Create Fargate Profile
Create the Pod execution IAM role
Using CloudFormation
CLUSTER_NAME="<cluster name>"
STACK_NAME="<stack name>"
ROLE_NAME="<role name>"
PROJECT_NAME="<project name>"
REGION="<region>"
curl -LO https://raw.githubusercontent.com/marcus16-kang/aws-resources-example/main/scripts/eks/fargate-profile-role-cfn.yaml
# Deploy stack
aws cloudformation deploy \
--template-file ./fargate-profile-role-cfn.yaml \
--stack-name $STACK_NAME \
--capabilities CAPABILITY_NAMED_IAM \
--parameter-overrides RoleName=$ROLE_NAME ProjectName=$PROJECT_NAME \
--tags project=$PROJECT_NAME \
--region $REGION
# Get IAM role arn
aws cloudformation describe-stacks \
--stack-name $STACK_NAME \
--query "Stacks[0].Outputs[0].OutputValue" \
--output text \
--region $REGION
$CLUSTER_NAME="<cluster name>"
$STACK_NAME="<stack name>"
$ROLE_NAME="<role name>"
$PROJECT_NAME="<project name>"
$REGION="<region>"
curl.exe -LO https://raw.githubusercontent.com/marcus16-kang/aws-resources-example/main/scripts/eks/fargate-profile-role-cfn.yaml
# Deploy stack
aws cloudformation deploy `
--template-file ./fargate-profile-role-cfn.yaml `
--stack-name $STACK_NAME `
--capabilities CAPABILITY_NAMED_IAM `
--parameter-overrides ClusterName=$CLUSTER_NAME RoleName=$ROLE_NAME ProjectName=$PROJECT_NAME `
--tags project=$PROJECT_NAME `
--region $REGION
# Get IAM role arn
aws cloudformation describe-stacks `
--stack-name $STACK_NAME `
--query "Stacks[0].Outputs[0].OutputValue" `
--output text `
--region $REGION
Create the trust policy file
| pod-execution-role-trust-policy.json | |
|---|---|
cat << EOF >> pod-execution-role-trust-policy.json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Condition": {
"ArnLike": {
"aws:SourceArn": "arn:aws:eks:<region code>:<account id>:fargateprofile/<cluster name>/*"
}
},
"Principal": {
"Service": "eks-fargate-pods.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
Create the role
aws iam create-role \
--role-name <pod execution role name> \
--assume-role-policy-document file://"pod-execution-role-trust-policy.json"
aws iam attach-role-policy \
--policy-arn arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy \
--role-name <pod execution role name>
Create Fargate profile
Using AWS CLI
CLUSTER_NAME="<cluster name>"
FARGATE_PROFILE_NAME="<fargate profile name>"
FARGATE_PROFILE_ROLE_ARN="<fargate profile role arn>"
PROJECT_NAME="<project name>"
REGION="<region>"
aws eks create-fargate-profile \
--fargate-profile-name $FARGATE_PROFILE_NAME \
--cluster-name $CLUSTER_NAME \
--pod-execution-role-arn $FARGATE_PROFILE_ROLE_ARN \
--subnets <subnets> <subnets> \
--selectors namespace=<namespace> namespace=<namespace> `
--tags project=$PROJECT_NAME \
--region $REGION
$CLUSTER_NAME="<cluster name>"
$FARGATE_PROFILE_NAME="<fargate profile name>"
$FARGATE_PROFILE_ROLE_ARN="<fargate profile role arn>"
$PROJECT_NAME="<project name>"
$REGION="<region>"
aws eks create-fargate-profile `
--fargate-profile-name $FARGATE_PROFILE_NAME `
--cluster-name $CLUSTER_NAME `
--pod-execution-role-arn $FARGATE_PROFILE_ROLE_ARN `
--subnets <subnets> <subnets> `
--selectors namespace=<namespace> namespace=<namespace> `
--tags project=$PROJECT_NAME `
--region $REGION
Note
If you want to create tag, use this parameter.
If you want to use label selector with namespace, use this parameter.
Using eksctl
Warning
If you use eksctl, you cannot choose pod execution role.
Patch CoreDNS
Note
If you want to only run your pods on Fargate in your cluster, complete the following steps.