- Created terraform modules for extreme reusability, readability and simpler code ✨
- Decisions and References are commented everywhere 🔦
- Easy to spin off complete environment with few inputs and imports 🚀
- Remote Backends to store tf state at cloud storage for multi-user managemment 🪣
.
├── root // contains all cloud provider directories
| ├── aws-mumbai-dev-alpha
| ├── aws-mumbai-prod-alpha
| ├── aws-mumbai-dev-beta
| |
| └── tf-modules // contains all reusable custom aws modules across environments
| ├── networking // contains all networking resources
| ├── default-iam // contains iam roles, policies and service accounts needed for cluster and node groups
| ├── oidc // contains openId connect issuer resources
| ├── alb-controller // contains application load balancer controller resources and deployment using helm
| ├── cluster-autoscaler // contains cluster autoscaler resources and deployment using helm
| ├── ebs-csi-driver // contains EBS addon for EKS
| ├── iam-sa // contains implementation of iam-roles-for-service-accounts
| ├── node-group // contains implementation of EKS node group with configurables
| └── s3-bucket // contains components for s3 buckets and iam
.
- For the AWS tf-modules, each module have set of varibles where some of them must be provided at time of import
and rest have default values. It's important to check the default values of varibales and override them if needed. - Version variables must be checked and adjusted during import according to the compatibility of deployments
- For creating AWS environment, an EC2 instance key pair needs to be created and provide in env inputs.
- Setup aws-cli and SSO credentials with profile names as in provider.tf file of respective environment.
-
Networking
- Used for creating networking componenets needed for the environment.
- Creates the following components:
- VPC
- Subnets
- NAT and Internet Gateways
- Route Tables and Associations
- Security Groups
-
Default IAM
- Used for creating basic IAM needed for environment ops.
- Creates IAM roles, polices and attachments required for EKS clusters and node groups.
-
OIDC
- Used to create an IAM OIDC provider for EKS cluster
-
ALB Controller
- Used to deploy AWS Load Balancer Controller
- Manages AWS Elastic Load Balancers for a Kubernetes cluster
- Contains IAM roles, policies and service sccounts needed for ALB deployment
- Used
HELMto deploy alb controller
-
Cluster Autoscaler
- Used to deploy cluster autoscaler for EKS cluster
- Used
HELMto deploy AWS cluster autoscaler - Manages autoscaling of node groups
- Contains autoscaler deployment and IAM required for operations.
-
EBS CSI Driver
- Used to add EBS plugin for EKS cluster
- Used to provisions blocks storages EKS workloads
-
IAM SA
- Used to create Kubernetes Service Accounts with associated IAM roles.
- Pods configured to use the service account can access any AWS service that the role has permissions to access.
- Can associate S3 buckets and EMR IAM roles.
-
Node Group
- Used to create a EKS node group
- Flexible configurations with predefined instance types, autoscaling options and taints etc..
-
S3 Bucket
- Used to create S3 buckets.
- Configurable options to provide public/ private access, create IAM users for buckets etc..
- Change to directory to current working environment
cd root/aws/aws-mumbai-dev-alpha-
Provide necessary input environment variables in
variables.auto.tfvarsfile. -
Validate the terraform code
terraform init
terraform validate- Verify the Plan/Changes and Apply
terraform plan
terraform apply- For maintaining the terraform state across users, A remote backend (GCS/S3) bucket can be used.
- Uncomment the
backendsection inprovider.tffile and provide necessary inputs. - Once done run the following command to setup the remote backend.
terraform init