📌Part 1 Streamlining AWS Infrastructure for Kubernetes: A Guide to Terraform & Ansible Setup

1️⃣ Overview

This section covers automating AWS infrastructure setup for Kubernetes using:

✅ Terraform Modules for AWS Infrastructure
✅ Ansible Roles for Configuring EC2 Instances
✅ IAM Roles, Security Enhancements, and System Optimizations
✅ Troubleshooting and Best Practices

By the end of this guide, you’ll have a production-ready AWS environment for Kubernetes.

---

2️⃣ AWS Credentials & Configuration

🔹 Why is this important?

AWS authentication is required for Terraform and Ansible to create and manage resources.

🔹 Step 1: Install AWS CLI

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

🔹 Step 2: Configure AWS Credentials

aws configure

Enter your credentials:

AWS Access Key ID [None]: AKIAXXXXXXXXXXXXX
AWS Secret Access Key [None]: XXXXXXXXXXXXXXXXXXXXXXXX
Default region name [None]: us-east-1
Default output format [None]: json

🔹 Step 3: Verify AWS Access

aws sts get-caller-identity

✅ Expected Output:

{
    "UserId": "AIDAEXAMPLEID",
    "Account": "123456789012",
    "Arn": "arn:aws:iam::123456789012:user/Admin"
}

---

3️⃣ Terraform Setup for AWS Infrastructure

🔹 Why Use Terraform Modules?

• Modular & Reusable: Allows different teams to manage VPC, EC2, Security Groups independently.

• Scalability: Makes infrastructure modifications easy.

• Consistency: Avoids manual setup errors.

---

🔹 Terraform Directory Structure

terraform-setup/
│── modules/
│   │── vpc/
│   │   ├── main.tf
│   │   ├── variables.tf
│   │   ├── outputs.tf
│   │── ec2/
│   │   ├── main.tf
│   │   ├── variables.tf
│   │   ├── outputs.tf
│── main.tf
│── variables.tf
│── outputs.tf
│── terraform.tfvars

---

🔹 Module 1: VPC (modules/vpc/main.tf)

Creates a VPC and Subnet for Kubernetes networking.

resource "aws_vpc" "main" {
  cidr_block = var.vpc_cidr
  enable_dns_support = true
  enable_dns_hostnames = true
}

resource "aws_subnet" "public_subnet" {
  vpc_id                  = aws_vpc.main.id
  cidr_block              = var.subnet_cidr
  map_public_ip_on_launch = true
}

Variables (modules/vpc/variables.tf)

variable "vpc_cidr" { default = "10.0.0.0/16" }
variable "subnet_cidr" { default = "10.0.1.0/24" }

---

🔹 Module 2: Security Groups (modules/security/main.tf)

Manages network security by restricting access.

resource "aws_security_group" "k8s_sg" {
  vpc_id = var.vpc_id

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

---

🔹 Module 3: IAM Role for EC2 (modules/iam/main.tf)

Allows EC2 to interact with AWS services.

resource "aws_iam_role" "ec2_role" {
  name = "ec2-k8s-role"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

---

🔹 Module 4: EC2 Instance (modules/ec2/main.tf)

Deploys an EC2 instance with Ubuntu.

resource "aws_instance" "ec2" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = var.instance_type
  subnet_id     = var.subnet_id
  key_name      = var.key_name
  iam_instance_profile = aws_iam_role.ec2_role.name
}

---

🔹 Deploy Terraform Configuration

terraform init
terraform apply -auto-approve

✅ Sample Output:

Apply complete! Resources: 5 added.
ec2_public_ip = "3.85.76.182"

---

4️⃣ Ansible Setup for Kubernetes Dependencies

🔹 Why Use Ansible?

• Automates EC2 Configuration (installs Docker, Kind, kubectl).

• Ensures Consistency across multiple instances.

---

🔹 Ansible Directory Structure

ansible-setup/
│── roles/
│   │── common/
│   │   ├── tasks/
│   │   │   ├── main.yml
│   │── kubernetes/
│   │   ├── tasks/
│   │   │   ├── main.yml
│── inventory.ini
│── setup.yml

---

🔹 Role: Install Dependencies (roles/common/tasks/main.yml)

- name: Install dependencies
  apt:
    name: ['docker.io', 'curl']
    state: present
    update_cache: yes

---

🔹 Role: Setup Kind Cluster (roles/kubernetes/tasks/main.yml)

- name: Install Kind
  shell: |
    curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
    chmod +x ./kind
    sudo mv ./kind /usr/local/bin/kind

- name: Create Kind Cluster
  shell: kind create cluster --name easyshop

---

🔹 Ansible Playbook (setup.yml)

- name: Setup Kubernetes Cluster
  hosts: servers
  become: yes
  roles:
    - common
    - kubernetes

---

5️⃣ Validation & Testing

Check if Kind Cluster is Running

kubectl get nodes

✅ Expected Output:

NAME                     STATUS   ROLES    AGE     VERSION
kind-control-plane       Ready    master   2m      v1.28.0

---

6️⃣ Troubleshooting & Best Practices

Common Terraform Errors

• "IAM role does not exist" → Ensure the IAM role is created before EC2 starts.

• "Security group not found" → Check that Security Groups are correctly referenced.

Common Ansible Errors

• SSH Connection Issues → Ensure EC2 key pair matches the one defined in Terraform.

• Permission Denied → Use become: yes in Ansible tasks for elevated privileges.

---

🎯 Conclusion

🚀 AWS infrastructure is now production-ready!
✅ Terraform Modules for VPC, Security, IAM, EC2
✅ Ansible Roles for Configuring Kubernetes Dependencies

📌 Next Step: Kind Cluster & Application Deployment