Absolutely, deploying the AWS Load Balancer Controller (ALB Controller) in production via Terraform is now a very common, robust, and recommended practice. There are official Terraform modules and documented best practices from both AWS and the broader Kubernetes community.
Below are best practices, links to official code, and step-by-step pointers for production-ready deployments.
🟢 Best Practices for Deploying AWS Load Balancer Controller with Terraform
1. Use EKS Blueprints / Official Terraform Modules
- AWS and the community maintain official Terraform modules:
- These modules often provide optional integrations for ALB Controller, IAM roles, and Helm charts.
2. IAM OIDC Setup is Required
- ALB Controller needs IAM permissions via an IRSA (IAM Roles for Service Accounts) role.
- Terraform should:
- Enable OIDC provider on your EKS cluster.
- Create a service account mapped to the right IAM role with policies from official AWS documentation.
3. Deploy via Helm Chart Using Terraform
- The controller is shipped as a Helm chart.
- Use Terraform Helm provider to deploy.
🔗 Official Code and Reference Examples
1. AWS Official Example (Terraform Registry)
- AWS Official Example for ALB Controller:
- AWS Docs: Deploy ALB Controller with Terraform
2. AWS EKS Blueprints Module
- aws-ia/terraform-aws-eks-blueprints supports ALB Controller as an add-on.
3. Community Examples
🏆 Recommended High-Level Steps
(You can use the example links above for copy-pasteable code!)
- Enable OIDC for EKS Cluster:
module "eks" {
source = "terraform-aws-modules/eks/aws"
...
enable_irsa = true
}
Code language: JavaScript (javascript)- Create IAM Role & Policy for ALB Controller:
- Use the official AWS managed policy.
module "alb_irsa_role" {
source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
...
role_name = "alb-ingress-controller"
policy_arns = [
"arn:aws:iam::aws:policy/AWSLoadBalancerControllerIAMPolicy"
]
...
}Code language: JavaScript (javascript)- Deploy the Helm Chart using Terraform:
resource "helm_release" "aws_load_balancer_controller" {
name = "aws-load-balancer-controller"
repository = "https://aws.github.io/eks-charts"
chart = "aws-load-balancer-controller"
namespace = "kube-system"
version = "1.8.2" # check for latest version
set {
name = "clusterName"
value = module.eks.cluster_name
}
set {
name = "serviceAccount.create"
value = false
}
set {
name = "serviceAccount.name"
value = module.alb_irsa_role.service_account_name
}
set {
name = "region"
value = var.aws_region
}
set {
name = "vpcId"
value = module.eks.vpc_id
}
}
- Check Outputs and Validate Controller is Running
🚀 Quick-Start Official Template
Best Reference:
Clone and use as a baseline!
⚡️ Summary Table
| Step | Official Resource/Reference |
|---|---|
| EKS Module | terraform-aws-modules/eks |
| ALB IAM Role | IAM Role Module |
| Helm Chart | AWS EKS Charts – ALB Controller |
| End-to-End Example | load_balancer_controller example |
Let me know if you want:
- Complete, ready-to-use Terraform code block for your setup
- Additional hardening/production tips
- Steps to validate or troubleshoot deployment
- Guidance for multi-cluster, multi-region, or CI/CD pipeline integration
Example: Deploying AWS Load Balancer Controller Using AWS EKS Blueprints Addons Module
The AWS EKS Blueprints Addons Terraform module provides a streamlined, production-ready way to deploy the AWS Load Balancer Controller into your EKS cluster. Below is a practical example and key configuration points.
1. Module Configuration Example
textmodule "eks_blueprints_addons" {
source = "aws-ia/eks-blueprints-addons/aws"
version = "~> 1.0"
cluster_name = module.eks.cluster_name
cluster_endpoint = module.eks.cluster_endpoint
cluster_version = module.eks.cluster_version
oidc_provider_arn = module.eks.oidc_provider_arn
vpc_id = module.vpc.vpc_id
tags = local.tags
enable_aws_load_balancer_controller = true
aws_load_balancer_controller = {
set = [
{
name = "vpcId"
value = module.vpc.vpc_id
},
{
name = "podDisruptionBudget.maxUnavailable"
value = 1
},
{
name = "resources.requests.cpu"
value = "100m"
},
{
name = "resources.requests.memory"
value = "128Mi"
}
// Add more Helm chart values as needed
]
}
}
- Note: Replace
module.eks.*andmodule.vpc.*with your actual EKS and VPC module outputs.
2. Key Points
- IAM Roles for Service Accounts (IRSA):
The module is designed to work with IRSA, ensuring secure permissions for the controller. - Helm Chart Customization:
Theaws_load_balancer_controllerblock allows you to pass Helm values for production tuning (e.g., resource requests, pod disruption budgets, webhook settings). - CRD Management:
The module manages all required CustomResourceDefinitions (CRDs) automatically. - Version Pinning:
Always pin the module and Helm chart versions for stability.
3. Validation
After applying your Terraform configuration, validate the deployment:
textkubectl -n kube-system get pods | grep aws-load-balancer-controller
You should see running pods for the controller in the kube-system namespace1.
4. References
- Official AWS EKS Blueprints Addons Module Documentation
- AWS Load Balancer Controller Addon Usage Guide
- Production Example with Terraform
Summary:
This approach leverages AWS-supported modules for a robust, maintainable, and secure deployment of the AWS Load Balancer Controller in EKS, following best practices for production environments3.
I’m a DevOps/SRE/DevSecOps/Cloud Expert passionate about sharing knowledge and experiences. I have worked at Cotocus. I share tech blog at DevOps School, travel stories at Holiday Landmark, stock market tips at Stocks Mantra, health and fitness guidance at My Medic Plus, product reviews at TrueReviewNow , and SEO strategies at Wizbrand.
Do you want to learn Quantum Computing?
Please find my social handles as below;
Rajesh Kumar Personal Website
Rajesh Kumar at YOUTUBE
Rajesh Kumar at INSTAGRAM
Rajesh Kumar at X
Rajesh Kumar at FACEBOOK
Rajesh Kumar at LINKEDIN
Rajesh Kumar at WIZBRAND
