๐Ÿ“ŒPart 1 Streamlining AWS Infrastructure for Kubernetes: A Guide to Terraform & Ansible Setup

Vikas SurveVikas Surve
4 min read

1๏ธโƒฃ Overview

This section covers automating AWS infrastructure setup for Kubernetes using:

โœ… Terraform Modules for AWS Infrastructure
โœ… Ansible Roles for Configuring EC2 Instances
โœ… IAM Roles, Security Enhancements, and System Optimizations
โœ… Troubleshooting and Best Practices

By the end of this guide, youโ€™ll have a production-ready AWS environment for Kubernetes.


2๏ธโƒฃ AWS Credentials & Configuration

๐Ÿ”น Why is this important?

AWS authentication is required for Terraform and Ansible to create and manage resources.

๐Ÿ”น Step 1: Install AWS CLI

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

๐Ÿ”น Step 2: Configure AWS Credentials

aws configure

Enter your credentials:

AWS Access Key ID [None]: AKIAXXXXXXXXXXXXX
AWS Secret Access Key [None]: XXXXXXXXXXXXXXXXXXXXXXXX
Default region name [None]: us-east-1
Default output format [None]: json

๐Ÿ”น Step 3: Verify AWS Access

aws sts get-caller-identity

โœ… Expected Output:

{
    "UserId": "AIDAEXAMPLEID",
    "Account": "123456789012",
    "Arn": "arn:aws:iam::123456789012:user/Admin"
}

3๏ธโƒฃ Terraform Setup for AWS Infrastructure

๐Ÿ”น Why Use Terraform Modules?

  • Modular & Reusable: Allows different teams to manage VPC, EC2, Security Groups independently.

  • Scalability: Makes infrastructure modifications easy.

  • Consistency: Avoids manual setup errors.


๐Ÿ”น Terraform Directory Structure

terraform-setup/
โ”‚โ”€โ”€ modules/
โ”‚   โ”‚โ”€โ”€ vpc/
โ”‚   โ”‚   โ”œโ”€โ”€ main.tf
โ”‚   โ”‚   โ”œโ”€โ”€ variables.tf
โ”‚   โ”‚   โ”œโ”€โ”€ outputs.tf
โ”‚   โ”‚โ”€โ”€ ec2/
โ”‚   โ”‚   โ”œโ”€โ”€ main.tf
โ”‚   โ”‚   โ”œโ”€โ”€ variables.tf
โ”‚   โ”‚   โ”œโ”€โ”€ outputs.tf
โ”‚โ”€โ”€ main.tf
โ”‚โ”€โ”€ variables.tf
โ”‚โ”€โ”€ outputs.tf
โ”‚โ”€โ”€ terraform.tfvars

๐Ÿ”น Module 1: VPC (modules/vpc/main.tf)

Creates a VPC and Subnet for Kubernetes networking.

resource "aws_vpc" "main" {
  cidr_block = var.vpc_cidr
  enable_dns_support = true
  enable_dns_hostnames = true
}

resource "aws_subnet" "public_subnet" {
  vpc_id                  = aws_vpc.main.id
  cidr_block              = var.subnet_cidr
  map_public_ip_on_launch = true
}

Variables (modules/vpc/variables.tf)

variable "vpc_cidr" { default = "10.0.0.0/16" }
variable "subnet_cidr" { default = "10.0.1.0/24" }

๐Ÿ”น Module 2: Security Groups (modules/security/main.tf)

Manages network security by restricting access.

resource "aws_security_group" "k8s_sg" {
  vpc_id = var.vpc_id

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

๐Ÿ”น Module 3: IAM Role for EC2 (modules/iam/main.tf)

Allows EC2 to interact with AWS services.

resource "aws_iam_role" "ec2_role" {
  name = "ec2-k8s-role"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

๐Ÿ”น Module 4: EC2 Instance (modules/ec2/main.tf)

Deploys an EC2 instance with Ubuntu.

resource "aws_instance" "ec2" {
  ami           = "ami-0c55b159cbfafe1f0"
  instance_type = var.instance_type
  subnet_id     = var.subnet_id
  key_name      = var.key_name
  iam_instance_profile = aws_iam_role.ec2_role.name
}

๐Ÿ”น Deploy Terraform Configuration

terraform init
terraform apply -auto-approve

โœ… Sample Output:

Apply complete! Resources: 5 added.
ec2_public_ip = "3.85.76.182"

4๏ธโƒฃ Ansible Setup for Kubernetes Dependencies

๐Ÿ”น Why Use Ansible?

  • Automates EC2 Configuration (installs Docker, Kind, kubectl).

  • Ensures Consistency across multiple instances.


๐Ÿ”น Ansible Directory Structure

ansible-setup/
โ”‚โ”€โ”€ roles/
โ”‚   โ”‚โ”€โ”€ common/
โ”‚   โ”‚   โ”œโ”€โ”€ tasks/
โ”‚   โ”‚   โ”‚   โ”œโ”€โ”€ main.yml
โ”‚   โ”‚โ”€โ”€ kubernetes/
โ”‚   โ”‚   โ”œโ”€โ”€ tasks/
โ”‚   โ”‚   โ”‚   โ”œโ”€โ”€ main.yml
โ”‚โ”€โ”€ inventory.ini
โ”‚โ”€โ”€ setup.yml

๐Ÿ”น Role: Install Dependencies (roles/common/tasks/main.yml)

- name: Install dependencies
  apt:
    name: ['docker.io', 'curl']
    state: present
    update_cache: yes

๐Ÿ”น Role: Setup Kind Cluster (roles/kubernetes/tasks/main.yml)

- name: Install Kind
  shell: |
    curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
    chmod +x ./kind
    sudo mv ./kind /usr/local/bin/kind

- name: Create Kind Cluster
  shell: kind create cluster --name easyshop

๐Ÿ”น Ansible Playbook (setup.yml)

- name: Setup Kubernetes Cluster
  hosts: servers
  become: yes
  roles:
    - common
    - kubernetes

5๏ธโƒฃ Validation & Testing

Check if Kind Cluster is Running

kubectl get nodes

โœ… Expected Output:

NAME                     STATUS   ROLES    AGE     VERSION
kind-control-plane       Ready    master   2m      v1.28.0

6๏ธโƒฃ Troubleshooting & Best Practices

Common Terraform Errors

  • "IAM role does not exist" โ†’ Ensure the IAM role is created before EC2 starts.

  • "Security group not found" โ†’ Check that Security Groups are correctly referenced.

Common Ansible Errors

  • SSH Connection Issues โ†’ Ensure EC2 key pair matches the one defined in Terraform.

  • Permission Denied โ†’ Use become: yes in Ansible tasks for elevated privileges.


๐ŸŽฏ Conclusion

๐Ÿš€ AWS infrastructure is now production-ready!
โœ… Terraform Modules for VPC, Security, IAM, EC2
โœ… Ansible Roles for Configuring Kubernetes Dependencies

๐Ÿ“Œ Next Step: Kind Cluster & Application Deployment

0
Subscribe to my newsletter

Read articles from Vikas Surve directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Written by

Vikas Surve
Vikas Surve

I am an ๐— ๐—ฆ ๐—–๐—ฒ๐—ฟ๐˜๐—ถ๐—ณ๐—ถ๐—ฒ๐—ฑ ๐——๐—ฒ๐˜ƒ๐—ข๐—ฝ๐˜€ ๐—˜๐—ป๐—ด๐—ถ๐—ป๐—ฒ๐—ฒ๐—ฟ ๐—˜๐˜…๐—ฝ๐—ฒ๐—ฟ๐˜ and ๐—”๐˜‡๐˜‚๐—ฟ๐—ฒ ๐—”๐—ฑ๐—บ๐—ถ๐—ป๐—ถ๐˜€๐˜๐—ฟ๐—ฎ๐˜๐—ผ๐—ฟ ๐—”๐˜€๐˜€๐—ผ๐—ฐ๐—ถ๐—ฎ๐˜๐—ฒ with over ๐Ÿญ๐Ÿฌ ๐˜†๐—ฒ๐—ฎ๐—ฟ๐˜€ ๐—ผ๐—ณ ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ in designing, implementing, and optimizing DevOps solutions. My expertise includes ๐—–๐—œ/๐—–๐—— ๐—ฎ๐˜‚๐˜๐—ผ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜‚๐˜€๐—ถ๐—ป๐—ด ๐—š๐—ถ๐˜๐—Ÿ๐—ฎ๐—ฏ, ๐—๐—ฒ๐—ป๐—ธ๐—ถ๐—ป๐˜€, ๐—ฎ๐—ป๐—ฑ ๐—”๐˜‡๐˜‚๐—ฟ๐—ฒ ๐——๐—ฒ๐˜ƒ๐—ข๐—ฝ๐˜€, as well as ๐—–๐—ผ๐—ป๐˜๐—ฎ๐—ถ๐—ป๐—ฒ๐—ฟ ๐—ผ๐—ฟ๐—ฐ๐—ต๐—ฒ๐˜€๐˜๐—ฟ๐—ฎ๐˜๐—ถ๐—ผ๐—ป ๐˜„๐—ถ๐˜๐—ต ๐——๐—ผ๐—ฐ๐—ธ๐—ฒ๐—ฟ ๐—ฎ๐—ป๐—ฑ ๐—ž๐˜‚๐—ฏ๐—ฒ๐—ฟ๐—ป๐—ฒ๐˜๐—ฒ๐˜€. ๐Ÿ”น ๐—˜๐˜…๐—ฝ๐—ฒ๐—ฟ๐˜ ๐—ถ๐—ป ๐—ฑ๐—ฒ๐˜€๐—ถ๐—ด๐—ป๐—ถ๐—ป๐—ด ๐—ฎ๐—ป๐—ฑ ๐—บ๐—ฎ๐—ป๐—ฎ๐—ด๐—ถ๐—ป๐—ด ๐—ฒ๐—ป๐—ฑ-๐˜๐—ผ-๐—ฒ๐—ป๐—ฑ ๐—–๐—œ/๐—–๐—— ๐—ฝ๐—ถ๐—ฝ๐—ฒ๐—น๐—ถ๐—ป๐—ฒ๐˜€ ๐Ÿ”น ๐—›๐—ฎ๐—ป๐—ฑ๐˜€-๐—ผ๐—ป ๐—ฒ๐˜…๐—ฝ๐—ฒ๐—ฟ๐—ถ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐˜„๐—ถ๐˜๐—ต ๐—”๐˜‡๐˜‚๐—ฟ๐—ฒ, ๐—ž๐˜‚๐—ฏ๐—ฒ๐—ฟ๐—ป๐—ฒ๐˜๐—ฒ๐˜€ (๐—”๐—ž๐—ฆ), ๐—ฎ๐—ป๐—ฑ ๐—ง๐—ฒ๐—ฟ๐—ฟ๐—ฎ๐—ณ๐—ผ๐—ฟ๐—บ ๐—ณ๐—ผ๐—ฟ ๐˜€๐—ฐ๐—ฎ๐—น๐—ฎ๐—ฏ๐—น๐—ฒ ๐—ฑ๐—ฒ๐—ฝ๐—น๐—ผ๐˜†๐—บ๐—ฒ๐—ป๐˜๐˜€ ๐Ÿ”น ๐—ฃ๐—ฎ๐˜€๐˜€๐—ถ๐—ผ๐—ป๐—ฎ๐˜๐—ฒ ๐—ฎ๐—ฏ๐—ผ๐˜‚๐˜ ๐—ฎ๐˜‚๐˜๐—ผ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป, ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜†, ๐—ฎ๐—ป๐—ฑ ๐—ฐ๐—น๐—ผ๐˜‚๐—ฑ-๐—ป๐—ฎ๐˜๐—ถ๐˜ƒ๐—ฒ ๐˜๐—ฒ๐—ฐ๐—ต๐—ป๐—ผ๐—น๐—ผ๐—ด๐—ถ๐—ฒ๐˜€ ๐Ÿ›  ๐—ฆ๐—ธ๐—ถ๐—น๐—น๐˜€ & ๐—ง๐—ผ๐—ผ๐—น๐˜€ โœ… ๐——๐—ฒ๐˜ƒ๐—ข๐—ฝ๐˜€ & ๐—–๐—œ/๐—–๐——: Azure DevOps, GitLab, Jenkins โœ… ๐—–๐—น๐—ผ๐˜‚๐—ฑ & ๐—œ๐—ป๐—ณ๐—ฟ๐—ฎ๐˜€๐˜๐—ฟ๐˜‚๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ: Azure, AWS โœ… ๐—œ๐—ป๐—ณ๐—ฟ๐—ฎ๐˜€๐˜๐—ฟ๐˜‚๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ ๐—ฎ๐˜€ ๐—–๐—ผ๐—ฑ๐—ฒ (๐—œ๐—ฎ๐—–): Terraform, Bicep โœ… ๐—–๐—ผ๐—ป๐˜๐—ฎ๐—ถ๐—ป๐—ฒ๐—ฟ๐˜€ & ๐—ข๐—ฟ๐—ฐ๐—ต๐—ฒ๐˜€๐˜๐—ฟ๐—ฎ๐˜๐—ถ๐—ผ๐—ป: Docker, Kubernetes (AKS) โœ… ๐—–๐—ผ๐—ป๐—ณ๐—ถ๐—ด ๐— ๐—ฎ๐—ป๐—ฎ๐—ด๐—ฒ๐—บ๐—ฒ๐—ป๐˜: PowerShell, Shell Scripting โœ… ๐— ๐—ผ๐—ป๐—ถ๐˜๐—ผ๐—ฟ๐—ถ๐—ป๐—ด & ๐—ข๐—ฏ๐˜€๐—ฒ๐—ฟ๐˜ƒ๐—ฎ๐—ฏ๐—ถ๐—น๐—ถ๐˜๐˜†: Grafana, Prometheus, Azure Monitor โœ… ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† & ๐—ก๐—ฒ๐˜๐˜„๐—ผ๐—ฟ๐—ธ๐—ถ๐—ป๐—ด: Load Balancers, Firewalls, ClusterIP โœ… ๐—ข๐—ฝ๐—ฒ๐—ฟ๐—ฎ๐˜๐—ถ๐—ป๐—ด ๐—ฆ๐˜†๐˜€๐˜๐—ฒ๐—บ๐˜€: Linux, Mac ๐Ÿ’ก ๐—ž๐—ฒ๐˜† ๐—ฆ๐˜๐—ฟ๐—ฒ๐—ป๐—ด๐˜๐—ต๐˜€ โœ” ๐—–๐—น๐—ผ๐˜‚๐—ฑ ๐—”๐—ฟ๐—ฐ๐—ต๐—ถ๐˜๐—ฒ๐—ฐ๐˜๐˜‚๐—ฟ๐—ฒ & ๐—”๐˜‚๐˜๐—ผ๐—บ๐—ฎ๐˜๐—ถ๐—ผ๐—ป โ€“ Designing and managing scalable cloud solutions โœ” ๐—–๐—œ/๐—–๐—— & ๐——๐—ฒ๐˜ƒ๐—ข๐—ฝ๐˜€ ๐—Ÿ๐—ฒ๐—ฎ๐—ฑ๐—ฒ๐—ฟ๐˜€๐—ต๐—ถ๐—ฝ โ€“ Implementing robust and automated software delivery pipelines โœ” ๐—ง๐—ฒ๐—ฎ๐—บ ๐—Ÿ๐—ฒ๐—ฎ๐—ฑ๐—ฒ๐—ฟ๐˜€๐—ต๐—ถ๐—ฝ & ๐— ๐—ฒ๐—ป๐˜๐—ผ๐—ฟ๐˜€๐—ต๐—ถ๐—ฝ โ€“ Leading a 5-member team, fostering collaboration and growth โœ” ๐—ฆ๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† & ๐—–๐—ผ๐—บ๐—ฝ๐—น๐—ถ๐—ฎ๐—ป๐—ฐ๐—ฒ โ€“ Ensuring cloud security, compliance, and best practices โœ” ๐—ฃ๐—ฟ๐—ผ๐—ฏ๐—น๐—ฒ๐—บ ๐—ฆ๐—ผ๐—น๐˜ƒ๐—ถ๐—ป๐—ด & ๐—ข๐—ฝ๐˜๐—ถ๐—บ๐—ถ๐˜‡๐—ฎ๐˜๐—ถ๐—ผ๐—ป โ€“ Driving efficiency through automation and DevOps practices โœ” ๐—–๐—ผ๐—ป๐˜๐—ถ๐—ป๐˜‚๐—ผ๐˜‚๐˜€ ๐—Ÿ๐—ฒ๐—ฎ๐—ฟ๐—ป๐—ถ๐—ป๐—ด & ๐—œ๐—ป๐—ป๐—ผ๐˜ƒ๐—ฎ๐˜๐—ถ๐—ผ๐—ป โ€“ Exploring emerging technologies and best practices