Modular and Scalable Amazon EKS Architecture
Amazon EKS Quick Start

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Planning the deployment

Specialized knowledge

This Quick Start assumes familiarity with Kubernetes concepts and usage. Sections that cover building AWS CloudFormation templates using the provided custom resources assume knowledge of authoring AWS CloudFormation templates.

This deployment guide also requires a moderate level of familiarity with AWS services. If you’re new to AWS, visit the Getting Started Resource Center and the AWS Training and Certification website for materials and programs that can help you develop the skills to design, deploy, and operate your infrastructure and applications on the AWS Cloud.

AWS account

If you don’t already have an AWS account, create one at https://aws.amazon.com by following the on-screen instructions. Part of the sign-up process involves receiving a phone call and entering a PIN using the phone keypad.

Your AWS account is automatically signed up for all AWS services. You are charged only for the services you use.

Technical requirements

Before you launch the Quick Start, your account must be configured as specified in the following table. Otherwise, deployment might fail.

Resources

If necessary, request service limit increases for the following resources. You might need to do this if you already have an existing deployment that uses these resources, and you think you might exceed the default limits with this deployment.

AWS Trusted Advisor offers a service limits check that displays your usage and limits for some aspects of some services.

Resource Default limit This deployment uses (default configuration)

VPCs

5 per region

1

VPC security groups

300 per account

3

IAM roles

1,000 per account

9

Auto Scaling groups

200 per region

2

t2.medium instances

20 per region

3

t2.micro instances

20 per region

1

Regions

Amazon EKS and Amazon Elastic File System (Amazon EFS) aren’t currently supported in all AWS Regions. For a current list of supported regions, see AWS Regions and Endpoints in the AWS documentation.

Key pair

Make sure that at least one Amazon EC2 key pair exists in your AWS account in the region where you are planning to deploy the Quick Start. Make note of the key pair name. You’ll be prompted for this information during deployment. To create a key pair, follow the instructions in the AWS documentation.

If you’re deploying the Quick Start for testing or proof-of-concept purposes, we recommend that you create a new key pair instead of specifying a key pair that’s already being used by a production instance.

Amazon S3 URLs

If you’re copying the templates to your own Amazon S3 bucket for deployment, make sure that you update the QSS3Bucket and QSS3Prefix parameters to reflect the location of the files in your bucket. Otherwise, deployment may fail or behave unexpectedly.

IAM permissions

To deploy the Quick Start, you must log in to the AWS Management Console with IAM permissions for the resources and actions the templates will deploy. The AdministratorAccess managed policy within IAM provides sufficient permissions, although your organization may choose to use a custom policy with more restrictions.

S3 buckets

Unique S3 bucket names are automatically generated based on the account number and region. If you delete a stack, the logging buckets are not deleted (to support security review). If you plan to re-deploy this Quick Start in the same region, you must first manually delete the S3 buckets that were created during the previous deployment; otherwise, the re-deployment will fail.

Deployment options

This Quick Start provides two deployment options:

  • Deploy Amazon EKS into a new VPC (end-to-end deployment). This option builds a new AWS environment consisting of the VPC, subnets, NAT gateways, security groups, bastion hosts, and other infrastructure components, and then deploys Amazon EKS into this new VPC.

  • Deploy Amazon EKS into an existing VPC. This option provisions Amazon EKS in your existing AWS infrastructure.

The Quick Start provides separate templates for these options. It also lets you configure CIDR blocks, instance types, and Amazon EKS settings, as discussed later in this guide.