AWS Amazon EKS Node Group
This page shows how to write Terraform and CloudFormation for Amazon EKS Node Group and write them securely.
aws_eks_node_group (Terraform)
The Node Group in Amazon EKS can be configured in Terraform with the resource name aws_eks_node_group
. The following sections describe 5 examples of how to use the resource and its parameters.
Example Usage from GitHub
resource "aws_eks_node_group" "example" {
cluster_name = "test_aws_eks_node_group"
node_group_name = "example"
node_role_arn = "node_role_arn"
subnet_ids = ["subnet_id"]
resource "aws_eks_node_group" "Node1" {
cluster_name = aws_eks_cluster.eks_cluster.name
node_group_name = "eks-node1"
node_role_arn = aws_iam_role.ec2_iam_role.arn
subnet_ids = ["subnet-45acc854", "subnet-4ba59e89", "subnet-cda915a1"]
instance_types = ["t2.micro"]
resource "aws_eks_node_group" "k8s_ng-public" {
cluster_name = aws_eks_cluster.k8s-cluster.name
node_group_name = "k8s-ng-devtest-public"
node_role_arn = aws_iam_role.eks_nodegroup_role.arn
subnet_ids = concat(aws_subnet.k8s_public_subnet.*.id)
resource "aws_eks_node_group" "example" {
cluster_name = "test_aws_eks_node_group"
node_group_name = "example"
node_role_arn = "node_role_arn"
subnet_ids = ["subnet_id"]
resource "aws_eks_node_group" "Node1" {
cluster_name = aws_eks_cluster.eks_cluster.name
node_group_name = "eks-node1"
node_role_arn = aws_iam_role.ec2_iam_role.arn
subnet_ids = ["subnet-45acc854", "subnet-4ba59e89", "subnet-cda915a1"]
instance_types = ["t2.micro"]
Parameters
-
ami_type
optional computed - string -
arn
optional computed - string -
capacity_type
optional computed - string -
cluster_name
required - string -
disk_size
optional computed - number -
force_update_version
optional - bool -
id
optional computed - string -
instance_types
optional computed - list of string -
labels
optional - map from string to string -
node_group_name
required - string -
node_role_arn
required - string -
release_version
optional computed - string -
resources
optional computed - list of object-
autoscaling_groups
- list of object-
name
- string
-
-
remote_access_security_group_id
- string
-
-
status
optional computed - string -
subnet_ids
required - set of string -
tags
optional - map from string to string -
version
optional computed - string -
launch_template
list block -
remote_access
list block-
ec2_ssh_key
optional - string -
source_security_group_ids
optional - set of string
-
-
scaling_config
list block-
desired_size
required - number -
max_size
required - number -
min_size
required - number
-
-
timeouts
single block
Explanation in Terraform Registry
Manages an EKS Node Group, which can provision and optionally update an Auto Scaling Group of Kubernetes worker nodes compatible with EKS. Additional documentation about this functionality can be found in the EKS User Guide.
Tips: Best Practices for The Other AWS Amazon EKS Resources
In addition to the aws_eks_cluster, AWS Amazon EKS has the other resources that should be configured for security reasons. Please check some examples of those resources and precautions.
aws_eks_cluster
Ensure public access for AWS EKS cluster endpoint is disabled
It is better to disable public access for the AWS EKS cluster endpoint. To reduce the security risks, it is recommended to disable public access and to use VPC to connect to the cluster.
AWS::EKS::Nodegroup (CloudFormation)
The Nodegroup in EKS can be configured in CloudFormation with the resource name AWS::EKS::Nodegroup
. The following sections describe 10 examples of how to use the resource and its parameters.
Example Usage from GitHub
Type: 'AWS::EKS::Nodegroup'
Properties:
ClusterName: test
NodeRole: 'arn:aws:iam::012345678910:role/eksInstanceRole'
ScalingConfig:
MinSize: 3
Type: 'AWS::EKS::Nodegroup'
Properties:
ClusterName: test
NodeRole: 'arn:aws:iam::012345678910:role/eksInstanceRole'
ScalingConfig:
MinSize: 3
Type: 'AWS::EKS::Nodegroup'
Properties:
ClusterName: test
NodeRole: 'arn:aws:iam::012345678910:role/eksInstanceRole'
ScalingConfig:
MinSize: 3
Type: 'AWS::EKS::Nodegroup'
Properties:
ClusterName: test
NodeRole: 'arn:aws:iam::012345678910:role/eksInstanceRole'
ScalingConfig:
MinSize: 3
Type: "AWS::EKS::Nodegroup"
Properties:
ClusterName: !Sub "${EnvironmentName}-cluster"
NodeRole:
Fn::ImportValue: !Sub "${EnvironmentName}-NODEGROUP-ROLE"
ScalingConfig:
"Type": "AWS::EKS::Nodegroup"
}
}
}
"Type": "AWS::EKS::Nodegroup",
"Properties": {
"ClusterName": "prod",
"NodeRole": "arn:aws:iam::012345678910:role/eksInstanceRole",
"ScalingConfig": {
"MinSize": 3,
"Type": "AWS::EKS::Nodegroup",
"Properties": {
"ClusterName": "lt",
"Labels": {
"alpha.eksctl.io/cluster-name": "lt",
"alpha.eksctl.io/nodegroup-name": "template-custom-ami"
"Type": "AWS::EKS::Nodegroup",
"Properties": {
"AmiType": "AL2_x86_64",
"ClusterName": "lt",
"Labels": {
"alpha.eksctl.io/cluster-name": "lt",
"Type": "AWS::EKS::Nodegroup",
"Properties": {
"ClusterName": "lt",
"Labels": {
"alpha.eksctl.io/cluster-name": "lt",
"alpha.eksctl.io/nodegroup-name": "template-custom-ami"
Parameters
-
UpdateConfig
optional - UpdateConfig -
ScalingConfig
optional - ScalingConfig -
Labels
optional - Json -
Taints
optional - List of Taint -
ReleaseVersion
optional - String -
CapacityType
optional - String -
NodegroupName
optional - String -
Subnets
required - List -
NodeRole
required - String -
AmiType
optional - String -
ForceUpdateEnabled
optional - Boolean -
Version
optional - String -
LaunchTemplate
optional - LaunchTemplateSpecification -
RemoteAccess
optional - RemoteAccess -
DiskSize
optional - Double -
ClusterName
required - String -
InstanceTypes
optional - List -
Tags
optional - Json
Explanation in CloudFormation Registry
Creates a managed node group for an Amazon EKS cluster. You can only create a node group for your cluster that is equal to the current Kubernetes version for the cluster. All node groups are created with the latest AMI release version for the respective minor Kubernetes version of the cluster, unless you deploy a custom AMI using a launch template. For more information about using launch templates, see Launch template support.
An Amazon EKS managed node group is an Amazon EC2 Auto Scaling group and associated Amazon EC2 instances that are managed by AWS for an Amazon EKS cluster. Each node group uses a version of the Amazon EKS optimized Amazon Linux 2 AMI. For more information, see Managed Node Groups in the Amazon EKS User Guide.
Frequently asked questions
What is AWS Amazon EKS Node Group?
AWS Amazon EKS Node Group is a resource for Amazon EKS of Amazon Web Service. Settings can be wrote in Terraform and CloudFormation.
Where can I find the example code for the AWS Amazon EKS Node Group?
For Terraform, the infracost/infracost, deepakkapse/EKS-task and faisal-soomro/slowcalc-deployment source code examples are useful. See the Terraform Example section for further details.
For CloudFormation, the melscoop-test/check, sprathod369/iac-example and SnidermanIndustries/checkov-fork source code examples are useful. See the CloudFormation Example section for further details.