Open in app

Sign in

Write

Sign in

How to Create an EKS cluster via eksctl

Daniel Montoya
2 min readDec 9, 2019

To create a new Kubernetes cluster on AWS (EKS), we must first create a user with the necessary permissions. Steps required:

  • Create a new IAM policy, grant permissions
  • Create a new IAM group, attach the new policy
  • Create a new IAM user, add the user to the new group

To create a new cluster, you will need to create an IAM policy with “dangerous“ privileges.

For security reasons, make sure you de-allocate that policy from all users once you are done setting up the cluster. Allocate a policy with minimum privileges instead.

Sample policy* with privileges to create a new cluster:

*This policy is dangerous. Please delete it once you have created the cluster.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "eksCtlCloudFormation",
            "Effect": "Allow",
            "Action": "cloudformation:*",
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "eks:*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "autoscaling:*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor3",
            "Effect": "Allow",
            "Action": [
                "iam:*"
            ],
            "Resource": "*"
        },
        {
            "Sid": "EksNetworking",
            "Effect": "Allow",
            "Action": [
                "ec2:*"
            ],
            "Resource": "*"
        }
    ]
}

Once you have created an IAM user with the correct permissions, store the login credentials in your local AWS credentials file.

To simplify this tutorial, set your new credentials and config as the default:

~/.aws/credentials

[default]
aws_access_key_id = YOUR_NEW_USERs_ACCESS_KEY_ID
aws_secret_access_key = YOUR_NEW_USERs_SECRET_ACCESS_KEY

~/.aws/config

[default]
region = us-east-1
output = json

With the right permissions and credentials, we are now ready to create the new EKS cluster via eksctl.

Before we proceed, make sure you have installed eksctl. You can check by running:

eksctl version

If not yet installed, please follow the instructions on AWS’s official documentation:

https://docs.aws.amazon.com/eks/latest/userguide/getting-started-eksctl.html

Once eksctl is installed, run the following command, replacing brighteyetea with your cluster name and the version number with the latest available.

eksctl create cluster \
--name brighteyetea-eks \
--version 1.16 \
--region us-east-1 \
--nodegroup-name brighteyetea-ng-workers \
--node-type t2.medium \
--nodes 3 \
--nodes-min 1 \
--nodes-max 4 \
--managed

If the command runs without errors, you have successfully created a new EKS cluster.

You can verify by running the following command:

kubectl get nodes
AWS
Kubernetes
Eks
Kubernetes Cluster

--

--

Daniel Montoya

Written by Daniel Montoya

4 Followers

Software Engineer ~ montoya.com.au

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams