Creating the Amazon EKS node IAM role

To create your Amazon EKS node role in the IAM console

You can create the node IAM role with the AWS Management Console or the AWS CLI.

  1. Open the IAM console at https://console.aws.amazon.com/iam/

  2. In the left navigation pane, choose Roles.

  3. On the Roles page, choose Create role.

  4. On the Select trusted entity page, do the following:

    1. In the Trusted entity type section, choose AWS service.

    2. Under Use case, choose EC2.

    3. Choose Next.

  5. On the Add permissions page, do the following:

    1. In the Filter policies box, enter AmazonEKSWorkerNodePolicy.

    2. Select the check box to the left of AmazonEKSWorkerNodePolicy in the search results.

    3. Choose Clear filters.

    4. In the Filter policies box, enter AmazonEC2ContainerRegistryReadOnly.

    5. Select the check box to the left of AmazonEC2ContainerRegistryReadOnly in the search results.

      Either the AmazonEKS_CNI_Policy managed policy, or an IPv6 policy that you create must also be attached to either this role or to a different role that's mapped to the aws-node Kubernetes service account. We recommend assigning the policy to the role associated to the Kubernetes service account instead of assigning it to this role. For more information, see Configuring the Amazon VPC CNI plugin for Kubernetes to use IAM roles for service accounts.

    6. Choose Next.

  6. On the Name, review, and create page, do the following:

    1. For Role name, enter a unique name for your role, such as AmazonEKSNodeRole.

    2. For Description, replace the current text with descriptive text such as Amazon EKS - Node role in IAM console 

    3. Under Add tags (Optional), add metadata to the role by attaching tags as key–value pairs. For more information about using tags in IAM, see Tagging IAM Entities in the IAM User Guide.

    4. Choose Create role.


Make sure to use the same role whenever you're creating EKS node group in EKS cluster. 

 

Comments

Post a Comment

Popular posts from this blog

Application Load Balancer - Config Steps by Girish

Image
  Please follow below steps After configuring ALB & Target Groups.   Note: In your Security group --> Ensure to enable Ports (RDP & HTTP:80) Step1:  Take RDP to Instance-1 Step2:  Go to server manager --> Click on add a role --> Select IIS role and then install IIS (Note: it may restart your instance). Step3:  Go to C drive --> Open inetpub folder --> click wwwroot folder -->  There will be existing IIS 2 files --> Open PNG file with notepad and enter some text and then save it.  Step4:  Open IIS manager --> Goto sites --> Restart default Site. Step5:  Copy ALB Security group Name and go to EC2 Instance --> Go to Security group --> edit outbound rules --> add HTTP rule --> Paste ALB security name as destination.  Please find below screenshot for your kind reference.  Step6:    Copy EC2 Security group Name and go to ALB console --> Go to Security group section --...
Read more

AWS RDS MS-SQL is Very Slow

RDS is a fully managed Instance by AWS.  The performance of your Amazon RDS for MSSQL instance might be affected for multiple reasons, such as: Undersized hardware Changes in workload Increased traffic Memory issues Suboptimal query plans Use a combination of these tools to identify the cause of slow-running queries: Performance Insights metrics (in RDS) Amazon Cloud Watch metrics Enhanced Monitoring metrics Database statistics Native database tools Cloud Watch metrics To identify performance bottlenecks caused by insufficient resources, monitor these common CloudWatch metrics available for your Amazon RDS DB instance. CPU Utilization - Percentage of computer processing capacity used FreeableMemory - Available RAM on the DB instance SwapUsage - Swap space used by the DB instance A higher percentage of CPU utilization generally indicates an active workload on the instance and the need for more CPU resources. Higher memory utilization along with swap space consumption indicates frequ...
Read more

VPC Peering Connection by Cloud Architect (i.e Girish Babu)

Image
This article is primarily intended for AWS Batch 43. For any queries, feel free to contact me at 9036367291. I'm considering 2 AWS Regions (Virginia & Ohio) for VPC Peering Step1: Create VPC (10.0.0.0/16) on Virginia (VPC Name: VirginiaVPC) Step2: Select Virginia VPC --> Goto actions and enable DNS hostnames and save changes. Step3: Create Public Subnet (10.0.1.0/24) on Virginia VPC Step4: Select Public Subnet and Ensure to assign Public IP for this Public Subnet Step5: Create IG and attach it the Virginia VPC. Step6: Create a Route Table --> Goto to Routes --> edit the routes --> Enter 0.0.0.0/0 and select IG under next drop down.   Step7: Goto the Route table --> go to the subnet associations --> add the subnet, click on save.  Step8: Launch EC2 instances in Virginia region and select the Public subnet.  Step9: Create new SG with the name as Virginia_SG and add inbound rules (ICMP Port, set IP as 10.1.0.0/16) and save the SG.  Please c...
Read more