Forum Navigation
You need to log in to create posts and topics.

Install Bastion Server for EKS Deployment

Overview

Amazon Elastic Kubernetes Service (Amazon EKS) is a managed Kubernetes service. EKS integrates with AWS App Mesh and provides a Kubernetes native experience to consume service mesh features and bring rich observability, traffic controls and security features to applications.

Linux bastion host in an Auto Scaling group to allow inbound Secure Shell (SSH) access to Amazon Elastic Compute Cloud (Amazon EC2) instances in private subnets. An Amazon EKS cluster, which provides the Kubernetes control plane. In the private subnets, a group of Kubernetes nodes.

Install Bastion Host

Bastion Server is based on Ami Linux first install a standard AMI Linux 2 t2.medium should be sufficient for basic operations. Give Proper permissions and add to VPC and Security Groups so you can access it using SSH

Note: This step assumes you are using the Bash shell; if you are using another shell, change the command to use your specific shell initialisation file.

Configure your AWS CLI credentials

Get key from IAM services

Choose User and Add new User type your username

Eks-bastion-server

And choose Access Type: Programmatic access

Press next and choose existing EKS group or create a new one

Type Group name

EKS-Bastion

In the filter policies search for EKS and choose the following Policies

  • AdministratorAccess
  • AmazonEKS_CNI_Policy
  • AmazonEKSClusterPolicy
  • AmazonEKSFargatePodExecutionRolePolicy
  • AAmazonEKSServicePolicy
  • AAmazonEKSVPCResourceController
  • AmazonEKSWorkerNodePolicy

Upon creation copy and save your AWS Access Key ID and Secret access key should look like this

Access key ID: A***************

Secret Access Key: v******************

Run the command to configure AWS on your Bastion Machine

$ aws configure

AWS Access Key ID [None]: A***************

AWS Secret Access Key [None]: v***************

Default region name [None]: region-code (Example: us-east-2)

Default output format [None]: json