Deploy a Container Web App on Amazon EKS


Module 1: Create an EKS Cluster

In this module, you will learn how to create an Amazon EKS cluster


Before we deploy the containerized application, we need to create a Kubernetes cluster. We will be using Amazon EKS to create the cluster. In this guide, the Amazon EKS cluster consists of a control plane and using Amazon EC2 as worker nodes. To create the Kubernetes cluster, we're going to use AWS CDK. AWS CDK provides flexibility to enable provisioning of a Kubernetes cluster in a predictable and repeatable manner.

What You Will Learn

  • Building AWS CDK application to create Amazon EKS cluster with Amazon EC2 as worker nodes
  • Testing and performing basic operation to Kubernetes cluster

 Time to Complete

10 minutes

 Module Prereqs

  • AWS Account with administrator-level access**
  • Recommended browser: The latest version of Chrome or Firefox

[**]Accounts created within the past 24 hours might not yet have access to the services required for this tutorial.


Once that you have defined the IAM role, and EKS cluster, the next step is to deploy the CDK stack. Before you do that, you need to configure CDK to know which Account ID and region to use by changing eks/cluster/ and uncommenting line 24:

Build AWS CDK Application

In this step, you will prepare your work folders. You will create two different folders within the root folder eks. The first folder, k8s-cluster, is for cluster creation and will host your CDK code to create it. The second folder, cdk8s, will contain the code to create and deploy your application to the cluster using cdk8s. Create the directories, and create your CDK project using Python by running:

mkdir eks
cd eks
mkdir cluster cdk8s
cd cluster

cdk init app --language=python

This will create the skeleton CDK app, with some useful command outputs:

cdk init app --language=python
Applying project template app for python

# Welcome to your CDK Python project!

This is a blank project for Python development with CDK.

The `cdk.json` file tells the CDK Toolkit how to execute your app.


To add additional dependencies, for example other CDK libraries, just add
them to your `` file and rerun the `pip install -r requirements.txt`

## Useful commands

 * `cdk ls`          list all stacks in the app
 * `cdk synth`       emits the synthesized CloudFormation template
 * `cdk deploy`      deploy this stack to your default AWS account/region
 * `cdk diff`        compare deployed stack with current state
 * `cdk docs`        open CDK documentation


Please run 'python3 -m venv .venv'!
Executing Creating virtualenv...

Please run the code below.

python3 -m venv .venv
source .venv/bin/activate

There are 2 main resources that you need to create in this module, the Amazon EKS cluster and AWS IAM role. By creating an IAM role and attaching it to the cluster, it will grant the systems:masters privileges. In order to do that, we need to add the and libraries into our CDK application. The aws-cdk-lib, constructs and aws-cdk.lambda-layer-kubectl-v28 are required libraries for deployment step. You need to ensure that you use the libraries that match your version of CDK, to check CDK's version, run cdk --version:

cdk --version

2.122.0 (build 7e77e02)

Using the version number shown, open eks/cluster/requirements.txt, and requirements.txt should resemble this:


To install these libraries, run

pip3 install -r requirements.txt

Creating a new VPC is best practice for building a Kubernetes cluster using EKS, and you can read more about this in the documentation. To create your EKS cluster, open eks/cluster/ and add following lines:

from aws_cdk import (
    aws_iam as iam,
    aws_eks as eks,
    aws_ec2 as ec2
from aws_cdk.lambda_layer_kubectl_v28 import KubectlV28Layer
from constructs import Construct
import yaml

class ClusterStack(Stack):

    def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
        super().__init__(scope, construct_id, **kwargs)

        # Create a master role 
        iam_role = iam.Role(self, id=f"{construct_id}-iam",
                    role_name=f"{construct_id}-iam", assumed_by=iam.AccountRootPrincipal())
         # Create and EKS Cluster 
        eks_cluster = eks.Cluster(
            self, id=f"{construct_id}-cluster",
            default_capacity_instance=ec2.InstanceType.of(ec2.InstanceClass.BURSTABLE3, ec2.InstanceSize.MICRO),
            kubectl_layer=KubectlV28Layer(self, "KubectlLayer")

Once that you have defined the IAM role, and EKS cluster, the next step is to deploy the CDK stack. Before you do that, you need to configure CDK to know which Account ID and region to use by changing eks/cluster/ and uncommenting line 18:

env=cdk.Environment(account=os.getenv('CDK_DEFAULT_ACCOUNT'), region=os.getenv('CDK_DEFAULT_REGION')),

To set different account or different region, it is possible to statically set account and region variables in line 23 while keeping line 18 as comment.

23: env=cdk.Environment(account='123456789012', region='eu-west-1'),

This will use the Account ID and region configured in the AWS CLI. Before you can use CDK, it needs to be bootstrapped - this will create the required infrastructure for CDK to manage infrastructure in your account. To bootstrap CDK, run cdk bootstrap. You should see output similar to:

cdk bootstrap

⏳  Bootstrapping environment aws://0123456789012/...
✅  Environment aws://0123456789012/ bootstrapped

Once the bootstrapping has completed, you will run cdk deploy to deploy the cluster. 

cdk deploy

You should see output similar to the following:

CDK will prompt you before creating the infrastructure as it is creating infrastructure that changes security configuration - in your case, by creating IAM roles and security groups. Press y and then hit enter to deploy. CDK will now set up all the infrastructure you defined, and it will take a few minutes to complete. 

If everything went successfully, you will get following results at the end of the execution:

 ✅  ClusterStack

✨  Deployment time: 1150.08s

ClusterStack.ClusterStackclusterConfigCommand1CAA6E63 = aws eks update-kubeconfig --name ClusterStack-cluster --region eu-west-1 --role-arn arn:aws:iam::0123456789012:role/ClusterStack-iam
ClusterStack.ClusterStackclusterGetTokenCommand010D10BE = aws eks get-token --cluster-name ClusterStack-cluster --region eu-west-1 --role-arn arn:aws:iam::0123456789012:role/ClusterStack-iam
Stack ARN:

You will see 3 warnings printed out similar to:

[Warning at /ClusterStack/ClusterStack-cluster] Could not auto-tag public subnet subnet-3a618f43 with "", please remember to do this manually

Your cluster is now ready. To operate your cluster, you need to update the Kubernetes configuration (kubeconfig) to point to it so that the kubectl command will work. Copy the ConfigCommand from your terminal output and execute it, it should look something like this:

aws eks update-kubeconfig --name ClusterStack-cluster --region <YOUR-REGION> --role-arn arn:aws:iam::<YOUR-ACCT-NUMBER>:role/ClusterStack-iam

The output will resemble the following

Added new context arn:aws:eks:eu-west-1:0123456789012:cluster/ClusterStack-cluster to /home/ubuntu/.kube/config

To confirm that everything is configured correctly, run kubectl get all to confirm, you should see the following:

kubectl get all

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP           443/TCP   15m


In this module, we covered created an Amazon EKS cluster using the CLI. In the next module, we will install and learn about CDK8s.

Up Next: Install CDK8s

Was this page helpful?