider what region we’ll use.

Main

We’ll only use two variables, name and region, which the operator should specify at time of provisioning these resources. We could supply an eks_cluster_name, but instead will rely on the default behavior.

External Variables

For variables that outside of this code, we can set them in terraform.tfvars file, which we can create with bash.

cat <<-EOF > terraform.tfvars
region = "us-east-2"
name = "acme-test-cluster"
EOF

Part 3: Create It

To run this, you can do the following:

cd $PROJECT# download providers and modules
terraform init
# apply the infrastructure
terraform apply

Part 4: Destroy It

If you no longer need this infrastructure, you can delete it:

cd $PROJECT
terraform destroy

Resources

Blog Source Code

Terraform Modules

Next Article

Conclusion

This is a good introduction to AWS and Terraform modules, as well as useful in decoupling creating VPC infrastructure from EKS, or useful is creating a infrastructure with private and public subnets.

In some followup articles, I will cover how to create EKS using the existing VPC infrastructure created here.

Linux NinjaPants Automation Engineering Mutant — exploring DevOps, o11y, k8s, progressive deployment (ci/cd), cloud native infra, infra as code

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

3 Reasons I Prefer The Title Software Engineer Over Software Developer

GCP Compliance and Common Warning Letters

The challenge of scale: nonstop growth with Kubernetes and Helm

Agile Project Management

Detailed Overview About Equipment Tracking System

Equipment Tracking System

How to Make Nested Lists or Indented Bullet Points on Medium

The Engineering Behind Coded Coupons, eBay’s New Seller Tool

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Joaquín Menchaca (智裕)

Joaquín Menchaca (智裕)

Linux NinjaPants Automation Engineering Mutant — exploring DevOps, o11y, k8s, progressive deployment (ci/cd), cloud native infra, infra as code

More from Medium

ACL on S3 bucket objects with Terraform

Use homebrew to install aws kubernetes tooling

Provisioning AWS Karpenter Provisioners with Terraform

How to Deploy a Fedora Linux VM Instance in GCP using Terraform