Three-tier Application Deployment on AWS EKS
Pradeep Kadam๐ ๏ธ Pro Interview Tips (AWS EKS)
Understand IAM roles and how to securely manage permissions.
Be ready to explain how you handle scalability and high availability in EKS.
Know the full lifecycle: from provisioning clusters to CI/CD deployment.
Discuss monitoring tools like Prometheus, CloudWatch, or Grafana integration.
Be able to troubleshoot pod, node, and networking issues in real-world scenarios.
๐ Three-tier Application Deployment on AWS EKS
A structured deployment guide for a complete full-stack app using AWS EKS.
๐ฆ Code & Resources
GitHub Repository: ThreeTierAppChallenge
๐ค IAM Setup
Create an IAM user:
Username:
eks-adminPermissions:
AdministratorAccess
Generate Access Key ID and Secret Access Key.
๐ฅ๏ธ EC2 Setup
Launch an Ubuntu EC2 instance in
us-west-2.SSH into your instance.
ssh -i your-key.pem ubuntu@<public-ip>
๐ฅ Install Tools on EC2
AWS CLI v2
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
sudo apt install unzip
unzip awscliv2.zip
sudo ./aws/install -i /usr/local/aws-cli -b /usr/local/bin --update
aws configure
Docker
sudo apt-get update
sudo apt install docker.io
docker ps
sudo chown $USER /var/run/docker.sock
kubectl
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl
chmod +x ./kubectl
sudo mv ./kubectl /usr/local/bin
kubectl version --short --client
eksctl
curl --silent --location "https://github.com/weaveworks/eksctl/releases/latest/download/eksctl_$(uname -s)_amd64.tar.gz" | tar xz -C /tmp
sudo mv /tmp/eksctl /usr/local/bin
eksctl version
๐งฐ Create EKS Cluster
eksctl create cluster --name three-tier-cluster --region us-west-2 --node-type t2.medium --nodes-min 2 --nodes-max 2
aws eks update-kubeconfig --region us-west-2 --name three-tier-cluster
kubectl get nodes
๐ Deploy Application
kubectl create namespace two-tier-ns
kubectl apply -f .
# To delete:
kubectl delete -f .
๐งน Delete EKS Cluster
eksctl delete cluster --name my-cluster --region us-west-2
๐ฆ AWS Load Balancer Controller
Create IAM Policy
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.5.4/docs/install/iam_policy.json
aws iam create-policy --policy-name AWSLoadBalancerControllerIAMPolicy --policy-document file://iam_policy.json
Associate OIDC and Create Service Account
eksctl utils associate-iam-oidc-provider --region=us-west-2 --cluster=my-cluster --approve
eksctl create iamserviceaccount \
--cluster=my-cluster \
--namespace=kube-system \
--name=aws-load-balancer-controller \
--role-name AmazonEKSLoadBalancerControllerRole \
--attach-policy-arn=arn:aws:iam::626072240565:policy/AWSLoadBalancerControllerIAMPolicy \
--approve \
--region=us-west-2
Install Helm and Controller
sudo snap install helm --classic
helm repo add eks https://aws.github.io/eks-charts
helm repo update eks
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
-n kube-system \
--set clusterName=my-cluster \
--set serviceAccount.create=false \
--set serviceAccount.name=aws-load-balancer-controller
kubectl get deployment -n kube-system aws-load-balancer-controller
kubectl apply -f full_stack_lb.yaml
๐ Comparison Table โ Key Tools
| Tool | Purpose | Install Command Snippet |
kubectl | Kubernetes CLI | curl -o kubectl ... && mv |
eksctl | Create/manage EKS clusters | curl --silent ... && mv |
helm | Package manager for K8s | sudo snap install helm --classic |
aws cli | AWS CLI interface | curl ... awscliv2.zip && ./aws/install |
Here is a quick recap table of the Top 15 AWS EKS Interview Questions, complete with brief answers, pros, and cons โ perfect for review
โ EKS Interview Questions โ Table Format
| # | Interview Question | Short Answer | Pros | Cons |
| 1 | What is AWS EKS? | EKS is Amazon's managed Kubernetes service. | Fully managed, secure, scalable | Costs more than self-managed clusters |
| 2 | How is EKS different from ECS? | ECS is AWS-native; EKS runs Kubernetes. | EKS is portable and open-source compliant | More complex than ECS |
| 3 | What are the components of EKS architecture? | Control plane, worker nodes, VPC, networking, IAM, add-ons | Decoupled layers allow modular management | Steeper learning curve |
| 4 | How do you provision an EKS cluster? | Use eksctl or AWS Console with defined nodegroups and region. | Quick provisioning with eksctl | Manual errors possible if not scripted |
| 5 | What is the role of IAM in EKS? | It controls access to cluster, nodes, and service accounts. | Granular security | Misconfigurations can cause access issues |
| 6 | What is the AWS Load Balancer Controller? | It enables Kubernetes Ingress to manage ALB/NLB on AWS. | Native integration with AWS LB | Requires OIDC and IAM setup |
| 7 | How do you expose services in EKS? | Use LoadBalancer, Ingress, or NodePort types. | Flexible exposure patterns | Ingress setup requires extra configuration |
| 8 | What tools are commonly used with EKS? | kubectl, eksctl, Helm, IAM, CloudWatch, ALB/NLB, Prometheus. | Rich ecosystem support | Complex integration needed |
| 9 | How is networking managed in EKS? | Uses VPC CNI plugin; each pod can get its own ENI. | VPC-native networking | Limited IPs per node |
| 10 | What are Managed Node Groups? | AWS-managed EC2 worker nodes in an EKS cluster. | Simplifies lifecycle and patching | Less customization flexibility |
| 11 | What is Fargate in EKS? | Serverless compute for pods. No need to manage nodes. | Easy to use and secure | Higher cost and fewer features than EC2 nodes |
| 12 | How do you secure workloads in EKS? | IAM roles, Security Groups, Network Policies, RBAC. | Strong defense-in-depth | Needs careful configuration |
| 13 | How do you monitor EKS clusters? | Use CloudWatch, Prometheus, Grafana, or X-Ray. | Wide tool support | May require sidecar setup and metric scraping |
| 14 | What are some best practices for EKS? | Use IRSA, enable logging, use Helm, CI/CD, auto-scaling, and pod disruption budgets. | Ensures stability and security | Requires operational maturity |
| 15 | What are the limitations of EKS? | Limited K8s versions, slower upgrade cycles, VPC IP exhaustion possible. | Strong AWS integration | Not as fast-moving as upstream Kubernetes |
Subscribe to my newsletter
Read articles from Pradeep Kadam directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Pradeep Kadam
Pradeep Kadam
๐ Welcome to my LinkedIn profile! I'm Pradeep Kadam, a dynamic Senior UX Developer who is passionate about driving innovation and efficiency in the world of technology. With a strong background in UI development and a growing expertise in DevOps practices, I am dedicated to staying at the forefront of technology trends. During my experience as a Senior UX Developer, I realized the immense potential of DevOps in accelerating software delivery and improving collaboration between teams. This led me to embark on a transition into a DevOps Engineer role, where I can combine my creative problem-solving skills with my technical expertise to create robust and scalable solutions. I have hands-on experience with a range of DevOps tools and practices, including Jenkins for continuous integration, Git for version control, Docker for containerization, Kubernetes for orchestration, and scripting languages like Python and Bash for automation. I am also familiar with infrastructure management tools such as Ansible and Terraform.