DevOps
Terraform for Bottlerocket OS on Amazon EKS
Provision Bottlerocket OS Kubernetes nodes with Terraform on Amazon EKS: managed node groups, custom AMIs, settings, and automated updates.
1 min read
DevOps
Provision EKS Auto Mode with Terraform: Simplified Kubernetes on AWS
Provision AWS EKS Auto Mode with Terraform. Automated node management, built-in Karpenter, pod identity, and comparison with standard EKS managed node groups.
LLuca Berton2 min read
EKS Auto Mode is AWS's answer to "Kubernetes is too complicated." It automates node management, scaling, networking, and security patching — you just define your cluster and deploy workloads. No managed node groups, no Karpenter configuration, no AMI updates.
EKS Auto Mode vs Standard EKS
#| Feature | Standard EKS | EKS Auto Mode |
|---|---|---|
| Node management | You manage (node groups) | AWS manages automatically |
| Scaling | Configure Karpenter/CAS | Built-in, automatic |
| AMI updates | Manual or automation | Automatic |
| Security patches | Your responsibility | AWS handles it |
| Instance selection | You choose | AWS selects optimal instances |
| Networking | Install VPC CNI plugin | Built-in |
| Pod identity | Configure IRSA/Pod Identity | Built-in |
| Cost | EKS + EC2 | EKS + Auto Mode compute (slight premium) |
| Control | Full | Less (AWS decides instance types, patches) |
| Terraform complexity | ~100 lines | ~30 lines |
Basic EKS Auto Mode Cluster
#resource "aws_eks_cluster" "main" {
name = "production"
role_arn = aws_iam_role.cluster.arn
version = "1.31"
vpc_config {
subnet_ids = var.private_subnet_ids
endpoint_private_access = true
endpoint_public_access = true
security_group_ids = [aws_security_group.cluster.id]
}
# Enable Auto Mode
compute_config {
enabled = true
node_pools = ["general-purpose"]
node_role_arn = aws_iam_role.node.arn
}
kubernetes_network_config {
elastic_load_balancing {
enabled = true
}
}
storage_config {
block_storage {
enabled = true
}
}
tags = {
Environment = var.environment
}
depends_on = [
aws_iam_role_policy_attachment.cluster_policy,
aws_iam_role_policy_attachment.compute_policy,
aws_iam_role_policy_attachment.block_storage_policy,
aws_iam_role_policy_attachment.lb_policy,
aws_iam_role_policy_attachment.networking_policy,
]
}IAM Roles
#Cluster Role
#resource "aws_iam_role" "cluster" {
name = "eks-cluster-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Principal = { Service = "eks.amazonaws.com" }
Action = "sts:AssumeRole"
}]
})
}
resource "aws_iam_role_policy_attachment" "cluster_policy" {
role = aws_iam_role.cluster.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
}
resource "aws_iam_role_policy_attachment" "compute_policy" {
role = aws_iam_role.cluster.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSComputePolicy"
}
resource "aws_iam_role_policy_attachment" "block_storage_policy" {
role = aws_iam_role.cluster.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy"
}
resource "aws_iam_role_policy_attachment" "lb_policy" {
role = aws_iam_role.cluster.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy"
}
resource "aws_iam_role_policy_attachment" "networking_policy" {
role = aws_iam_role.cluster.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy"
}Node Role
#resource "aws_iam_role" "node" {
name = "eks-auto-node-role"
assume_role_policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Effect = "Allow"
Principal = { Service = "ec2.amazonaws.com" }
Action = "sts:AssumeRole"
}]
})
}
resource "aws_iam_role_policy_attachment" "node_worker" {
role = aws_iam_role.node.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy"
}
resource "aws_iam_role_policy_attachment" "node_ecr" {
role = aws_iam_role.node.name
policy_arn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly"
}Custom Node Pools
#Auto Mode includes a general-purpose node pool by default. Add custom pools for specific workloads:
resource "aws_eks_node_pool" "gpu" {
cluster_name = aws_eks_cluster.main.name
node_pool_name = "gpu-workloads"
node_role_arn = aws_iam_role.node.arn
node_pool_config {
node_class = "gpu" # GPU-enabled instances
}
}
resource "aws_eks_node_pool" "high_memory" {
cluster_name = aws_eks_cluster.main.name
node_pool_name = "high-memory"
node_role_arn = aws_iam_role.node.arn
node_pool_config {
node_class = "high-memory"
}
}VPC Requirements
#resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
enable_dns_hostnames = true
enable_dns_support = true
}
resource "aws_subnet" "private" {
count = 3
vpc_id = aws_vpc.main.id
cidr_block = cidrsubnet("10.0.0.0/16", 8, count.index)
availability_zone = data.aws_availability_zones.available.names[count.index]
tags = {
"kubernetes.io/role/internal-elb" = "1"
}
}
resource "aws_subnet" "public" {
count = 3
vpc_id = aws_vpc.main.id
cidr_block = cidrsubnet("10.0.0.0/16", 8, count.index + 100)
availability_zone = data.aws_availability_zones.available.names[count.index]
map_public_ip_on_launch = true
tags = {
"kubernetes.io/role/elb" = "1"
}
}EKS Auto Mode vs Karpenter
#| Feature | Karpenter | EKS Auto Mode |
|---|---|---|
| Setup | Install Helm chart, configure NodePool CRDs | Enable flag on cluster |
| Configuration | Full control (instance types, taints, limits) | AWS-managed defaults |
| Instance selection | You define constraints | AWS optimizes automatically |
| Spot support | ✅ Configurable | ✅ Automatic |
| Consolidation | Configurable | Automatic |
| AMI management | Custom AMI families | AWS-managed |
| Cost visibility | Detailed per-NodePool | Aggregate |
| Learning curve | Moderate | Minimal |
| Best for | Teams wanting fine control | Teams wanting simplicity |
When to Use Auto Mode
#- New clusters with standard workloads
- Teams without dedicated Kubernetes platform engineers
- Environments where operational simplicity > cost optimization
- Dev/staging environments
When to Stick with Karpenter
#- Need fine-grained instance selection (GPU types, ARM, Spot percentage)
- Complex scheduling requirements (taints, affinities per workload)
- Cost optimization is critical (custom consolidation policies)
- Already running Karpenter and happy with it
Hands-On Courses
#- Terraform for Beginners on CopyPasteLearn
- Terraform By Example — practical code examples
Conclusion
#EKS Auto Mode simplifies Kubernetes on AWS to its minimum: create a cluster, deploy workloads, and AWS handles node management, scaling, patching, and networking. The Terraform configuration drops from ~100 lines (standard EKS + node groups + Karpenter) to ~30 lines. The tradeoff is less control over instance selection and scaling behavior. For teams who don't have dedicated platform engineers, Auto Mode is the right choice in 2026.
#Terraform#AWS#EKS#Kubernetes#DevOps
Related articles
DevOps
Amazon Linux 2 End of Life 2026: What AWS Users Need to Do
Amazon Linux 2 reaches end of life June 30, 2026. Migrate EC2 instances, Lambda runtimes, and ECS containers to Amazon Linux 2023 before the deadline using
4 min read
Terraform
Terraform on AWS: A Complete Beginner's Guide
A beginner-friendly Terraform AWS guide with provider setup, S3 bucket, EC2 instance, VPC networking, remote state, and best practices for safe deployments.
3 min read
Cloud Computing
AWS WAF Web Application Firewall with Terraform
Protect your applications with AWS WAF rules managed by Terraform — rate limiting, IP blocking, and SQL injection prevention.
2 min read