Manage an Amazon EKS cluster - Amazon Step Functions
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Manage an Amazon EKS cluster

This sample project demonstrates how to use Step Functions and Amazon Elastic Kubernetes Service to create an Amazon EKS cluster with a node group, run a job on Amazon EKS, then examine the output. When finished, it removes the node groups and Amazon EKS cluster. This sample project creates the following:

  • An Amazon Elastic Kubernetes Service cluster

  • An SNS topic

  • Related Amazon Identity and Access Management (IAM) roles

For more information about Step Functions and Step Functions service integrations, see the following:

Note

This sample project may incur charges.

For new Amazon users, a free usage tier is available. On this tier, services are free below a certain level of usage. For more information about Amazon costs and the Free Tier, see Amazon EKS Pricing.

Create the State Machine and Provision Resources

  1. Open the Step Functions console and choose Create a state machine.

  2. Choose Run a sample project, and then choose Manage an Amazon EKS cluster.

    The state machine Code and Visual Workflow are displayed.

    
            Training model workflow.
  3. Choose Next.

    The Deploy resources page is displayed, listing the resources that will be created. For this sample project, the resources include:

    • A state machine

    • An Amazon EKS cluster

    • An SNS topic

    • Related IAM roles

  4. Choose Deploy Resources.

    Note

    It can take up to 25 minutes for these resources and related IAM permissions to be created. While the Deploy resources page is displayed, you can open the Stack ID link to see which resources are being provisioned.

Start a New Execution

  1. Open the Step Functions console.

  2. On the State machines page, choose the EKSClusterManagementStateMachine state machine that was created by the sample project, and then choose Start execution.

  3. On the New execution page, enter an execution name (optional), and then choose Start Execution.

  4. (Optional) To identify your execution, you can specify a name for it in the Name box. By default, Step Functions generates a unique execution name automatically.

    Note

    Step Functions allows you to create state machine, execution, and activity names that contain non-ASCII characters. These non-ASCII names don't work with Amazon CloudWatch. To ensure that you can track CloudWatch metrics, choose a name that uses only ASCII characters.

  5. (Optional) Go to the newly created state machine on the Step Functions Dashboard, and then choose New execution.

  6. When an execution is complete, you can select states on the Visual workflow and browse the Input and Output under Step details.

Example State Machine Code

The state machine in this sample project integrates with Amazon EKS by creating an Amazon EKS cluster and node group, and uses an SNS topic to return results.

Browse through this example state machine to see how Step Functions manages Amazon EKS clusters and node groups.

For more information about how Amazon Step Functions can control other Amazon services, see Using Amazon Step Functions with other services.

{ "Comment": "An example of the Amazon States Language for running Amazon EKS Cluster", "StartAt": "Create an EKS cluster", "States": { "Create an EKS cluster": { "Type": "Task", "Resource": "arn:aws:states:::eks:createCluster.sync", "Parameters": { "Name": "ExampleCluster", "ResourcesVpcConfig": { "SubnetIds": [ "subnet-0aacf887d9f00e6a7", "subnet-0e5fc41e7507194ab" ] }, "RoleArn": "arn:aws:iam::111122223333:role/StepFunctionsSample-EKSClusterManag-EKSServiceRole-ANPAJ2UCCR6DPCEXAMPLE" }, "Retry": [{ "ErrorEquals": [ "States.ALL" ], "IntervalSeconds": 30, "MaxAttempts": 2, "BackoffRate": 2 }], "ResultPath": "$.eks", "Next": "Create a node group" }, "Create a node group": { "Type": "Task", "Resource": "arn:aws:states:::eks:createNodegroup.sync", "Parameters": { "ClusterName": "ExampleCluster", "NodegroupName": "ExampleNodegroup", "NodeRole": "arn:aws:iam::111122223333:role/StepFunctionsSample-EKSClusterMan-NodeInstanceRole-ANPAJ2UCCR6DPCEXAMPLE", "Subnets": [ "subnet-0aacf887d9f00e6a7", "subnet-0e5fc41e7507194ab"] }, "Retry": [{ "ErrorEquals": [ "States.ALL" ], "IntervalSeconds": 30, "MaxAttempts": 2, "BackoffRate": 2 }], "ResultPath": "$.nodegroup", "Next": "Run a job on EKS" }, "Run a job on EKS": { "Type": "Task", "Resource": "arn:aws:states:::eks:runJob.sync", "Parameters": { "ClusterName": "ExampleCluster", "CertificateAuthority.$": "$.eks.Cluster.CertificateAuthority.Data", "Endpoint.$": "$.eks.Cluster.Endpoint", "LogOptions": { "RetrieveLogs": true }, "Job": { "apiVersion": "batch/v1", "kind": "Job", "metadata": { "name": "example-job" }, "spec": { "backoffLimit": 0, "template": { "metadata": { "name": "example-job" }, "spec": { "containers": [ { "name": "pi-20", "image": "perl", "command": [ "perl" ], "args": [ "-Mbignum=bpi", "-wle", "print '{ ' . '\"pi\": '. bpi(20) . ' }';" ] } ], "restartPolicy": "Never" } } } } }, "ResultSelector": { "status.$": "$.status", "logs.$": "$.logs..pi" }, "ResultPath": "$.RunJobResult", "Next": "Examine output" }, "Examine output": { "Type": "Choice", "Choices": [ { "And": [ { "Variable": "$.RunJobResult.logs[0]", "NumericGreaterThan": 3.141 }, { "Variable": "$.RunJobResult.logs[0]", "NumericLessThan": 3.142 } ], "Next": "Send expected result" } ], "Default": "Send unexpected result" }, "Send expected result": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "TopicArn": "arn:aws:sns:sa-east-1:111122223333:StepFunctionsSample-EKSClusterManagement123456789012-SNSTopic-ANPAJ2UCCR6DPCEXAMPLE", "Message": { "Input.$": "States.Format('Saw expected value for pi: {}', $.RunJobResult.logs[0])" } }, "ResultPath": "$.SNSResult", "Next": "Delete job" }, "Send unexpected result": { "Type": "Task", "Resource": "arn:aws:states:::sns:publish", "Parameters": { "TopicArn": "arn:aws:sns:sa-east-1:111122223333:StepFunctionsSample-EKSClusterManagement123456789012-SNSTopic-ANPAJ2UCCR6DPCEXAMPLE", "Message": { "Input.$": "States.Format('Saw unexpected value for pi: {}', $.RunJobResult.logs[0])" } }, "ResultPath": "$.SNSResult", "Next": "Delete job" }, "Delete job": { "Type": "Task", "Resource": "arn:aws:states:::eks:call", "Parameters": { "ClusterName": "ExampleCluster", "CertificateAuthority.$": "$.eks.Cluster.CertificateAuthority.Data", "Endpoint.$": "$.eks.Cluster.Endpoint", "Method": "DELETE", "Path": "/apis/batch/v1/namespaces/default/jobs/example-job" }, "ResultSelector": { "status.$": "$.ResponseBody.status" }, "ResultPath": "$.DeleteJobResult", "Next": "Delete node group" }, "Delete node group": { "Type": "Task", "Resource": "arn:aws:states:::eks:deleteNodegroup.sync", "Parameters": { "ClusterName": "ExampleCluster", "NodegroupName": "ExampleNodegroup" }, "Next": "Delete cluster" }, "Delete cluster": { "Type": "Task", "Resource": "arn:aws:states:::eks:deleteCluster.sync", "Parameters": { "Name": "ExampleCluster" }, "End": true } } }

For information about how to configure IAM when using Step Functions with other Amazon services, see IAM Policies for integrated services.

IAM Example

These example Amazon Identity and Access Management (IAM) policies generated by the sample project include the least privilege necessary to execute the state machine and related resources. We recommend that you include only those permissions that are necessary in your IAM policies.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "eks:CreateCluster" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "eks:DescribeCluster", "eks:DeleteCluster" ], "Resource": "arn:aws:eks:sa-east-1:111122223333:cluster/*" }, { "Effect": "Allow", "Action": "iam:PassRole", "Resource": [ "arn:aws:iam::111122223333:role/StepFunctionsSample-EKSClusterManag-EKSServiceRole-ANPAJ2UCCR6DPCEXAMPLE" ], "Condition": { "StringEquals": { "iam:PassedToService": "eks.amazonaws.com" } } } ] }
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "sns:Publish" ], "Resource": [ "arn:aws:sns:sa-east-1:111122223333:StepFunctionsSample-EKSClusterManagement123456789012-SNSTopic-ANPAJ2UCCR6DPCEXAMPLE" ] } ] }

For information about how to configure IAM when using Step Functions with other Amazon services, see IAM Policies for integrated services.