Search⌘ K
AI Features
Home
Courses
Master AWS Certified Developer – Associate (DVA-C02) Exam

Deploying a CI/CD Pipeline on EKS Using Terraform

Takes 150 mins

Amazon Elastic Kubernetes Service (EKS) offers a fully managed Kubernetes environment, making it easy to deploy, manage, and scale containerized applications. You’ll use Terraform to automate the setup of an EKS cluster and build a CI/CD pipeline that integrates infrastructure as code with continuous deployment.

In this Cloud Lab, you will create an S3 bucket using Terraform to store the necessary files to deploy a CI/CD pipeline on EKS. These files will create another S3 bucket to manage pipeline artifacts and deploy a custom VPC with public and private subnets for secure network traffic management. You will also set up an EKS cluster and node groups to provide the required compute resources. Following this, you will create an ECR repository to store the images used by the EKS cluster. The next step involves configuring a CI/CD pipeline with AWS CodePipeline and CodeBuild to automate builds, tests, and application deployments with each code change and update in the GitHub repository. Finally, you will deploy the infrastructure stored in the S3 bucket using AWS CloudShell.

After completing this Cloud Lab, you’ll have hands-on experience with Terraform for infrastructure automation, managing Kubernetes clusters on EKS, and creating automated CI/CD pipelines—valuable skills for any DevOps or cloud professional.

The following is the high-level architecture diagram of the infrastructure you’ll create in this Cloud Lab:

Automating the setup of an EKS cluster using Terraform
Automating the setup of an EKS cluster using Terraform

Why CI/CD matters for Kubernetes deployments

Kubernetes makes it easy to run containerized services, but it doesn’t solve the “delivery” problem by itself. Without CI/CD, teams end up deploying by hand, which is slow, inconsistent, and risky. CI/CD pipelines standardize how code moves from commit → build → test → deploy, reducing human error and making releases repeatable.

For Kubernetes specifically, CI/CD becomes the backbone for:

  • Shipping frequent changes safely.

  • Enforcing quality gates (tests, security scans, policy checks).

  • Promoting the same artifact across environments (dev → staging → prod).

  • Enabling rollback strategies when something breaks.

What Terraform adds to the picture

Terraform is a popular Infrastructure as Code (IaC) tool because it lets you define cloud infrastructure declaratively and version it alongside your application code. In a Kubernetes context, Terraform is often used to provision:

  • Networking and security primitives.

  • Kubernetes clusters and node capacity.

  • Supporting services (registries, secrets, storage, logging/monitoring).

The benefit isn’t just “automation.” It’s reproducibility: a new environment can be created consistently from the same configuration, and changes are reviewable through pull requests.

The common architecture: IaC, cluster, and pipeline

A practical, reusable model looks like this:

  • Provision infrastructure with IaC: Define EKS (or your cluster platform), networking, and permissions in Terraform so the environment can be recreated and audited.

  • Build and store container images: On each commit, a pipeline builds a container image, tags it predictably (often with a commit SHA), and pushes it to a registry.

  • Deploy to Kubernetes using GitOps or pipeline-based applies: Deployment can happen via:

    • Traditional “pipeline applies manifests/Helm” workflows, or

    • GitOps workflows (where the pipeline updates a repo and a controller reconciles the cluster)

Both approaches can be production-grade. The right choice depends on your team’s preferences around auditability, separation of duties, and operational model.

  • Promote and roll back safely: Healthy CI/CD setups include environment promotion (dev → staging → prod), rollout strategies (rolling, canary, blue/green), and fast rollback options. Kubernetes supports these patterns, but your pipeline is what makes them consistent.

What to pay attention to when you build CI/CD for EKS

A few practical design points matter more than people expect:

  • Secrets management: Avoid hardcoding credentials; use a managed secrets store and least-privilege access.

  • State management (Terraform): Store state safely (remote backend) and control who can apply changes.

  • Separation of infrastructure vs. app deploys: Many teams split pipelines so infra changes don’t block app releases.

  • Policy and security gates: Add linting, tests, dependency scanning, and container/image checks early.

What “good” looks like

A strong Kubernetes CI/CD setup should give you:

  • Repeatable environments created from code.

  • Automated deployments with clear logs and approvals.

  • Traceability from a deployment back to a commit.

  • Safe rollbacks and controlled promotions.

  • Consistent configuration across environments.

Once you have that foundation, you can layer on advanced practices like progressive delivery, automated performance testing, and full GitOps workflows.