Amazon EKS Create and Delete Cluster: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 9: Line 9:


* [[AWS_Security_Operations#Create_an_IAM_Role|Create a dedicated IAM role]]. The use case should be "EKS - Cluster".
* [[AWS_Security_Operations#Create_an_IAM_Role|Create a dedicated IAM role]]. The use case should be "EKS - Cluster".
** Make sure the IAM use you are going to call into with has sts:AssumeRole for the IAM role.
** Make sure the IAM user you are going to call into the cluster (arn:aws:iam::999999999999:user/some.user) has sts:AssumeRole for the IAM role. This is how to [[hAWS_Security_Operations#Enable_an_IAM_User_to_Assume_an_IAM_Role|enable an IAM User to assume an IAM Role]].
* Create a VPC and record VpcId, SecurityGroups, SubnetId
* Create a VPC and record VpcId, SecurityGroups, SubnetId
* Create the cluster. From the Console → EKS → Create Cluster:
* Create the cluster. From the Console → EKS → Create Cluster:
Line 18: Line 18:
** Security groups: use Control Plane Security Group.
** Security groups: use Control Plane Security Group.
** Custer Endpoint Access
** Custer Endpoint Access
=

Revision as of 20:53, 3 September 2020

External

Internal

Procedure

  • Create a dedicated IAM role. The use case should be "EKS - Cluster".
  • Create a VPC and record VpcId, SecurityGroups, SubnetId
  • Create the cluster. From the Console → EKS → Create Cluster:
    • Cluster Service Role
    • Next
    • VPC
    • Subnets (all existing are preselected)
    • Security groups: use Control Plane Security Group.
    • Custer Endpoint Access

=