How to create an AWS EKS cluster using CircleCI, AWS EKS Orb
In this tutorial we are going to follow the instructions of the following resources
This is my project’s repository.
Steps
- Create the CircleCI account
2. Create a GitHub repository
3. Create the basic project structure
Create a .circleci/config.yml in the project’s root directory
Add the create-eks-cluster script in the config.yml, you can copy-paste it from here.
4. In CircleCI setup the project.
Once on the Project page, find the project you are using and click Set Up Project.
According to the AWS EKS orb’s repo it is very important to meet these requirements before running the pipeline:
Add the AWS credentials as environment variables. Configure AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION as CircleCI project or context environment variables as shown in the links provided for project or context.
Add the policies to the IAM user suggested in the official eksctl website as Minimum IAM policies
5. Run the Pipeline by pushing a new commit to the GitHub repository or manually in the project’s GUI in CircleCI
Frequent mistakes
Problem 1:
Error message
EnvAccessKeyNotFound: failed to find credentials in the environment
Cause: Not creating as as CircleCI project or context environment variables the AWS credentials.
Solution
to configure AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION as CircleCI project or context environment variables.
Problem 2: is not authorized to perform: ssm:GetParameter
Error message:
Error: unable to determine AMI to use: error getting AMI from SSM Parameter Store: AccessDeniedException: User: arn:aws:iam::360482763937:user/ is not authorized to perform: ssm:GetParameter on resource: arn:aws:ssm:us-west-1:360482763937:parameter/aws/service/eks/optimized-ami/1.15/amazon-linux-2/recommended/image_idCause: Not having the right AWS IAM permissions
Solution
Add the policies to the IAM user suggested in the official eksctl website as Minimum IAM policies
