Cloud9 normally manages IAM credentials dynamically. This isn’t currently compatible with the EKS IAM authentication, so we will disable it and rely on the IAM role instead.
Return to your workspace and click the gear icon (in top right corner), or click to open a new tab and choose “Open Preferences”
Select AWS SETTINGS and turn off AWS managed temporary credentials
Close the Preferences tab
Copy and run (paste with Ctrl+P or CMD+P) the commands below.
Before running it, review what it does by reading through the comments.
# Update awscli
sudo pip install --upgrade awscli && hash -r
# Install jq command-line tool for parsing JSON, and bash-completion
sudo yum -y install jq gettext bash-completion moreutils
# Install yq for yaml processing
echo 'yq() {
docker run --rm -i -v "${PWD}":/workdir mikefarah/yq yq "$@"
}' | tee -a ~/.bashrc && source ~/.bashrc
# Verify the binaries are in the path and executable
for command in jq aws
do
which $command &>/dev/null && echo "$command in path" || echo "$command NOT FOUND"
done
# Remove existing credentials file.
rm -vf ${HOME}/.aws/credentials
# Set the ACCOUNT_ID and the region to work with our desired region
export AWS_REGION=$(curl -s 169.254.169.254/latest/dynamic/instance-identity/document | jq -r '.region')
test -n "$AWS_REGION" && echo AWS_REGION is "$AWS_REGION" || echo AWS_REGION is not set
# Validate that our IAM role is valid.
aws sts get-caller-identity --query Arn | grep BastionRole -q && echo "IAM role valid" || echo "IAM role NOT valid"
If the IAM role is not valid, DO NOT PROCEED. Go back and confirm the steps on this page.
Now we’ll start installing kubectl and set up our Cloud9 instance to be to connect to the pre-provisioned EKS cluster
Copy and run (paste with Ctrl+P or CMD+P) the commands below.
Before running it, review what it does by reading through the comments.
# Verify there is an EKS cluster already provisioned, the EKS cluster's name is basic-eks
aws eks list-clusters --region us-east-1
# Install kubectl binary
curl -o kubectl https://amazon-eks.s3.us-west-2.amazonaws.com/1.19.6/2021-01-05/bin/linux/amd64/kubectl
# Apply permission to execute binary
chmod +x ./kubectl
# Copy binary to PATH, which allows you to write kubectl commands in any folder
mkdir -p $HOME/bin && cp ./kubectl $HOME/bin/kubectl && export PATH=$HOME/bin:$PATH
#Verify kubectl is installed and can be executed
kubectl version
# Update the kubeconfig file and point to the Kube API server
aws eks update-kubeconfig --name basic-eks --region us-east-1
# Verify you are connected to EKS cluster
kubectl get pods --all-namespaces
If the pods cannot be listed, DO NOT PROCEED. Please reach out to AWS Event Staff or confirm the last few steps.