Upgrade & Secure Your Future with DevOps, SRE, DevSecOps, MLOps!

We spend hours scrolling social media and waste money on things we forget, but won’t spend 30 minutes a day earning certifications that can change our lives.
Master in DevOps, SRE, DevSecOps & MLOps by DevOpsSchool!

Learn from Guru Rajesh Kumar and double your salary in just one year.


Get Started Now!

Kubernetes: Deploying AWS Load Balancer Controller with Terraform

Absolutely, deploying the AWS Load Balancer Controller (ALB Controller) in production via Terraform is now a very common, robust, and recommended practice. There are official Terraform modules and documented best practices from both AWS and the broader Kubernetes community.

Below are best practices, links to official code, and step-by-step pointers for production-ready deployments.


🟢 Best Practices for Deploying AWS Load Balancer Controller with Terraform

1. Use EKS Blueprints / Official Terraform Modules

2. IAM OIDC Setup is Required

  • ALB Controller needs IAM permissions via an IRSA (IAM Roles for Service Accounts) role.
  • Terraform should:
    • Enable OIDC provider on your EKS cluster.
    • Create a service account mapped to the right IAM role with policies from official AWS documentation.

3. Deploy via Helm Chart Using Terraform


🔗 Official Code and Reference Examples

1. AWS Official Example (Terraform Registry)

2. AWS EKS Blueprints Module

3. Community Examples


🏆 Recommended High-Level Steps

(You can use the example links above for copy-pasteable code!)

  1. Enable OIDC for EKS Cluster:
module "eks" {
  source          = "terraform-aws-modules/eks/aws"
  ...
  enable_irsa     = true
}
Code language: JavaScript (javascript)
  1. Create IAM Role & Policy for ALB Controller:
module "alb_irsa_role" {
  source = "terraform-aws-modules/iam/aws//modules/iam-role-for-service-accounts-eks"
  ...
  role_name = "alb-ingress-controller"
  policy_arns = [
    "arn:aws:iam::aws:policy/AWSLoadBalancerControllerIAMPolicy"
  ]
  ...
}Code language: JavaScript (javascript)
  1. Deploy the Helm Chart using Terraform:
resource "helm_release" "aws_load_balancer_controller" {
  name       = "aws-load-balancer-controller"
  repository = "https://aws.github.io/eks-charts"
  chart      = "aws-load-balancer-controller"
  namespace  = "kube-system"
  version    = "1.8.2" # check for latest version

  set {
    name  = "clusterName"
    value = module.eks.cluster_name
  }

  set {
    name  = "serviceAccount.create"
    value = false
  }

  set {
    name  = "serviceAccount.name"
    value = module.alb_irsa_role.service_account_name
  }

  set {
    name  = "region"
    value = var.aws_region
  }

  set {
    name  = "vpcId"
    value = module.eks.vpc_id
  }
}
  1. Check Outputs and Validate Controller is Running

🚀 Quick-Start Official Template

Best Reference:

Clone and use as a baseline!


⚡️ Summary Table

StepOfficial Resource/Reference
EKS Moduleterraform-aws-modules/eks
ALB IAM RoleIAM Role Module
Helm ChartAWS EKS Charts – ALB Controller
End-to-End Exampleload_balancer_controller example

Let me know if you want:

  • Complete, ready-to-use Terraform code block for your setup
  • Additional hardening/production tips
  • Steps to validate or troubleshoot deployment
  • Guidance for multi-cluster, multi-region, or CI/CD pipeline integration

Example: Deploying AWS Load Balancer Controller Using AWS EKS Blueprints Addons Module

The AWS EKS Blueprints Addons Terraform module provides a streamlined, production-ready way to deploy the AWS Load Balancer Controller into your EKS cluster. Below is a practical example and key configuration points.

1. Module Configuration Example

textmodule "eks_blueprints_addons" {
  source  = "aws-ia/eks-blueprints-addons/aws"
  version = "~> 1.0"

  cluster_name         = module.eks.cluster_name
  cluster_endpoint     = module.eks.cluster_endpoint
  cluster_version      = module.eks.cluster_version
  oidc_provider_arn    = module.eks.oidc_provider_arn
  vpc_id               = module.vpc.vpc_id
  tags                 = local.tags

  enable_aws_load_balancer_controller = true

  aws_load_balancer_controller = {
    set = [
      {
        name  = "vpcId"
        value = module.vpc.vpc_id
      },
      {
        name  = "podDisruptionBudget.maxUnavailable"
        value = 1
      },
      {
        name  = "resources.requests.cpu"
        value = "100m"
      },
      {
        name  = "resources.requests.memory"
        value = "128Mi"
      }
      // Add more Helm chart values as needed
    ]
  }
}
  • Note: Replace module.eks.* and module.vpc.* with your actual EKS and VPC module outputs.

2. Key Points

  • IAM Roles for Service Accounts (IRSA):
    The module is designed to work with IRSA, ensuring secure permissions for the controller.
  • Helm Chart Customization:
    The aws_load_balancer_controller block allows you to pass Helm values for production tuning (e.g., resource requests, pod disruption budgets, webhook settings).
  • CRD Management:
    The module manages all required CustomResourceDefinitions (CRDs) automatically.
  • Version Pinning:
    Always pin the module and Helm chart versions for stability.

3. Validation

After applying your Terraform configuration, validate the deployment:

textkubectl -n kube-system get pods | grep aws-load-balancer-controller

You should see running pods for the controller in the kube-system namespace1.

4. References

Summary:
This approach leverages AWS-supported modules for a robust, maintainable, and secure deployment of the AWS Load Balancer Controller in EKS, following best practices for production environments3.

Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments

Certification Courses

DevOpsSchool has introduced a series of professional certification courses designed to enhance your skills and expertise in cutting-edge technologies and methodologies. Whether you are aiming to excel in development, security, or operations, these certifications provide a comprehensive learning experience. Explore the following programs:

DevOps Certification, SRE Certification, and DevSecOps Certification by DevOpsSchool

Explore our DevOps Certification, SRE Certification, and DevSecOps Certification programs at DevOpsSchool. Gain the expertise needed to excel in your career with hands-on training and globally recognized certifications.

0
Would love your thoughts, please comment.x
()
x