Deploy a Container Web App on Amazon EKS


Module 1: Create an EKS Cluster

In this module, you will learn how to create an Amazon EKS cluster


Before we deploy the containerized application, we need to create a Kubernetes cluster. We will be using Amazon EKS to create the cluster. In this guide, the Amazon EKS cluster consists of a control plane and using Amazon EC2 as worker nodes. To create the Kubernetes cluster, we're going to use AWS CDK. AWS CDK provides flexibility to enable provisioning of a Kubernetes cluster in a predictable and repeatable manner.

What You Will Learn

  • Building AWS CDK application to create Amazon EKS cluster with Amazon EC2 as worker nodes
  • Testing and performing basic operation to Kubernetes cluster

 Time to Complete

10 minutes

 Module Prereqs

  • AWS Account with administrator-level access**
  • Recommended browser: The latest version of Chrome or Firefox

[**]Accounts created within the past 24 hours might not yet have access to the services required for this tutorial.


Once that you have defined the IAM role, and EKS cluster, the next step is to deploy the CDK stack. Before you do that, you need to configure CDK to know which Account ID and region to use by changing eks/cluster/ and uncommenting line 24:

Build AWS CDK Application

In this step, you will prepare your work folders. You will create two different folders within the root folder eks. The first folder, k8s-cluster, is for cluster creation and will host your CDK code to create it. The second folder, cdk8s, will contain the code to create and deploy your application to the cluster using cdk8s. Create the directories, and create your CDK project using Python by running:

mkdir eks
cd eks
mkdir cluster cdk8s
cd cluster

cdk init app --language=python

This will create the skeleton CDK app, with some useful command outputs:

cdk init app --language=python
Applying project template app for python

# Welcome to your CDK Python project!

This is a blank project for Python development with CDK.

The `cdk.json` file tells the CDK Toolkit how to execute your app.


To add additional dependencies, for example other CDK libraries, just add
them to your `` file and rerun the `pip install -r requirements.txt`

## Useful commands

 * `cdk ls`          list all stacks in the app
 * `cdk synth`       emits the synthesized CloudFormation template
 * `cdk deploy`      deploy this stack to your default AWS account/region
 * `cdk diff`        compare deployed stack with current state
 * `cdk docs`        open CDK documentation


Please run 'python3 -m venv .venv'!
Executing Creating virtualenv...

Please make sure to run python3 -m venv .venv afterwards.

There are 2 main resources that you need to create in this module, the Amazon EKS cluster and AWS IAM role. By creating an IAM role and attaching it to the cluster, it will grant the systems:masters privileges. In order to do that, we need to add the and libraries into our CDK application. The and pyyaml are required libraries for deployment step. You need to ensure that you use the libraries that match your version of CDK, to check CDK's version, run cdk --version:

cdk --version

1.121.0 (build 026cb8f)

Using the version number shown, open eks/cluster/requirements.txt and append following lines:


To install these libraries, run pip3 install -r requirements.txt.

Creating a new VPC is best practice for building a Kubernetes cluster using EKS, and you can read more about this in the documentation. For this guide, you will be using the default VPC provided with each new account to simplify the deployment. To create your EKS cluster, open eks/cluster/ and add following lines:

from aws_cdk import core as cdk
from aws_cdk import aws_iam as iam
from aws_cdk import aws_eks as eks
from aws_cdk import aws_ec2 as ec2

class ClusterStack(cdk.Stack):

    def __init__(self, scope: cdk.Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # Look up the default VPC
        vpc = ec2.Vpc.from_lookup(self, id="VPC", is_default=True)

        # Create master role for EKS Cluster
        iam_role = iam.Role(self, id=f"{construct_id}-iam",
                            role_name=f"{construct_id}-iam", assumed_by=iam.AccountRootPrincipal())

        # Creating Cluster with EKS
        eks_cluster = eks.Cluster(
            self, id=f"{construct_id}-cluster", 
            default_capacity_instance=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE2, ec2.InstanceSize.MICRO), 

Once that you have defined the IAM role, and EKS cluster, the next step is to deploy the CDK stack. Before you do that, you need to configure CDK to know which Account ID and region to use by changing eks/cluster/ and uncommenting line 24:

env=core.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), region=os.getenv('CDK_DEFAULT_REGION')),

This will use the Account ID and region configured in the AWS CLI. Before you can use CDK, it needs to be bootstrapped - this will create the required infrastructure for CDK to manage infrastructure in your account. To bootstrap CDK, run cdk bootstrap. You should see output similar to:

cdk bootstrap

⏳  Bootstrapping environment aws://0123456789012/<region>...
✅  Environment aws://0123456789012/<region> bootstrapped

Once the bootstrapping has completed, you will run cdk deploy to deploy the cluster. 

cdk deploy

You should see output similar to the following:

CDK will prompt you before creating the infrastructure as it is creating infrastructure that changes security configuration - in your case, by creating IAM roles and security groups. Press y and then hit enter to deploy. CDK will now set up all the infrastructure you defined, and it will take a few minutes to complete. 

If everything went successfully, you will get following results at the end of the execution:

✅  ClusterStack

ClusterStack.ClusterStackclusterConfigCommand1CAA6E63 = aws eks update-kubeconfig --name ClusterStack-cluster --region eu-west-1 --role-arn arn:aws:iam::0123456789012:role/ClusterStack-iam
ClusterStack.ClusterStackclusterGetTokenCommand010D10BE = aws eks get-token --cluster-name ClusterStack-cluster --region eu-west-1 --role-arn arn:aws:iam::0123456789012:role/ClusterStack-iam
ClusterStack.ClusterStackoutclusterName = ClusterStack-cluster
ClusterStack.ClusterStackouteksSgId = sg-08b0517c72f0e2696
ClusterStack.ClusterStackoutkubectlRoleArn = arn:aws:iam::0123456789012:role/ClusterStack-ClusterStackclusterCreationRole9D9F21-29ZO9XWJLC4Q
ClusterStack.ClusterStackoutoidcArn = arn:aws:iam::0123456789012:oidc-provider/
ClusterStack.ClusterStackoutvpcAz = ['eu-west-1a', 'eu-west-1b', 'eu-west-1c']
ClusterStack.ClusterStackoutvpcId = vpc-b8e25ec1

Stack ARN:

You will see 3 warnings printed out similar to:

[Warning at /ClusterStack/ClusterStack-cluster] Could not auto-tag public subnet subnet-3a618f43 with "", please remember to do this manually

This guide uses Kubernetes 1.20, and subnet tagging was only used prior to 1.19, so you can safely ignore these warnings. Your cluster is now ready. To operate your cluster, you need to update the Kubernetes configuration (kubeconfig) to point to it so that the kubectl command will work. Copy the ConfigCommand from your terminal output and execute it, it should look something like this:

aws eks update-kubeconfig --name ClusterStack-cluster --region eu-west-1 --role-arn arn:aws:iam::0123456789012:role/ClusterStack-iam
Added ew context arn:aws:eks:eu-west-1:0123456789012:cluster/ClusterStack-cluster to /home/ubuntu/.kube/config

To confirm that everything is configured correctly, run kubectl get all to confirm, you should see the following:

kubectl get all

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   <none>        443/TCP   15m


In this module, we covered created an Amazon EKS cluster using the CLI. In the next module, we will install and learn about CDK8s.

Up Next: Install CDK8s

Was this page helpful?