Amazon EKS Create and Delete Cluster: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 12: Line 12:
Edit the role trust relationship and ensure that the IAM user used to create the cluster (arn:aws:iam::999999999999:user/some.user) has sts:AssumeRole for the IAM role. This is how to [[AWS_Security_Operations#Enable_an_IAM_User_to_Assume_an_IAM_Role|enable an IAM User to assume an IAM Role]].
Edit the role trust relationship and ensure that the IAM user used to create the cluster (arn:aws:iam::999999999999:user/some.user) has sts:AssumeRole for the IAM role. This is how to [[AWS_Security_Operations#Enable_an_IAM_User_to_Assume_an_IAM_Role|enable an IAM User to assume an IAM Role]].


 
Create a dedicated VPC and associated resources using the pre-defined CloudFormation stack as described here: https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html
Create a VPC using the pre-defined CloudFormation stack as described here: https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html


Write down the name of the stack, as it may be needed to delete the resources.
Write down the name of the stack, as it may be needed to delete the resources.

Revision as of 22:40, 3 September 2020

External

Internal

Creation Procedure

Create a dedicated IAM role following the procedure described here. Use the "EKS - Cluster" use case.

Edit the role trust relationship and ensure that the IAM user used to create the cluster (arn:aws:iam::999999999999:user/some.user) has sts:AssumeRole for the IAM role. This is how to enable an IAM User to assume an IAM Role.

Create a dedicated VPC and associated resources using the pre-defined CloudFormation stack as described here: https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html

Write down the name of the stack, as it may be needed to delete the resources.

Record VpcId, SecurityGroups, SubnetId


  • Create the cluster. From the Console → EKS → Create Cluster:
    • Cluster Service Role
    • Next
    • VPC
    • Subnets (all existing are preselected)
    • Security groups: use Control Plane Security Group.
    • Custer Endpoint Access

Deletion Procedure

Delete the cluster.

Remove the associated resources by running Delete on the CloudFormation stack used to create resources.