Amazon EKS Create and Delete Cluster
External
Internal
Creation Procedure
Create Resources
Create a dedicated VPC and associated resources using the pre-defined CloudFormation stack as described here: https://docs.aws.amazon.com/eks/latest/userguide/getting-started-console.html.
- Use "public and private subnets" option.
- Do not specify an IAM role.
Write down the name of the stack, as it may be needed to delete the resources.
Also write down VpcId, SecurityGroups, SubnetId
Create the Cluster Service Role
For an explanation of what a cluster service role is see:
Creation:
The IAM role can be created as described here: https://docs.aws.amazon.com/eks/latest/userguide/service_IAM_role.html#create-service-role
Conventionally it should be name <cluster-name>-service-role.
The use case should be "EKS - Cluster".
Create the Cluster
The cluster will be accessible to the IAM User that creates it without any additional configuration. Other users can be added as described in the Allowing Additional Users to Access the EKS Cluster section, after the cluster is created.
Create the cluster. From the Console → EKS → Create Cluster
- Cluster Service Role
- VPC
- Subnets (all existing are preselected)
- Security groups: use Control Plane Security Group.
- Custer Endpoint Access
Provision managed nodes (compute):
Create a "compute" Role (EC2 add AmazonEKSWorkerNodePolicy, AmazonEKS_CNI_Policy, AmazonEC2ContainerRegistryReadOnly policies)
Select the EKS cluster, go to Compute
Add Node Group.
Select only the private subnets.
Verify with
kubectl get nodes
Provision Nodes
Create a dedicated IAM role following the procedure described here. Use the "EKS - Cluster" use case.
Edit the role trust relationship and ensure that the IAM user used to create the cluster (arn:aws:iam::999999999999:user/some.user) has sts:AssumeRole for the IAM role. This is how to enable an IAM User to assume an IAM Role.
Deletion Procedure
Delete Nodes and Cluster
Delete Nodes
Go to the cluster → Compute → Node Groups → Select → Delete.
Deleting the Node Group automatically terminates and deletes the instances.
Delete the Cluster
Delete the cluster.
Delete the Associated Resources
Remove the associated resources (subnets, VPC, etc.) by running Delete on the CloudFormation stack used to create resources.