This project provisions a production-style Kubernetes infrastructure on AWS using Terraform.
- Custom VPC
- Public and Private Subnets (multi-AZ)
- Internet Gateway
- Single NAT Gateway (cost-optimized)
- Route Tables and Associations
- Amazon EKS Cluster (control plane)
- Managed Node Groups (EC2 worker nodes)
- IAM Roles for cluster and nodes
Internet
↓
AWS Load Balancer
↓
Kubernetes Service
↓
Pods (containers)
↓
Worker Nodes (EC2)
↓
Private Subnets
↓
VPC
Control Plane (managed by AWS EKS):
- Schedules pods
- Manages cluster state
Worker Nodes:
- Run application workloads
eks/
├── bootstrap/ # (optional) backend setup
├── infra/
│ ├── main.tf # Root module
│ ├── variables.tf
│ ├── outputs.tf
│ ├── providers.tf
│ ├── terraform.tfvars
│ └── modules/
│ ├── vpc/ # VPC module
│ └── eks/ # EKS module
├── .gitignore
└── README.md
-
Terraform >= 1.5
-
AWS CLI configured
-
kubectl installed
-
AWS account with permissions for:
- VPC
- EKS
- IAM
- EC2
cd infraterraform initterraform validateterraform planterraform applyAfter successful apply:
aws eks update-kubeconfig \
--region us-east-1 \
--name <your-cluster-name>Verify:
kubectl get nodesThis project uses:
- 1 NAT Gateway (instead of 3) to reduce cost
- NAT Gateways are billed hourly + per GB
- EKS control plane is billed hourly
- Always destroy resources when not in use
terraform destroy-
Do NOT commit:
.terraform/.tfstate.tfvars(if it contains secrets).pemfiles
This project demonstrates:
- Terraform modular architecture
- AWS VPC design (public/private subnets)
- EKS cluster provisioning
- Kubernetes networking (Service, LoadBalancer)
- Infrastructure-as-Code best practices
- Add remote backend (S3 + DynamoDB)
- Add IRSA (IAM Roles for Service Accounts)
- Add Ingress Controller (NGINX / ALB)
- Add CI/CD (GitHub Actions)
- Add monitoring (Prometheus + Grafana)
Built as part of DevOps / Platform Engineering learning journey.