AWS : Create EKS Cluster and deploy an application

Reading Time: 5 mins


Amazon Elastic Kubernetes Service (Amazon EKS) is a managed service that you can use to run Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. Kubernetes is an open-source system for automating the deployment, scaling, and management of containerized applications. In this post, I will be taking you through the steps to create a Kubernetes cluster on Amazon EKS.

Install AWS CLI, Kubectl

In this section, Install the required CLI’s in your local machine which will be used to connect to EKS clusters once deployed.

  • Download and install the aws  command line tool at its install page. It will help you create and communicate with  EKS cluster. Once cli is successfully installed, configure the same using below steps:
# Configure AWS CLI, refer to to know the steps to fetch AWS access key ID and secret. 

$ aws configure
AWS Access Key ID [None]: <copy the access key ID>
AWS Secret Access Key [None]: <copy the secret>
Default region name [None]: ap-south-1
Default output format [None]:

# Optional if you have AWS session Token: 

$ aws configure set aws_session_token <Copy the token>
  • Install kubectl (reads kube control), it is a tool for controlling Kubernetes clusters in general.

Create Cluster Service Role

  • Login to AWS management console > IAM > Access Management > Roles > Create Role
  • Select AWS Service
  • Under select a service to view its use cases , select EKS
  • Select your use case > EKS Cluster and click on Next Permissions
  • Leave AmazonEKSClusterPolicy to default and click on Next: Tags
  • Add Tag (Optional) and click on Next: Review
  • Give a name and click on Create role.

Create Node IAM Role

  • Login to AWS management console > IAM > Access Management > Roles > Create Role
  • Select AWS Service > EC2 and click on Next:Permissions
  • Under Attach Permissions, select below policies and click on Next:Tags
        • AmazonEKSWorkerNodePolicy
        • AmazonEC2ContainerRegistryReadOnly
        • AmazonEKS_CNI_Policy
  • Tags (Optional) and click Next: Review
  • Give a Name and Create role.

Create EKS Cluster

  • Login to AWS management console > Elastic Kubernetes Service > Add Cluster > Create

  • Click Next
  • Under Specify networking section, leave the values to default and click Next
  • Under Configure logging section, leave the values to default and click Next
  • Click Create

Cluster creation should take a while to complete, upon successful completion, status should show Active

Create Node group in EKS cluster

  • Click on newly created EKS cluster > Configuration > Compute > Add Node group
  • Name: Give a Name
  • Node IAM Role: Select the node role created in previous step

Note: There are various fields which can be used like launch templates, Labels, Taints etc .. In this demo, I sticked to default values.

  • Next

  • Node group compute configuration: For this demo, I have used t3.xlarge and 30 GiB disk size. You can use a smaller instance type in your environment which is not a problem.

  • Node Group scaling configuration: I preferred to choose min and max size as 2, you can certainly have more nodes based on requirement.

  • Node Group update configuration: Leave as default and click Next
  • Node Group network configuration: Leave as default (To be able to take ssh to worker nodes, enable the option Configure SSH access to nodes) and click Next
  • Review and Create

Node creation takes 5-10 mins based on the region selected, upon successful completion, status should turn Active.

Create Amazon ECR(Optional):

In this demo, I will be using ECR (Elastic Container Registry) to store the images. You can deploy the application with images located in any registry of your choice.

  • Login to AWS Management console > search for Elastic Container Registry > Create a repository (Get Started) > Enter name > Create repository

  • Click on Repo name > View push commands to get the authentication token and authenticate Docker client to your registry.
# Retrieve an authentication token and authenticate your Docker client to your registry.

aws ecr get-login-password --region ap-south-1 | docker login --username AWS --password-stdin
Login Succeeded

# Tag an Image that is already downloaded (Change the source and target names accordingly)

docker tag

# Push the local image to ECR

 docker push
  • Check the uploaded images in repository.

Deploy Application

## Update the context to connect to EKS cluster, syntax: aws eks update-kubeconfig --region <region>--name <EKS cluster name>

$ aws eks update-kubeconfig --region ap-south-1 --name tap-demo-cluster
Updated context arn:aws:eks:ap-south-1:7780600:cluster/tap-demo-cluster in /Users/eknath/.kube/config

# verify the context and ensure * is pointing to correct cluster.
$ kubectl config get-contexts
CURRENT   NAME                                                           CLUSTER                                                        AUTHINFO                                                       NAMESPACE
*         arn:aws:eks:ap-south-1:778018600:cluster/tap-demo-cluster   arn:aws:eks:ap-south-1:778018600:cluster/tap-demo-cluster   arn:aws:eks:ap-south-1:778018600:cluster/tap-demo-cluster

# Get EKS cluster nodes
$ kubectl get nodes
NAME                                           STATUS   ROLES    AGE    VERSION
ip-172-31-26-60.ap-south-1.compute.internal    Ready    <none>   5m     v1.21.5-eks-bc4871b
ip-172-31-36-241.ap-south-1.compute.internal   Ready    <none>   5m5s   v1.21.5-eks-bc4871b
# Create a deployment

kubectl create deployment spring-deploy --port=8080 --replicas=2

# Expose the deployment
kubectl expose deployment spring-deploy --port=8080 --type=LoadBalancer

# Collect the External IP of service spring-deploy
kubectl get svc
NAME            TYPE           CLUSTER-IP     EXTERNAL-IP                                                                PORT(S)          AGE
kubernetes      ClusterIP     <none>                                                                     443/TCP          4d6h
spring-deploy   LoadBalancer   8080:32719/TCP   9s
  • Access the load balancer from your browser: