Skip to content

Amazon EKS Blueprints for Terraform

Customers can use the Amazon EKS Shared Services Platform (SSP) for Terraform to easily architect and deploy a multi-tenant SSP built on EKS that aims to accelerate the delivery of a batteries-included, multi-tenant container platform on top of Amazon EKS according to AWS best practices and recommendations.


🎯 The Amazon EKS Shared Service Platform (SSP) for Terraform allows customers to easily configure and deploy a multi-tenant, enterprise-ready container platform on top of EKS.
  • With a large number of design choices, deploying production-grade container platform can take a significant about of time, involve integrating a wide range or AWS services and open source tools, and require deep understand of AWS and Kubernetes concepts.
  • This solution handles integrating EKS with popular open source and partner tools, in addition to AWS services, in order to allow customers to deploy a cohesive container platform that can be offered as a service to application teams. It provides out-of-the-box support for common operational tasks such as auto-scaling workloads, collecting logs and metrics from both clusters and running applications, managing ingress and egress, configuring network policy, managing secrets, deploying workloads via GitOps, and more.
  • Customers can leverage the solution to deploy a container platform and start onboarding workloads in days, rather than months.

What can I do with EKS SSP using Terraform?

🐬 Provides a framework and methodology for building Shared Services Platforms (SSP) on Amazon EKS.
  • 🎯 The purpose of this guide is to provide solution architects and technical leaders with the knowledge needed to design production-ready Amazon EKS with Terraform. It describes the outcome, design, architecture, and implementation of Amazon EKS to run modernized applications.
  • 🎯 Using SSP Framework, you can set up and launch Amazon EKS clusters across multiple AWS accounts and AWS regions, each with an individual Terraform configuration and state file.
  • 🎯 Provisioning Amazon EKS clusters, managed Node Groups with On-Demand and Spot Amazon EC2 instance types, AWS Fargate profiles, and plugins or add-ons for creating Production-ready Amazon EKS Clusters ✅🚀. The Terraform Helm provider also deploys common Kubernetes add-ons by using Helm charts.

  • ✅ Deploy Well-Architected EKS clusters across any number of accounts and regions.
  • ✅ Manage cluster configuration, including add-ons that run in each cluster, from a single Git repository.
  • ✅ Define teams, namespaces, and their associated access permissions for your clusters.
  • ✅ Create Continuous Delivery (CD) pipelines that are responsible for deploying your infrastructure.
  • ✅ Leverage GitOps-based workflows for onboarding and managing workloads for your teams.
EKS-Accelerator >> Solution Objectives
  • Enable your cross-functional teams to use the same Amazon EKS cluster by provisioning Amazon EKS clusters that support multi-tenancy based on applications and namespaces.
  • Provision Amazon EKS clusters in new or existing Virtual Private Clouds (VPCs), which means that you can use existing VPCs if required.
  • Define your scaling metrics as a Kubernetes manifest by using Kubernetes Horizontal Pod Autoscaling and configurable options for expanding resource quotas and pod security policies.
  • Ensure Role-Based Access Control (RBAC) for your developers and administrators by using AWS Identity and Access Management (IAM) roles.
  • Deploy a private Amazon EKS cluster to secure your application and meet your compliance requirements.
  • Monitor and log applications and system pods by using Amazon CloudWatch to collect and track metrics.
  • Flexibly provision your Amazon EKS clusters with different node group types by running a combination of self-managed nodes, Amazon EKS managed node groups, and Fargate.
  • Deploy a Bottlerocket Amazon Machine Image (AMI) in self-managed node groups to run container workloads in a purpose-built operating system (OS) on the AWS Cloud.

1. Development Environment

🎯 Provides software, tools, and a GitHub repository to implement this guide's solution.

2. High-level Architecture

Outlines the high-level architecture, AWS services, and Helm modules used.
  • [x] Amazon EKS clusters in different environments in AWS accounts across multiple AWS Regions, with a unique Terraform configuration and state file for each Amazon EKS cluster.
  • [x] One VPC with private subnets in each Availability Zone for nodes.
  • [x] VPC endpoints to access AWS services across AWS accounts.
  • [x] Managed node groups with On-Demand Instances.
  • [x] Managed node groups with Spot Instances.
  • [ ] Fargate profiles run serverless workloads.
  • [x] Amazon Elastic Container Registry (Amazon ECR) stores the Docker images for application microservices and Helm add-ons for application deployments.
  • [x] On-Demand instances in an Amazon EC2 Auto Scaling group that are used as underlying computing infrastructure for the Amazon EKS cluster.
  • [x] Nodes deployed over multiple Availability Zones and using Amazon EC2 Auto Scaling groups.
  • [x] An Amazon Route 53 Domain Name System (DNS) zone for service discovery and a Network Load Balancer configured for HTTPS encrypted traffic.
  • [ ] AWS Certificate Manager (ACM) to provision Secure Sockets Layer/Transport Layer Security (SSL/TLS) certificates for secure communication.
  • [x] Kubernetes Metrics Server to collect metrics from running pods, such as CPU and memory utilization.
  • [x] Kubernetes Cluster Autoscaler to scale in and out of nodes.
  • [x] An Application Load Balancer ingress controller to load balance the application traffic.
  • [ ] Amazon CloudWatch with Fluent Bit for logging application logs and cluster logs.
  • [ ] Amazon Elasticsearch Service (Amazon ES) and Amazon Simple Storage Service (Amazon S3) for centralized logging.

3. Helm Add-ons & Autoscaler

Helm package manager helps you install and manage applications in your Kubernetes cluster.

4. Logging and Monitoring

🎯 The centralized logging and monitoring solutions that can be implemented for EKS clusters.

Control Plane logs: Amazon EKS control plane logging provides audit and diagnostic logs from the control plane to Amazon CloudWatch Logs groups in your AWS account.

Application logs: To collect application logs you must install a log aggregator, such as Fluent Bit, Fluentd, or CloudWatch Container Insights, in your Amazon EKS cluster.

5. 🐳 MVP

🎯 The MVP/Pilot workloads should be implemented based on the organization's policies and requirements.

  • ✅ [Go] Listmonk
  • ✅ [Java] Camunda
  • ✅ [LAMP] Wordpress & Mautic
  • ✅ [MERN] Strapi
  • ☑️ [.NET]