A comprehensive Infrastructure as Code (IaC) learning path focusing on AWS EKS (Elastic Kubernetes Service) deployment and management. This project guides you from basic EC2 instances to production-ready Kubernetes clusters using both Terraform and eksctl approaches.
This repository contains a series of hands-on exercises that progressively build your skills in:
- AWS infrastructure provisioning with Terraform
- Kubernetes cluster setup and management
- Containerized application deployment
- Load balancer and ingress configuration
- IAM policy management for EKS
Each exercise builds upon knowledge from previous ones, creating a comprehensive learning path from basic cloud infrastructure to production-ready Kubernetes environments.
- Simple EC2 instance creation in existing subnet
- Basic AWS provider configuration
- Terraform state management introduction
- Key Skills: Terraform basics, EC2 provisioning
2. VPC with EC2
- Complete VPC setup with custom subnet
- Security Group configuration
- EC2 instance in the custom VPC
- Key Skills: VPC architecture, security groups, network ACLs
- Kubernetes cluster creation using kops
- Production environment setup
- Key Skills: kops, Kubernetes basics, DNS configuration
- Note: Requires full AWS permissions (doesn't work in sandbox environments)
- EKS cluster creation using eksctl
- Deployment of containerized applications
- Kubernetes services and pod management
- Port forwarding and testing strategies
- Key Skills: eksctl, kubectl, container deployment, service configuration
- AWS Load Balancer Controller setup
- ALB ingress configuration
- Production-ready external access
- IAM policy management
- Key Skills: ALB configuration, ingress resources, IAM policies, API routing
- Terraform (v1.0.0+)
- AWS CLI (v2.0.0+)
- kubectl (v1.20.0+)
- eksctl (v0.80.0+)
- helm (v3.0.0+) - for AWS Load Balancer Controller
- Docker - for containerizing applications
- AWS Account with appropriate permissions
- AWS CLI configured with access keys:
aws configure
- Ensure quotas for EKS, EC2, and other services are sufficient
git clone https://github.com/yourusername/terraform-journey-for-beginners.git
cd terraform-journey-for-beginners- Start with "1. Provision an EC2" and progress through each numbered directory
- Read the README in each exercise directory before starting
- Follow the step-by-step instructions in each exercise
- Complete the exercises in order, as they build upon each other
# Initialize Terraform
cd "1. Provision an EC2"
terraform init
# Plan the infrastructure
terraform plan
# Apply the changes
terraform apply
# When finished, destroy resources
terraform destroy# Create EKS cluster
eksctl create cluster \
--name my-eks-cluster \
--region us-west-2 \
--nodegroup-name my-nodes \
--node-type t3.medium \
--nodes 3
# Verify cluster creation
kubectl get nodesEach exercise includes setup scripts to automate the deployment process:
cd "6. Deploy pods in cluster created by eksctl pt 2"
chmod +x setup-new.sh
./setup-new.sh- Infrastructure as Code (IaC) fundamentals
- Resource declarations and dependencies
- State management
- Variable and output management
- EC2 instances and AMIs
- VPC, subnets, and security groups
- IAM roles and policies
- EKS (Elastic Kubernetes Service)
- Application Load Balancers (ALB)
- Cluster architecture and components
- Pod deployment and lifecycle
- Service types and networking
- Ingress controllers and resources
- ConfigMaps and Secrets
- Infrastructure automation
- Container orchestration
- Load balancing and traffic management
- IAM and security best practices
- State Management: Keep Terraform state files secure and use remote backends in production
- Resource Naming: Use consistent naming conventions for all resources
- Modularization: Break complex infrastructure into reusable modules
- Right-sizing: Choose appropriate instance types for node groups
- IAM Permissions: Follow least privilege principles for service accounts
- Monitoring: Implement logging and monitoring from the start
- Resource Cleanup: Always destroy test resources when not in use
- Spot Instances: Consider spot instances for non-critical workloads
- Autoscaling: Implement autoscaling to match resource usage with demand
- Network Isolation: Use private subnets for worker nodes when possible
- Security Groups: Restrict inbound/outbound traffic to minimum required
- IAM Roles: Use fine-grained permissions with service account roles
| Resource | Approximate Cost (US regions) |
|---|---|
| EC2 t3.medium | $0.0416/hour (~$30/month) |
| EKS Cluster | $0.10/hour (~$73/month) |
| Application Load Balancer | ~$22.50/month + data processing |
| NAT Gateway | ~$32/month + data processing |
| Data Transfer | $0.09/GB (outbound) |
Always remember to clean up resources after completing exercises to avoid unexpected charges!
cd "directory_name"
terraform destroy -auto-approveeksctl delete cluster --name my-eks-cluster --region us-west-2# Delete ingress first (removes ALB)
kubectl delete ingress frontend-ingress
# Delete IAM policy
aws iam delete-policy --policy-arn arn:aws:iam::YOUR-ACCOUNT-ID:policy/AWSLoadBalancerControllerIAMPolicy
## π Additional Resources
- [AWS EKS Documentation](https://docs.aws.amazon.com/eks/latest/userguide/what-is-eks.html)
- [Terraform Documentation](https://www.terraform.io/docs)
- [eksctl Documentation](https://eksctl.io/)
- [Kubernetes Documentation](https://kubernetes.io/docs/home/)
- [AWS Load Balancer Controller](https://kubernetes-sigs.github.io/aws-load-balancer-controller/)
## π₯ Contributing
Contributions are welcome! Please feel free to submit a Pull Request.
1. Fork the repository
2. Create your feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add some amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
## π License
This project is licensed under the MIT License - see the LICENSE file for details.
---
Happy learning! π
4. Opening a pull request