Provision EKS cluster with Terraform and Cloudify

Igor Zhivilo
5 min readFeb 10, 2022


In the previous two posts, we discussed how to run Terraform on Cloudify Manager using different options, how to create a blueprint and make it generic.

In this article, we will focus on how to provision the Kubernetes cluster (EKS).

What you’ll learn

In this article, we will go through examples of how to provision EKS cluster with Terraform template on Cloudify Manager.


You’ll need to have the following setup on your development machine.

Git — To work with our tutorial examples

Python 3.7 — To run Cloudify CLI (cfy)

Docker — To run Cloudify Manager container

AWS access key id and secret access key with permissions to provision EKS cluster. You can follow the AWS documentation on how to get those in the link

What is Cloudify?

Cloudify is an open source, multi-cloud orchestration platform featuring a unique ‘Environment as a Service’ technology that has the power to connect, automate and manage new & existing infrastructure and networking environments of entire application pipelines. Using Cloudify, DevOps teams (& infrastructure & operations groups) can effortlessly make a swift transition to public cloud and cloud-native architecture, and have a consistent way to manage all private & public environments. Cloudify is driven by a multidisciplinary team of industry experts and hero-talent.

Let’s Start

How to install Cloudify locally?

Running locally Cloudify Manager is very easy. You’ll need to install locally on your machine docker and run on it Cloudify Manager Community edition container.

To run Cloudify Manager Community edition simply run the following command. You might wait some time until the application is fully up and running

$ sudo docker run --name cfy_manager_local -d --restart unless-stopped -v /sys/fs/cgroup:/sys/fs/cgroup:ro --tmpfs /run --tmpfs /run/lock --security-opt seccomp:unconfined --cap-add SYS_ADMIN -p 80:80 -p 8000:8000 cloudifyplatform/community-cloudify-manager-aio:6.2.0

Need to wait a couple of minutes till application deployment is completed, you can observe the logs with docker

$ docker ps # to get ID of cloudify_container_id
$ docker logs cloudify_container_id

Congratulations now you can browse to http://localhost and login with default user and password admin:admin

To install Cloudify to Kubernetes cluster

Read this documentation:

It can be as simple as running this helm chart

$ helm repo add cloudify-helm$ helm install cloudify-manager-aio cloudify-helm/cloudify-manager-aio

Cloudify CLI installation

You have two ways to work with Cloudify Manager. You can work either with UI or CLI. In this article, we will work CLI.

To install Cloudify CLI run the following command:

$ pip install cloudify==6.1.0

Configure the CLI

$ cfy profiles use localhost -u admin -p admin$ cfy profiles set --manager-tenant default_tenant

Installing Plugins

Before we start we need to install AWS and Utilities Plugin

To simplify let’s upload all supported plugins

$ cfy plugins bundle-upload

Installing GIT

We referencing public git repo in our blueprint, to make it work container must have git installed inside of container

$ docker exec -it cloudify_container_id bash
$ sudo yum install git -y

Creating secrets for aws_access_key_id/aws_secret_access_key

$ cfy secrets create aws_access_key_id --secret-string YOUR_ACCESS_KEY_TO_AWS$ cfy secrets create aws_secret_access_key --secret-string YOUR_SECRET_ACCESS_KEY_TO_AWS

Terraform Template to provision EKS cluster

The terraform template has three files,,

For AWS authentication we use aws_access_key_id and aws_secret_access_key


provider "aws" {
region = "eu-west-2"
data "aws_eks_cluster" "cluster" {
name = module.eks.cluster_id
data "aws_eks_cluster_auth" "cluster" {
name = module.eks.cluster_id
provider "kubernetes" {
host = data.aws_eks_cluster.cluster.endpoint
cluster_ca_certificate = base64decode(
token = data.aws_eks_cluster_auth.cluster.token
load_config_file = false
data "aws_availability_zones" "available" {
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
version = "3.11.0"
name = "k8s-${var.cluster_name}-vpc"
cidr = ""
azs = data.aws_availability_zones.available.names
private_subnets = ["", ""]
public_subnets = ["", ""]
enable_nat_gateway = true
single_nat_gateway = true
enable_dns_hostnames = true
public_subnet_tags = {
"${var.cluster_name}" = "shared"
"" = "1"
private_subnet_tags = {
"${var.cluster_name}" = "shared"
"" = "1"
module "eks" {
source = "terraform-aws-modules/eks/aws"
version = "17.24.0"
cluster_name = "${var.cluster_name}"
cluster_version = "1.21"
subnets = module.vpc.private_subnets
vpc_id = module.vpc.vpc_id
write_kubeconfig = true
worker_groups = [
name = "ng-medium"
instance_type = "t3.medium"
asg_desired_capacity = 1
tags = [{
key = "instance-type"
value = "on-demand-medium"
propagate_at_launch = true
}, {
key = "os-type"
value = "linux"
propagate_at_launch = true

Run blueprint to provision EKS with Terraform and Cloudify Manager


terraform_template_location: terraform/tf_11_eks_provision/template
access_key: { get_secret: aws_access_key_id }
secret_key: { get_secret: aws_secret_access_key }
aws_region: eu-west-3

We use it to pull aws_access_key_id and aws_secret_access_key from secrets we created and to execute the blueprint which runs Terraform.

module_source is a reference to a git repo with terraform template

terraform_template_location is a relative path for a Terraform template inside of git repo

Execute blueprint on your local Cloudify manager using CLI

$ cfy apply -i inputs.yaml

AWS UI console -> check selected region selected is ‘eu-west-3’ region -> EKS -> Clusters


You can find all the code: blueprint | input.yaml | terraform templates in this public repository:

Thank you for reading this guide and trying our product!



Igor Zhivilo

I am DevOps/Software Engineer who loves to learn and experiment with new technologies.