Secure EKS API Access with Authentication and Authorization Controls using Terraform

June 10, 2026June 13, 2026 ~ sourav kundu ~ Leave a comment

Amazon EKS hosts containerized workloads, but any entity that needs to communicate with the cluster, whether to install addons, deploy applications via Helm, or check pod statuses with kubectl, must first have access to the cluster. By default, the IAM principal that creates the cluster receives implicit administrative access. However, for subsequent operations, a different … Continue reading Secure EKS API Access with Authentication and Authorization Controls using Terraform

Deploy Karpenter and Metrics Server on Amazon EKS using Terraform and Helm

June 2, 2026June 2, 2026 ~ sourav kundu ~ Leave a comment

Amazon EKS manages the control plane, but managing the data plane, the EC2 instances on which pods run, is the customer's responsibility. To provision data plane capacity, you create managed node groups backed by Auto Scaling Groups (ASGs), with a launch template that locks in instance types, capacity type (on-demand or spot), and scaling limits. … Continue reading Deploy Karpenter and Metrics Server on Amazon EKS using Terraform and Helm

Deploy AWS Load Balancer Controller with Multi-Configuration Terraform and Helm

May 8, 2026May 9, 2026 ~ sourav kundu ~ 1 Comment

Amazon EKS excels at running containerized workloads, but getting traffic to them requires thoughtful load-balancer architecture. The AWS Load Balancer Controller bridges this gap by automatically provisioning Application Load Balancers (ALBs) and Network Load Balancers (NLBs) based on Kubernetes resource definitions, eliminating manual infrastructure management. In this article, I'll deploy the AWS Load Balancer Controller using … Continue reading Deploy AWS Load Balancer Controller with Multi-Configuration Terraform and Helm

Provision a secure Amazon EKS cluster using Terraform and GitHub Actions

May 3, 2026May 8, 2026 ~ sourav kundu ~ 3 Comments

Amazon EKS is a managed Kubernetes service from AWS that closely follows the open source Kubernetes release cycle and eliminates the operational overhead of running control plane components. While cloud engineers maintain full control over worker nodes and applications, AWS handles the control plane infrastructure, scaling, and high availability — but the engineering team controls … Continue reading Provision a secure Amazon EKS cluster using Terraform and GitHub Actions

Setup cross-account Amazon Elastic Container Registry (ECR) access using Terraform and GitHub Actions

December 4, 2024December 4, 2024 ~ sourav kundu ~ Leave a comment

Amazon Elastic Container Registry (ECR) is a fully managed Docker container registry that allows developers to store container images securely. It does so by storing them in an ECR repository, a logical separation for storing, organizing, and versioning the Docker images inside an ECR repository. In a typical containerized application CI/CD pipeline, the Continuous Integration … Continue reading Setup cross-account Amazon Elastic Container Registry (ECR) access using Terraform and GitHub Actions

Blue-Green Deployments for Amazon ECS Fargate with CodeDeploy, Terraform, and GitHub Actions

October 31, 2024November 10, 2024 ~ sourav kundu ~ Leave a comment

Blue-green deployment is a software release strategy that minimizes downtime and risk by running two identical environments, "blue" and "green." At any given time, one environment (e.g., blue) is live and serving traffic, while the other (green) is idle and used for staging new updates. Once the updates are tested and validated in the green … Continue reading Blue-Green Deployments for Amazon ECS Fargate with CodeDeploy, Terraform, and GitHub Actions

Protecting Credentials and Variables in AWS Fargate Containers using AWS Secrets Manager

July 2, 2024October 6, 2024 ~ sourav kundu ~ 1 Comment

Credentials and sensitive variables allow access to confidential data and must be protected from unauthorized access so only permitted entities can access them. AWS Fargate is a technology that can be used with Amazon ECS to run containers. AWS Fargate is commonly used to run workloads to interact with databases or access confidential data or … Continue reading Protecting Credentials and Variables in AWS Fargate Containers using AWS Secrets Manager

Enabling Health Checks and CloudWatch Logs for AWS Fargate Tasks

June 27, 2024October 6, 2024 ~ sourav kundu ~ 2 Comments

In Amazon Elastic Container Service (ECS), HealthCheck is a mechanism for monitoring the health status of containerized applications running in tasks. It helps ensure that only healthy containers (with health check passing) serve traffic and unhealthy containers are replaced automatically. Configuring the ECS Managed Healthcheck is crucial for maintaining the availability, reliability, and scalability of … Continue reading Enabling Health Checks and CloudWatch Logs for AWS Fargate Tasks

Continuous Deployment of Amazon ECS service using Terraform and GitHub Actions

May 6, 2024October 6, 2024 ~ sourav kundu ~ 5 Comments

This note demonstrates how to host a Docker image as a container in Amazon Elastic Container Service (Amazon ECS). Per AWS Docs, Amazon ECS is a fully managed container orchestration service that helps you easily deploy, manage, and scale containerized applications. Deploying a service into Amazon ECS can be divided into three separate use cases: … Continue reading Continuous Deployment of Amazon ECS service using Terraform and GitHub Actions

Build, Scan, and Push Docker image to Amazon ECR using GitHub Actions

April 28, 2024October 6, 2024 ~ sourav kundu ~ 6 Comments

This blog post is the second part of an umbrella series in which I demonstrate how to create and deploy an Amazon Elastic Container Service (ECS) service using Terraform and GitHub Actions. In the first part, I covered creating all the required AWS cloud services to host the ECS service. In this second part, I'll … Continue reading Build, Scan, and Push Docker image to Amazon ECR using GitHub Actions