Before we build the EKS setup using terraform. We need a
- remote storage to store terraform state files
- image registry (ECR repo) to store the docker images of applications
- IAM OIDC identity provider to grant github actions access to AWS (needed to deploy EKS and kubernetes applications)
- IAM OIDC identiy provider will create an IAM role that will be assumed by github actions for deployment, this IAM role will be required in EKS terrafrom code to grant admin level privileges on EKS
- Route53 domain to expose our application and ACM certificates to secure expose your application using https protocol
The terraform code here will create these required resources and this is onetime activity.
Note: The terraform state of these pre-requisites resources are not not stored anywhere remotely. This is might change in future.
The resources can be deployed either manually or using github actions. Prior to the deployment you need to be prepared.
Make sure the values in vars.tfvars are appropriate one as per your needs. This guide outlines each values in vars.tfvars
.
- Login with your aws account with
aws
cli# Set AWS credentials (access key, secret key, region) aws configure --profile wetravel export AWS_PROFILE=wetravel
- Make sure
vars.tfvars
contains correct values (refer preparations section above) and also make sure that theterraform
is installed on your system (version >= v1.3.0). - Initialize terraform
# switch to correct directory cd infrastructure/pre-requisites # initialize terraform terraform init
- Plan
# update the command with the preferred tfvars recipe terraform plan -var-file=vars.tfvars -out tfplan
- Apply
terraform apply "tfplan"
- To destroy plan with destroy and apply again (USE only when you want to destroy your environment)
# update the command with the preferred tfvars recipe terraform plan -var-file=vars.tfvars -out tfplan -destroy terraform apply "tfplan"
Once the pre-requisites resources are created, take a note of below points:
- ACM certificate ARN
- Route53 domain name
- S3 bucket name
- DynamoDB table name
- ECR Repo name
- OIDC IAM role ARN These details will be required when you bring EKS cluster.