πPart 1 Streamlining AWS Infrastructure for Kubernetes: A Guide to Terraform & Ansible Setup


1οΈβ£ Overview
This section covers automating AWS infrastructure setup for Kubernetes using:
β
Terraform Modules for AWS Infrastructure
β
Ansible Roles for Configuring EC2 Instances
β
IAM Roles, Security Enhancements, and System Optimizations
β
Troubleshooting and Best Practices
By the end of this guide, youβll have a production-ready AWS environment for Kubernetes.
2οΈβ£ AWS Credentials & Configuration
πΉ Why is this important?
AWS authentication is required for Terraform and Ansible to create and manage resources.
πΉ Step 1: Install AWS CLI
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /
πΉ Step 2: Configure AWS Credentials
aws configure
Enter your credentials:
AWS Access Key ID [None]: AKIAXXXXXXXXXXXXX
AWS Secret Access Key [None]: XXXXXXXXXXXXXXXXXXXXXXXX
Default region name [None]: us-east-1
Default output format [None]: json
πΉ Step 3: Verify AWS Access
aws sts get-caller-identity
β Expected Output:
{
"UserId": "AIDAEXAMPLEID",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/Admin"
}
3οΈβ£ Terraform Setup for AWS Infrastructure
πΉ Why Use Terraform Modules?
Modular & Reusable: Allows different teams to manage VPC, EC2, Security Groups independently.
Scalability: Makes infrastructure modifications easy.
Consistency: Avoids manual setup errors.
πΉ Terraform Directory Structure
terraform-setup/
βββ modules/
β βββ vpc/
β β βββ main.tf
β β βββ variables.tf
β β βββ outputs.tf
β βββ ec2/
β β βββ main.tf
β β βββ variables.tf
β β βββ outputs.tf
βββ main.tf
βββ variables.tf
βββ outputs.tf
βββ terraform.tfvars
πΉ Module 1: VPC (modules/vpc/
main.tf
)
Creates a VPC and Subnet for Kubernetes networking.
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_subnet" "public_subnet" {
vpc_id = aws_vpc.main.id
cidr_block = var.subnet_cidr
map_public_ip_on_launch = true
}
Variables (modules/vpc/
variables.tf
)
variable "vpc_cidr" { default = "10.0.0.0/16" }
variable "subnet_cidr" { default = "10.0.1.0/24" }
πΉ Module 2: Security Groups (modules/security/
main.tf
)
Manages network security by restricting access.
resource "aws_security_group" "k8s_sg" {
vpc_id = var.vpc_id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
πΉ Module 3: IAM Role for EC2 (modules/iam/
main.tf
)
Allows EC2 to interact with AWS services.
resource "aws_iam_role" "ec2_role" {
name = "ec2-k8s-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
πΉ Module 4: EC2 Instance (modules/ec2/
main.tf
)
Deploys an EC2 instance with Ubuntu.
resource "aws_instance" "ec2" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = var.instance_type
subnet_id = var.subnet_id
key_name = var.key_name
iam_instance_profile = aws_iam_role.ec2_role.name
}
πΉ Deploy Terraform Configuration
terraform init
terraform apply -auto-approve
β Sample Output:
Apply complete! Resources: 5 added.
ec2_public_ip = "3.85.76.182"
4οΈβ£ Ansible Setup for Kubernetes Dependencies
πΉ Why Use Ansible?
Automates EC2 Configuration (installs Docker, Kind, kubectl).
Ensures Consistency across multiple instances.
πΉ Ansible Directory Structure
ansible-setup/
βββ roles/
β βββ common/
β β βββ tasks/
β β β βββ main.yml
β βββ kubernetes/
β β βββ tasks/
β β β βββ main.yml
βββ inventory.ini
βββ setup.yml
πΉ Role: Install Dependencies (roles/common/tasks/main.yml
)
- name: Install dependencies
apt:
name: ['docker.io', 'curl']
state: present
update_cache: yes
πΉ Role: Setup Kind Cluster (roles/kubernetes/tasks/main.yml
)
- name: Install Kind
shell: |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create Kind Cluster
shell: kind create cluster --name easyshop
πΉ Ansible Playbook (setup.yml
)
- name: Setup Kubernetes Cluster
hosts: servers
become: yes
roles:
- common
- kubernetes
5οΈβ£ Validation & Testing
Check if Kind Cluster is Running
kubectl get nodes
β Expected Output:
NAME STATUS ROLES AGE VERSION
kind-control-plane Ready master 2m v1.28.0
6οΈβ£ Troubleshooting & Best Practices
Common Terraform Errors
"IAM role does not exist" β Ensure the IAM role is created before EC2 starts.
"Security group not found" β Check that Security Groups are correctly referenced.
Common Ansible Errors
SSH Connection Issues β Ensure EC2 key pair matches the one defined in Terraform.
Permission Denied β Use
become: yes
in Ansible tasks for elevated privileges.
π― Conclusion
π AWS infrastructure is now production-ready!
β
Terraform Modules for VPC, Security, IAM, EC2
β
Ansible Roles for Configuring Kubernetes Dependencies
Subscribe to my newsletter
Read articles from Vikas Surve directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
