The Complete Guide to Production EKS with Terraform

Source: Dev.to

Overview

Production‑ready EKS deployment with Terraform — Karpenter autoscaling, self‑healing nodes, pod security standards, and multi‑AZ high availability.

EKS is the most popular managed Kubernetes service, but many production deployments are dangerously under‑configured: missing node auto‑remediation, no pod security standards, manual scaling, and more. This guide covers everything you need for a production‑grade EKS cluster.

Feature Comparison

Terraform Module Example

module "eks" {
  source = "github.com/kogunlowo123/terraform-aws-auto-healing-eks"

  cluster_name    = "production-cluster"
  cluster_version = "1.29"
  vpc_id          = module.vpc.vpc_id
  subnet_ids      = module.vpc.private_subnet_ids

  node_groups = [{
    name            = "general"
    instance_types = ["m6i.xlarge", "m6i.2xlarge"]
    min_size        = 3
    max_size        = 20
    desired_size    = 5
  }]

  enable_karpenter                = true
  enable_cluster_autoscaler       = false  # Use Karpenter instead
  enable_node_termination_handler = true
  enable_auto_remediation         = true
}

Best Practices

• Use Karpenter instead of the Cluster Autoscaler for faster scaling and better bin‑packing.
• Enable Pod Disruption Budgets for every production workload.
• Deploy the Node Termination Handler to gracefully shut down Spot instances.
• Implement Network Policies with Calico or Cilium.
• Enable Control Plane Logging to CloudWatch.
• Use IRSA (IAM Roles for Service Accounts) rather than node‑level IAM permissions.

Related Terraform Modules

• terraform-aws-auto-healing-eks — Self‑healing EKS.
• terraform-aws-eks — Standard EKS module.
• terraform-aws-vpc-complete — VPC for EKS.

Full guide: