Create a Serverless AWS EKS Cluster using Pulumi

Create a Serverless AWS EKS Cluster using Pulumi (Photo by Ihor Dvoretskyi

Create a Serverless AWS EKS Cluster using Pulumi

This week at AWS Re:Invent 2019, Fargate support for the Elastic Kubernetes Service (EKS) was announced with general availability. Soon afterwards, compatibility with Pulumi was also announced. In this post we will create a serverless managed Kubernetes cluster from scratch in AWS in about 30 minutes.

If you haven’t set up Pulumi yet, I would recommend following the instructions here. Once you are done, follow the steps below!

Setting up the VPC

To begin with, let’s set up a VPC. For simple proof of concepts (such as the one that is outlined in this article) or testing environments, setting one up with a single NAT Gateway is okay, but it is not recommended for production. For production workloads, it’s recommended to use a NAT in each availability zone.

// Set up VPC with one NAT Gateway (not recommended for production)
const vpc = new awsx.ec2.Vpc("custom", {
    numberOfNatGateways: 1


Setting up the EKS Fargate Cluster

You may need to install the @pulumi/eks dependency. You can do this by running the following command:

npm install @pulumi/eks

Now let’s declare our Fargate-enabled EKS cluster and set it up in the VPC we created. Here’s the entire code so far:

import * as awsx from "@pulumi/awsx";
import * as eks from "@pulumi/eks";

// Set up VPC with one NAT Gateway (not recommended for production)
const vpc = new awsx.ec2.Vpc("custom", {
    numberOfNatGateways: 1

// Set up a Fargate-enabled EKS cluster
const cluster = new eks.Cluster("custom-cluster", {
    fargate: true,
    deployDashboard: false, // dashboard is deprecated
    publicSubnetIds: vpc.publicSubnetIds,
    privateSubnetIds: vpc.privateSubnetIds,

// Export the cluster's kubeconfig.
export const kubeconfig*** ***= cluster.kubeconfig;

Create the infrastructure by executing the command pulumi up. Don’t be discouraged if this takes a while. For me, the process of infrastructure being created took over 20 minutes, so feel free to make a coffee and come back.

Connecting to the Fargate Cluster

Now that we have our infrastructure up, we can begin performing operations on it. To do this, we need to set up our Kubernetes configuration. This is relatively easy — using the stack output, first export the kubeconfig as shown below:

pulumi stack output kubeconfig > kubeconfig.json

Next export the KUBECONFIG environment variable so we can access the cluster:


Finally try a test kubectl command:

kubectl get nodes

If it is successful, you should see something like this:

NAME                                   STATUS   ROLES    AGE   VERSION
fargate-ip-10-0-238-56.ec2.internal    Ready    <none>   14m   v1.14.8-eks
fargate-ip-10-0-243-200.ec2.internal   Ready    <none>   14m   v1.14.8-eks

Congratulations, you now have a Fargate-enabled AWS EKS cluster deployed in your VPC!

Using infrastructure as code, creating a scaleable, serverless container orchestration system in the cloud can be done with ease. These state-of-the-art technologies can help deploy cloud workloads with minimal management overhead in an amazingly short amount of setup time.

The information presented in this article is accurate as of December 6, 2019. Follow the ScaleSec blog for new articles and updates.

About ScaleSec

ScaleSec is a service-disabled, veteran-owned small business (SDVOSB) for cloud security and compliance that helps innovators meet the requirements of their most scrutinizing customers. We specialize in cloud security engineering and cloud compliance. Our team of experts guides customers through complex cloud security challenges, from foundations to implementation, audit preparation and beyond.

Get in touch!

Our Favorite AWS re:Invent Security Announcements

In this blog you will find a brief rundown of our favorite security announcements from the 2019 AWS re:Invent.

Next article

ScaleSec is a Cloud Security Alliance Member.
ScaleSec is a Cloud Security Alliance Trusted Cloud Consultant.
ScaleSec is a Better Business Bureau® Accredited Business.
ScaleSec is a PCI Security Standards Council Participating Organization.
ScaleSec is a service-disabled, veteran-owned small business (SDVOSB) for cloud security.
ScaleSec is a certified Veteran’s Business Enterprise™ (VBE) from the National Veteran Owned Business Association.

Here for you

Have questions? Leverage our expertise to help you meet your business goals with a strong security posture.

Join us

ScaleSec is a well-connected, fully remote team. We thrive in the great undocumented beyond. We’re hiring in most US metros.

Get in touch

Considering cloud? Want to optimize and transform your existing digital portfolio?
Reach out to us.

Gap Assessment

Get perspective. Address security comprehensively.

Prepare for compliance.

San Diego, CA 92120, United States


© 2023 ScaleSec. All rights reserved. | Privacy Policy