Amazon EKS Create and Delete Cluster: Difference between revisions
Jump to navigation
Jump to search
| Line 9: | Line 9: | ||
* [[AWS_Security_Operations#Create_an_IAM_Role|Create a dedicated IAM role]]. The use case should be "EKS - Cluster". | * [[AWS_Security_Operations#Create_an_IAM_Role|Create a dedicated IAM role]]. The use case should be "EKS - Cluster". | ||
** Make sure the IAM | ** Make sure the IAM user you are going to call into the cluster (arn:aws:iam::999999999999:user/some.user) has sts:AssumeRole for the IAM role. This is how to [[hAWS_Security_Operations#Enable_an_IAM_User_to_Assume_an_IAM_Role|enable an IAM User to assume an IAM Role]]. | ||
* Create a VPC and record VpcId, SecurityGroups, SubnetId | * Create a VPC and record VpcId, SecurityGroups, SubnetId | ||
* Create the cluster. From the Console → EKS → Create Cluster: | * Create the cluster. From the Console → EKS → Create Cluster: | ||
| Line 18: | Line 18: | ||
** Security groups: use Control Plane Security Group. | ** Security groups: use Control Plane Security Group. | ||
** Custer Endpoint Access | ** Custer Endpoint Access | ||
= | |||
Revision as of 20:53, 3 September 2020
External
Internal
Procedure
- Create a dedicated IAM role. The use case should be "EKS - Cluster".
- Make sure the IAM user you are going to call into the cluster (arn:aws:iam::999999999999:user/some.user) has sts:AssumeRole for the IAM role. This is how to enable an IAM User to assume an IAM Role.
- Create a VPC and record VpcId, SecurityGroups, SubnetId
- Create the cluster. From the Console → EKS → Create Cluster:
- Cluster Service Role
- Next
- VPC
- Subnets (all existing are preselected)
- Security groups: use Control Plane Security Group.
- Custer Endpoint Access
=