In my previous post I demonstrated how easy it has become to deploy a webapplications with an HTTPS backend on Kubernetes and Azure. In this post I demonstrate the same but on AWS.

In order to follow along you should clone the sample code from this repository:

git clone

First configure the aws access_key and secret_key for Terraform:

export AWS_DEFAULT_REGION="eu-west-1"

With all this configuration in place we can instruct Terraform to create the kubernetes cluster:

terraform init
terraform apply -auto-approve

After a couple (~15) of minutes your cluster will be ready. Importing the credentials into your ~/.kube/config can be done as following:

aws eks --region $AWS_DEFAULT_REGION update-kubeconfig --name demo

There are some differences with AKS:

  • On AKS a client and key certificate are added to your kubeconfig. On EKS an entry is added which invokes aws eks get-token

  • On EKS the Kubernetes master runs in a different network and you need to provision such that the nodegroups can connect to this master. In my example this is achieved by installing an internet gateway.

Another remark: In case you try to create a Fargate profile and it fails you should verify that you are doing it in a supported region.

Now it is time to deploy the NGINX Ingress Controller. We also need to apply the aws specific additions:

kubectl apply -f
kubectl apply -f
kubectl apply -f

Deploying the NGINX Ingress Controller results in the creation of a loadbalancer and a public ip. Here is how you can fetch that address:

aws elb describe-load-balancers | jq -r '.LoadBalancerDescriptions[].DNSName'

In this example we want to access our applications as We achieve this by adding an A-record (the azure public ip address) pointing to *

For the HTTPS part we install cert-manager and use Let’s Encrypt to provide certificates:

kubectl apply --validate=false -f
kubectl apply -f letsencrypt.yaml

With all this infrastructure in place we can deploy a sample application:

kubectl create deployment hello-node
kubectl expose deployment hello-node --port=8080
kubectl apply -f hello-node-ingress.yaml 

Or we can deploy and expose the kubernetes dashboard:

kubectl apply -f
kubectl apply -f dashboard-sa.yaml
kubectl apply -f dashboard-ingress.yaml

You can fetch the token as following:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')