Skip to content

Instantly share code, notes, and snippets.

@misskecupbung
Last active May 3, 2024 02:08
Show Gist options
  • Save misskecupbung/19cd90ff7c087ee220bedab6d62e05c7 to your computer and use it in GitHub Desktop.
Save misskecupbung/19cd90ff7c087ee220bedab6d62e05c7 to your computer and use it in GitHub Desktop.
AWS Network Firewall + Multi-Cluster Amazon EKS

AWS Network Firewall + Multi Cluster Amazon EKS

VPC

  • Go to https://console.aws.amazon.com/ .
  • In a search bar > VPC
  • Go to Your VPC > Create VPC
  • Fill the appropriate values such as :
    • Name
    • IPv4 CIDR
    • Number of Availability Zones (AZs)
    • Number of public subnets
    • Number of private subnets
    • NAT gateways
    • Enable DNS hostnames
    • Enable DNS resolution
  • Click on Create VPC

VPC Peering

  • Go to VPC Dashboard
  • Go to Peering connections
  • Click Create peering connection
  • Fill the appropriate values, such as:
    • Name
    • VPC ID (Requester)
    • Account
    • Region
    • VPC ID (Accepter)
  • Click on Create peering connection

AWS Network Firewall

  • Go to VPC Dashboard
  • Go to Network Firewall > Firewalls
  • Click on Create firewall
  • Fill the appropriate values, such as:
    • Firewall name
    • Description - optional
    • VPC
    • Firewall subnets (Availability Zone, Subnet, IP address type)
    • Delete protection
    • Subnet change protection
    • Customer managed key > enable if needed
    • Firewall policy
      • Create and associate an empty firewall policy
      • New firewall policy name
      • Description - optional
      • Rule evaluation order
      • Drop action
      • Alert action
  • Review and create Firewall

EKS Cluster

  • Go to Elastic Kubernetes Service dashboard
  • Clusters > Add Cluster > Create
  • Fill the appropriate values, such as:
    • Name
    • Kubernetes version
    • Cluster service role
    • Cluster access > Allow cluster administrator access
    • Cluster authentication mode > EKS API and ConfigMap
    • Secrets encryption > enable if needed
    • Networking (select VPC, Subnet, Security groups, and Choose cluster IP address family)
    • Cluster endpoint access > Public and private
    • Control plane logging (API server, Audit, Authenticator, Controll Manager, Scheduler)
    • Select add-ons, choose the respective version
  • Review and create
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment