move node role creation to terraform

aws-samples · Oct 18, 2023 · 9ece6e3 · 9ece6e3
1 parent 12ee3f7
commit 9ece6e3
Show file tree

Hide file tree

Showing 2 changed files with 39 additions and 5 deletions.
diff --git a/manifests/modules/fundamentals/mng/.workshop/terraform/addon.tf b/manifests/modules/fundamentals/mng/.workshop/terraform/addon.tf
@@ -17,8 +17,36 @@ data "aws_subnets" "private" {
   }
 }
 
+resource "aws_iam_role" "spot_node" {
+  name = "${local.addon_context.eks_cluster_id}-spot-node"
+
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "ec2.amazonaws.com"
+        }
+      },
+    ]
+  })
+
+  managed_policy_arns = [
+    "arn:${local.addon_context.aws_partition_id}:iam::aws:policy/AmazonEKS_CNI_Policy",
+    "arn:${local.addon_context.aws_partition_id}:iam::aws:policy/AmazonEKSWorkerNodePolicy",
+    "arn:${local.addon_context.aws_partition_id}:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
+    "arn:${local.addon_context.aws_partition_id}:iam::aws:policy/AmazonSSMManagedInstanceCore"
+  ]
+
+  tags = local.tags
+}
+
 output "environment" {
   value = <<EOF
+export SPOT_NODE_ROLE="${aws_iam_role.spot_node.arn}"
 %{for index, id in data.aws_subnets.private.ids}
 export PRIMARY_SUBNET_${index + 1}=${id}
 %{endfor}

diff --git a/website/docs/fundamentals/managed-node-groups/spot/index.md b/website/docs/fundamentals/managed-node-groups/spot/index.md
@@ -3,6 +3,15 @@ title: Spot instances
 sidebar_position: 50
 ---
 
+:::tip Before you start
+Prepare your environment for this section.
+
+```bash timeout=600 wait=30
+$ prepare-environment fundamentals/mng
+```
+
+:::
+
 All of our existing compute nodes are using On-Demand capacity. However, there are multiple "[purchase options](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-purchasing-options.html)" available to EC2 customers for running their EKS workloads.
 
 A Spot Instance uses spare EC2 capacity that is available for less than the On-Demand price. Because Spot Instances enable you to request unused EC2 instances at steep discounts, you can lower your Amazon EC2 costs significantly. The hourly price for a Spot Instance is called a Spot price. The Spot price of each instance type in each Availability Zone is set by Amazon EC2, and is adjusted gradually based on the long-term supply of and demand for Spot Instances. Your Spot Instance runs whenever capacity is available.
@@ -43,16 +52,13 @@ In the below diagram, there are two separate "node groups" representing the mana
 
 ![spot arch](../assets/managed-spot-arch.png)
 
-Let's create a node group with Spot instances. The following command executes two steps:
-1. Set an environment variable with the same node role we used for the `default` node group.
-2. Create a new node group `managed-spot` with our existing node role and subnets, and specify the instance types, capacity type, and scaling config for our new spot node group.
+Let's create a node group with Spot instances. The following command creates a new node group `managed-spot`.
 
 ```bash wait=30
-$ export MANAGED_NODE_GROUP_IAM_ROLE_ARN=`aws eks describe-nodegroup --cluster-name eks-workshop --nodegroup-name default | jq -r .nodegroup.nodeRole`
 $ aws eks create-nodegroup \
 --cluster-name $EKS_CLUSTER_NAME \
 --nodegroup-name managed-spot \
---node-role $MANAGED_NODE_GROUP_IAM_ROLE_ARN \
+--node-role $SPOT_NODE_ROLE \
 --subnets $PRIMARY_SUBNET_1 $PRIMARY_SUBNET_2 $PRIMARY_SUBNET_3 \
 --instance-types m5.large m5d.large m5a.large m5ad.large m5n.large m5dn.large \
 --capacity-type SPOT \