๐Part 1 Streamlining AWS Infrastructure for Kubernetes: A Guide to Terraform & Ansible Setup


1๏ธโฃ Overview
This section covers automating AWS infrastructure setup for Kubernetes using:
โ
Terraform Modules for AWS Infrastructure
โ
Ansible Roles for Configuring EC2 Instances
โ
IAM Roles, Security Enhancements, and System Optimizations
โ
Troubleshooting and Best Practices
By the end of this guide, youโll have a production-ready AWS environment for Kubernetes.
2๏ธโฃ AWS Credentials & Configuration
๐น Why is this important?
AWS authentication is required for Terraform and Ansible to create and manage resources.
๐น Step 1: Install AWS CLI
curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /
๐น Step 2: Configure AWS Credentials
aws configure
Enter your credentials:
AWS Access Key ID [None]: AKIAXXXXXXXXXXXXX
AWS Secret Access Key [None]: XXXXXXXXXXXXXXXXXXXXXXXX
Default region name [None]: us-east-1
Default output format [None]: json
๐น Step 3: Verify AWS Access
aws sts get-caller-identity
โ Expected Output:
{
"UserId": "AIDAEXAMPLEID",
"Account": "123456789012",
"Arn": "arn:aws:iam::123456789012:user/Admin"
}
3๏ธโฃ Terraform Setup for AWS Infrastructure
๐น Why Use Terraform Modules?
Modular & Reusable: Allows different teams to manage VPC, EC2, Security Groups independently.
Scalability: Makes infrastructure modifications easy.
Consistency: Avoids manual setup errors.
๐น Terraform Directory Structure
terraform-setup/
โโโ modules/
โ โโโ vpc/
โ โ โโโ main.tf
โ โ โโโ variables.tf
โ โ โโโ outputs.tf
โ โโโ ec2/
โ โ โโโ main.tf
โ โ โโโ variables.tf
โ โ โโโ outputs.tf
โโโ main.tf
โโโ variables.tf
โโโ outputs.tf
โโโ terraform.tfvars
๐น Module 1: VPC (modules/vpc/
main.tf
)
Creates a VPC and Subnet for Kubernetes networking.
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr
enable_dns_support = true
enable_dns_hostnames = true
}
resource "aws_subnet" "public_subnet" {
vpc_id = aws_vpc.main.id
cidr_block = var.subnet_cidr
map_public_ip_on_launch = true
}
Variables (modules/vpc/
variables.tf
)
variable "vpc_cidr" { default = "10.0.0.0/16" }
variable "subnet_cidr" { default = "10.0.1.0/24" }
๐น Module 2: Security Groups (modules/security/
main.tf
)
Manages network security by restricting access.
resource "aws_security_group" "k8s_sg" {
vpc_id = var.vpc_id
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
๐น Module 3: IAM Role for EC2 (modules/iam/
main.tf
)
Allows EC2 to interact with AWS services.
resource "aws_iam_role" "ec2_role" {
name = "ec2-k8s-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
๐น Module 4: EC2 Instance (modules/ec2/
main.tf
)
Deploys an EC2 instance with Ubuntu.
resource "aws_instance" "ec2" {
ami = "ami-0c55b159cbfafe1f0"
instance_type = var.instance_type
subnet_id = var.subnet_id
key_name = var.key_name
iam_instance_profile = aws_iam_role.ec2_role.name
}
๐น Deploy Terraform Configuration
terraform init
terraform apply -auto-approve
โ Sample Output:
Apply complete! Resources: 5 added.
ec2_public_ip = "3.85.76.182"
4๏ธโฃ Ansible Setup for Kubernetes Dependencies
๐น Why Use Ansible?
Automates EC2 Configuration (installs Docker, Kind, kubectl).
Ensures Consistency across multiple instances.
๐น Ansible Directory Structure
ansible-setup/
โโโ roles/
โ โโโ common/
โ โ โโโ tasks/
โ โ โ โโโ main.yml
โ โโโ kubernetes/
โ โ โโโ tasks/
โ โ โ โโโ main.yml
โโโ inventory.ini
โโโ setup.yml
๐น Role: Install Dependencies (roles/common/tasks/main.yml
)
- name: Install dependencies
apt:
name: ['docker.io', 'curl']
state: present
update_cache: yes
๐น Role: Setup Kind Cluster (roles/kubernetes/tasks/main.yml
)
- name: Install Kind
shell: |
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.20.0/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind
- name: Create Kind Cluster
shell: kind create cluster --name easyshop
๐น Ansible Playbook (setup.yml
)
- name: Setup Kubernetes Cluster
hosts: servers
become: yes
roles:
- common
- kubernetes
5๏ธโฃ Validation & Testing
Check if Kind Cluster is Running
kubectl get nodes
โ Expected Output:
NAME STATUS ROLES AGE VERSION
kind-control-plane Ready master 2m v1.28.0
6๏ธโฃ Troubleshooting & Best Practices
Common Terraform Errors
"IAM role does not exist" โ Ensure the IAM role is created before EC2 starts.
"Security group not found" โ Check that Security Groups are correctly referenced.
Common Ansible Errors
SSH Connection Issues โ Ensure EC2 key pair matches the one defined in Terraform.
Permission Denied โ Use
become: yes
in Ansible tasks for elevated privileges.
๐ฏ Conclusion
๐ AWS infrastructure is now production-ready!
โ
Terraform Modules for VPC, Security, IAM, EC2
โ
Ansible Roles for Configuring Kubernetes Dependencies
Subscribe to my newsletter
Read articles from Vikas Surve directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by

Vikas Surve
Vikas Surve
I am an ๐ ๐ฆ ๐๐ฒ๐ฟ๐๐ถ๐ณ๐ถ๐ฒ๐ฑ ๐๐ฒ๐๐ข๐ฝ๐ ๐๐ป๐ด๐ถ๐ป๐ฒ๐ฒ๐ฟ ๐๐ ๐ฝ๐ฒ๐ฟ๐ and ๐๐๐๐ฟ๐ฒ ๐๐ฑ๐บ๐ถ๐ป๐ถ๐๐๐ฟ๐ฎ๐๐ผ๐ฟ ๐๐๐๐ผ๐ฐ๐ถ๐ฎ๐๐ฒ with over ๐ญ๐ฌ ๐๐ฒ๐ฎ๐ฟ๐ ๐ผ๐ณ ๐ฒ๐ ๐ฝ๐ฒ๐ฟ๐ถ๐ฒ๐ป๐ฐ๐ฒ in designing, implementing, and optimizing DevOps solutions. My expertise includes ๐๐/๐๐ ๐ฎ๐๐๐ผ๐บ๐ฎ๐๐ถ๐ผ๐ป ๐๐๐ถ๐ป๐ด ๐๐ถ๐๐๐ฎ๐ฏ, ๐๐ฒ๐ป๐ธ๐ถ๐ป๐, ๐ฎ๐ป๐ฑ ๐๐๐๐ฟ๐ฒ ๐๐ฒ๐๐ข๐ฝ๐, as well as ๐๐ผ๐ป๐๐ฎ๐ถ๐ป๐ฒ๐ฟ ๐ผ๐ฟ๐ฐ๐ต๐ฒ๐๐๐ฟ๐ฎ๐๐ถ๐ผ๐ป ๐๐ถ๐๐ต ๐๐ผ๐ฐ๐ธ๐ฒ๐ฟ ๐ฎ๐ป๐ฑ ๐๐๐ฏ๐ฒ๐ฟ๐ป๐ฒ๐๐ฒ๐. ๐น ๐๐ ๐ฝ๐ฒ๐ฟ๐ ๐ถ๐ป ๐ฑ๐ฒ๐๐ถ๐ด๐ป๐ถ๐ป๐ด ๐ฎ๐ป๐ฑ ๐บ๐ฎ๐ป๐ฎ๐ด๐ถ๐ป๐ด ๐ฒ๐ป๐ฑ-๐๐ผ-๐ฒ๐ป๐ฑ ๐๐/๐๐ ๐ฝ๐ถ๐ฝ๐ฒ๐น๐ถ๐ป๐ฒ๐ ๐น ๐๐ฎ๐ป๐ฑ๐-๐ผ๐ป ๐ฒ๐ ๐ฝ๐ฒ๐ฟ๐ถ๐ฒ๐ป๐ฐ๐ฒ ๐๐ถ๐๐ต ๐๐๐๐ฟ๐ฒ, ๐๐๐ฏ๐ฒ๐ฟ๐ป๐ฒ๐๐ฒ๐ (๐๐๐ฆ), ๐ฎ๐ป๐ฑ ๐ง๐ฒ๐ฟ๐ฟ๐ฎ๐ณ๐ผ๐ฟ๐บ ๐ณ๐ผ๐ฟ ๐๐ฐ๐ฎ๐น๐ฎ๐ฏ๐น๐ฒ ๐ฑ๐ฒ๐ฝ๐น๐ผ๐๐บ๐ฒ๐ป๐๐ ๐น ๐ฃ๐ฎ๐๐๐ถ๐ผ๐ป๐ฎ๐๐ฒ ๐ฎ๐ฏ๐ผ๐๐ ๐ฎ๐๐๐ผ๐บ๐ฎ๐๐ถ๐ผ๐ป, ๐๐ฒ๐ฐ๐๐ฟ๐ถ๐๐, ๐ฎ๐ป๐ฑ ๐ฐ๐น๐ผ๐๐ฑ-๐ป๐ฎ๐๐ถ๐๐ฒ ๐๐ฒ๐ฐ๐ต๐ป๐ผ๐น๐ผ๐ด๐ถ๐ฒ๐ ๐ ๐ฆ๐ธ๐ถ๐น๐น๐ & ๐ง๐ผ๐ผ๐น๐ โ ๐๐ฒ๐๐ข๐ฝ๐ & ๐๐/๐๐: Azure DevOps, GitLab, Jenkins โ ๐๐น๐ผ๐๐ฑ & ๐๐ป๐ณ๐ฟ๐ฎ๐๐๐ฟ๐๐ฐ๐๐๐ฟ๐ฒ: Azure, AWS โ ๐๐ป๐ณ๐ฟ๐ฎ๐๐๐ฟ๐๐ฐ๐๐๐ฟ๐ฒ ๐ฎ๐ ๐๐ผ๐ฑ๐ฒ (๐๐ฎ๐): Terraform, Bicep โ ๐๐ผ๐ป๐๐ฎ๐ถ๐ป๐ฒ๐ฟ๐ & ๐ข๐ฟ๐ฐ๐ต๐ฒ๐๐๐ฟ๐ฎ๐๐ถ๐ผ๐ป: Docker, Kubernetes (AKS) โ ๐๐ผ๐ป๐ณ๐ถ๐ด ๐ ๐ฎ๐ป๐ฎ๐ด๐ฒ๐บ๐ฒ๐ป๐: PowerShell, Shell Scripting โ ๐ ๐ผ๐ป๐ถ๐๐ผ๐ฟ๐ถ๐ป๐ด & ๐ข๐ฏ๐๐ฒ๐ฟ๐๐ฎ๐ฏ๐ถ๐น๐ถ๐๐: Grafana, Prometheus, Azure Monitor โ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ & ๐ก๐ฒ๐๐๐ผ๐ฟ๐ธ๐ถ๐ป๐ด: Load Balancers, Firewalls, ClusterIP โ ๐ข๐ฝ๐ฒ๐ฟ๐ฎ๐๐ถ๐ป๐ด ๐ฆ๐๐๐๐ฒ๐บ๐: Linux, Mac ๐ก ๐๐ฒ๐ ๐ฆ๐๐ฟ๐ฒ๐ป๐ด๐๐ต๐ โ ๐๐น๐ผ๐๐ฑ ๐๐ฟ๐ฐ๐ต๐ถ๐๐ฒ๐ฐ๐๐๐ฟ๐ฒ & ๐๐๐๐ผ๐บ๐ฎ๐๐ถ๐ผ๐ป โ Designing and managing scalable cloud solutions โ ๐๐/๐๐ & ๐๐ฒ๐๐ข๐ฝ๐ ๐๐ฒ๐ฎ๐ฑ๐ฒ๐ฟ๐๐ต๐ถ๐ฝ โ Implementing robust and automated software delivery pipelines โ ๐ง๐ฒ๐ฎ๐บ ๐๐ฒ๐ฎ๐ฑ๐ฒ๐ฟ๐๐ต๐ถ๐ฝ & ๐ ๐ฒ๐ป๐๐ผ๐ฟ๐๐ต๐ถ๐ฝ โ Leading a 5-member team, fostering collaboration and growth โ ๐ฆ๐ฒ๐ฐ๐๐ฟ๐ถ๐๐ & ๐๐ผ๐บ๐ฝ๐น๐ถ๐ฎ๐ป๐ฐ๐ฒ โ Ensuring cloud security, compliance, and best practices โ ๐ฃ๐ฟ๐ผ๐ฏ๐น๐ฒ๐บ ๐ฆ๐ผ๐น๐๐ถ๐ป๐ด & ๐ข๐ฝ๐๐ถ๐บ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป โ Driving efficiency through automation and DevOps practices โ ๐๐ผ๐ป๐๐ถ๐ป๐๐ผ๐๐ ๐๐ฒ๐ฎ๐ฟ๐ป๐ถ๐ป๐ด & ๐๐ป๐ป๐ผ๐๐ฎ๐๐ถ๐ผ๐ป โ Exploring emerging technologies and best practices