Pre-requisites for EKS Clsuters Onboarding

Pre-requisites for EKS Clsuters Onboarding

For on-boarding EKS Clusters in Appranix, following are the pre-requisites,

Create S3 bucket

Appranix requires an object storage bucket to store backups in, unique to a single Kubernetes cluster.
Create an S3 bucket, replacing placeholders appropriately:

BUCKET=<YOUR_BUCKET>
REGION=<YOUR_REGION>
aws s3api create-bucket \
    --bucket $BUCKET \
    --region $REGION \
    --create-bucket-configuration LocationConstraint=$REGION

Create IAM user

  1. Create the IAM user:

    aws iam create-user --user-name <user-name>
    

    For backup of multiple clusters with multiple S3 buckets, create a unique username per cluster.

  2. Attach policies to give Appranix the necessary permissions:

    cat > appranix-policy.json <<EOF
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "ec2:DescribeVolumes",
                    "ec2:DescribeSnapshots",
                    "ec2:CreateTags",
                    "ec2:CreateVolume",
                    "ec2:CreateSnapshot",
                    "ec2:DeleteSnapshot"
                ],
                "Resource": "*"
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObject",
                    "s3:AbortMultipartUpload",
                    "s3:ListMultipartUploadParts"
                ],
                "Resource": [
                    "arn:aws:s3:::${BUCKET}/*"
                ]
            },
            {
                "Effect": "Allow",
                "Action": [
                    "s3:ListBucket"
                ],
                "Resource": [
                    "arn:aws:s3:::${BUCKET}"
                ]
            }
        ]
    }
    EOF
    
    aws iam put-user-policy \
      --user-name <user-name> \
      --policy-name <policy-name> \
      --policy-document file://appranix-policy.json
    
  3. Create an access key for the user:

    aws iam create-access-key --user-name <user-name>
    

    The result should look like:

    {
      "AccessKey": {
            "UserName": "<user-name>",
            "Status": "Active",
            "CreateDate": "2022-01-31T12:21:11.516Z",
            "SecretAccessKey": <AWS_SECRET_ACCESS_KEY>,
            "AccessKeyId": <AWS_ACCESS_KEY_ID>
      }
    }