Modernizing Deployment Workflows: Deploy EKS Cluster Using AWS Proton — Part 1
Introduction:
In the ever-evolving landscape of cloud computing, staying ahead of the curve is essential for businesses aiming to maximise efficiency and scalability. One of the critical aspects of cloud infrastructure is the deployment workflow, and Amazon Web Services (AWS) Proton has emerged as a powerful tool for modernising and streamlining this process. In this blog post, we’ll explore the significance of deployment workflows and delve into how AWS Proton can be leveraged to deploy Elastic Kubernetes Service (EKS) clusters seamlessly.
Understanding Deployment Workflows:
Traditional deployment workflows often involve manual steps and configurations, leading to inefficiencies, errors, and delays. Modernizing deployment workflows is crucial for achieving faster release cycles, reducing operational overhead, and ensuring consistent and reliable deployments.
AWS Proton Overview:
AWS Proton is a fully managed deployment service designed to automate and standardize the process of deploying and managing infrastructure in the AWS Cloud. It simplifies the creation, deployment, and monitoring of microservices-based applications.
Key Benefits of AWS Proton:
Consistency and Standardization: AWS Proton provides a consistent and standardized way to deploy infrastructure, ensuring that every environment is created and managed similarly. This reduces the likelihood of errors and improves overall reliability.
Automation: By automating the deployment process, AWS Proton accelerates the release of applications, allowing development teams to focus on innovation rather than repetitive manual tasks.
Integration with AWS Services: Proton seamlessly integrates with other AWS services, including AWS CloudFormation and AWS Identity and Access Management (IAM), providing a comprehensive solution for deploying and managing applications.
In this tutorial, we’ll guide you through the process of setting up AWS Proton to deploy an Elastic Kubernetes Service (EKS) cluster using a predefined blueprint. Before we begin, ensure you have an AWS account and access to the AWS Management Console.
Choose Your AWS Region
Access the AWS console and pick the desired AWS region for this tutorial. Ensure the region you select supports both Amazon EKS and AWS Proton functionalities.
Create GitHub Repository
Create a brand-new repository on your GitHub account by using https://github.com/MadhavSake/eks-blueprints-for-proton.git. Keep the repository name as is or fork it if you like. Don’t forget to turn on GitHub Actions for your repository — you’ll need it for the next steps.
Go to GitHub repository Actions and Enable workflow
Before you proceed, make sure that GitHub Actions are turned on for your repository. The upcoming steps will trigger workflows, so go to your repository settings, navigate to Actions, then General, and ensure that “Allow all actions and reusable workflows” is chosen.
Set up an IAM user named protondev and connect the AWSProtonDeveloperAccess policy to this user.
Here is a set of permissions that you need to add to the protondev user. Make a new IAM user called protondev for the developer.
Attach the AWSProtonDeveloperAccess policy.
Add extra powers: CreateEnvironment, UpdateEnvironment, DeleteEnvironment, and PassRole (for Proton service).
Allow DescribeCluster to use aws eks update-kubeconfig to make the config file. Optionally, enable Cloud Shell access for ease with the protondev user.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "proton.amazonaws.com"
}
}
},
{
"Effect": "Allow",
"Action": [
"proton:CreateEnvironment",
"proton:UpdateEnvironment",
"proton:DeleteEnvironment",
"iam:ListRoles"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "eks:DescribeCluster",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "cloudshell:*",
"Resource": "*"
}
]
}Authenticate GitHub with AWS IAM Role
To make Terraform set up or deploy EKS clusters, it has to take on the right IAM role. Additionally, because we’re using the open-source version of Terraform for our project, we also require an S3 bucket to store the Terraform state.
Create an AWS IAM role with a GitHub username and associate the AdministratorAccess policy with it.
Create a custom trust policy for the GitHub role.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Federated": "arn:aws:iam::656096645154:oidc-provider/token.actions.githubusercontent.com"
},
"Action": "sts:AssumeRoleWithWebIdentity",
"Condition": {
"ForAllValues:StringLike": {
"token.actions.githubusercontent.com:aud": "sts.amazonaws.com",
"token.actions.githubusercontent.com:sub": "repo:MadhavSake/*:*"
}
}
}
]
}Create an S3 bucket to store the Terraform state.
Retrieve the role ARN and the S3 bucket name from the output of the IaC above and update the env-config.json file in your GitHub repository. Update the env-config.json file in your GitHub repository with this information, and make sure to also adjust the region parameter to match the region you are working in.
Follow these instructions to set up an AWS CodeStar connection, allowing Proton to access your GitHub account and repositories:
Navigate to the AWS CodeStar console.
Choose “Connections” from the left-hand menu.
Click on “GitHub” type “Connection name” and Install AWS Connector for GitHub
Click on Only Select repositories and select eks-blueprits-for-proton repo.
Step 4: Add Repository in Proton Console
Go to the AWS Proton console.
Switch to the “Settings” tab and select “Repositories.”
Add the GitHub repository you created (or forked) in Step 2.
Point to the main branch of your repository.
Your repository should now be listed in the Proton console, similar to the example below (replace “yourGitHubName” with your actual GitHub username):
Step 5: Verify Setup
Ensure that the setup is successful by checking the repository details in the Proton console. If everything is configured correctly, you are now ready to use AWS Proton to deploy an EKS cluster based on the provided blueprint.
By following these steps, you’ve integrated AWS Proton with your GitHub repository, laying the foundation for automated and standardized EKS cluster deployments. This streamlined setup will enhance your development workflow, making managing and deploying cloud-native applications on Amazon EKS easier.
Create the environment template in Proton
Go to the Templates/Environment templates section on the Proton console and hit the “Create environment template” button. Keep everything default except for these changes: (1) choose “Sync templates from Git” as the Template bundle source; (2) select your repository; (3) set the Branch name to main; (4) name the Template eks-mng-karpenter-with-new-vpc.
Note: Make sure to set the name exactly as eks-mng-karpenter-with-new-vpc.
After a quick refresh, within a few seconds, you’ll notice a template version 1.0 showing up. It’s currently in Draft state. Click on Publish, and it will switch to Published state.
Deploy the cluster using Proton Environment
After the platform administrator has set up the template for the EKS cluster, log out of the console with the administrative account. Then, log back in using the protondev user you previously created.
Go to the Environments page in the Proton console and click on Create Environment. Choose the environment template you made earlier and click on Configure. In the Provisioning section, choose Self-managed Provisioning. For Provisioning repository details, select the Existing repository, pick the GitHub repo you created (or forked) earlier, and set main as the Branch name. Enter an Environment name, add an optional Environment description if you want, and click Next.
Next Configure custom settings to give Cluster name, VPC CIDR and User name
It is anticipated to take approximately 15 to 20 minutes for the deployment process. You can monitor the progress within the GitHub Actions workflow. Upon the completion of the workflow, you should observe the creation of the EKS cluster on the AWS EKS console.
Conclusion:
AWS Proton is a game-changer for organizations looking to modernize their deployment workflows and embrace the benefits of cloud-native technologies. By automating and standardizing the deployment process, Proton empowers teams to focus on innovation and deliver value to their customers faster. Deploying EKS clusters with AWS Proton is a step towards achieving a more efficient, scalable, and reliable cloud infrastructure.
