DEV Community

Dennis Groß (he/him)
Dennis Groß (he/him)

Posted on • Originally published at on

How To Create an EKS Cluster with CDK

Elastic Kubernetes Service (EKS) is the managed Kubernetes offering from AWS.

Kubernetes clusters in AWS come in essentially two forms

  • Fargate clusters - fully-managed clusters by AWS, you just deploy your Kubernetes workloads and do not worry about the rest.
  • EC2 instance type clusters - Kubernetes worker nodes get deployed into your AWS account, the control plane is fully-managed by AWS.

The Fargate mode is great if you want to deploy applications on Kubernetes without worrying so much about cluster maintenance but comes with a premium.

EC2 instance-type clusters offer you more flexibility and therefore cost-saving options. This deployment mode is great if you plan on having Kubernetes Batch Processing on EC2 spot instances, or specific constraints towards your Kubernetes cluster.

Read more about EKS here.

EC2 Instance Type EKS Cluster

Here is a simple EKS cluster that does not expose the Kubernetes API to the internet.

const instanceType = new aws_ec2.InstanceType('t3.micro');

const cluster = new aws_eks.Cluster(this, 'MyCluster', {
  version: aws_eks.KubernetesVersion.V1_21,
  vpc: vpc,
  defaultCapacity: 1,
  endpointAccess: aws_eks.EndpointAccess.PRIVATE,
  defaultCapacityInstance: instanceType,

Enter fullscreen mode Exit fullscreen mode

Find out how you can create and configure a VPC here

EKS supports the EndpointAccess modes

  • PRIVATE - worker nodes deployed in private VPC subnet, control plane only reachable within the vpc.
  • PUBLIC - worker nodes deployed in public VPC subnet, control plane reachable from the internet.
  • PUBLIC_AND_PRIVATE - worker nodes deployed in private VPC subnet, control plane reachable from the internet.

Although possible, I would strongly advise you against exposing the EKS control plane to the internet. Try to either set up a GitOps workflow with ArgoCD instead or deploy an EC2 Bastion instance in the public subnet of your VPC to reach the Kubernetes control plane with the kubectl.

Fargate EKS Cluster

Fargate is a serverless solution for Kubernetes on AWS. You do not have control over the Kubernetes control plane or the worker nodes in this deployment mode. You can only deploy applications to your Fargate cluster through Kubernetes manifests and specify application resource demands.

const cluster = new aws_eks.FargateCluster(this, 'MyCluster', {
  version: aws_eks.KubernetesVersion.V1_21,

Enter fullscreen mode Exit fullscreen mode

Enable EKS Control Plane Logs to CloudWatch

The control plane for both the Fargate and EC2 instance deployment mode runs in an AWS-managed account. But it is still possible and absolutely recommended to redirect the control plane logs to CloudWatch.

const cluster = new aws_eks.Cluster(this, 'MyCluster', {
  clusterLogging: [

Enter fullscreen mode Exit fullscreen mode

Setup Open Id Connect with IAM Policy

coming soon

Top comments (0)