{"id":49969,"date":"2025-07-07T02:03:34","date_gmt":"2025-07-07T02:03:34","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=49969"},"modified":"2025-07-07T13:10:36","modified_gmt":"2025-07-07T13:10:36","slug":"kubernetes-deploying-aws-load-balancer-controller-with-terraform","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/kubernetes-deploying-aws-load-balancer-controller-with-terraform\/","title":{"rendered":"Kubernetes: Deploying AWS Load Balancer Controller with Terraform"},"content":{"rendered":"\n<p>Absolutely, deploying the <strong>AWS Load Balancer Controller<\/strong> (ALB Controller) in production via <strong>Terraform<\/strong> is now a very common, robust, and recommended practice. There <strong>are official Terraform modules<\/strong> and documented best practices from both <strong>AWS<\/strong> and the broader Kubernetes community.<\/p>\n\n\n\n<p>Below are <strong>best practices, links to official code, and step-by-step pointers<\/strong> for production-ready deployments.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udfe2 <strong>Best Practices for Deploying AWS Load Balancer Controller with Terraform<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>Use EKS Blueprints \/ Official Terraform Modules<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>AWS and the community maintain official Terraform modules<\/strong>:\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/terraform-aws-modules\/terraform-aws-eks\" target=\"_blank\" rel=\"noopener\">terraform-aws-modules\/eks<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/github.com\/aws-ia\/terraform-aws-eks-blueprints\" target=\"_blank\" rel=\"noopener\">aws-ia\/terraform-aws-eks-blueprints<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>These modules often provide <strong>optional integrations<\/strong> for ALB Controller, IAM roles, and Helm charts.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>IAM OIDC Setup is Required<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>ALB Controller <strong>needs IAM permissions via an IRSA (IAM Roles for Service Accounts) role<\/strong>.<\/li>\n\n\n\n<li>Terraform should:\n<ul class=\"wp-block-list\">\n<li>Enable OIDC provider on your EKS cluster.<\/li>\n\n\n\n<li>Create a service account mapped to the right IAM role with policies from <a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/aws-load-balancer-controller.html#service-account\" target=\"_blank\" rel=\"noopener\">official AWS documentation<\/a>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>Deploy via Helm Chart Using Terraform<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The controller is shipped as a <a href=\"https:\/\/github.com\/aws\/eks-charts\/tree\/master\/stable\/aws-load-balancer-controller\" target=\"_blank\" rel=\"noopener\">Helm chart<\/a>.<\/li>\n\n\n\n<li>Use <a href=\"https:\/\/registry.terraform.io\/providers\/hashicorp\/helm\/latest\/docs\" target=\"_blank\" rel=\"noopener\">Terraform Helm provider<\/a> to deploy.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\udd17 <strong>Official Code and Reference Examples<\/strong><\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>AWS Official Example (Terraform Registry)<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong><a href=\"https:\/\/github.com\/terraform-aws-modules\/terraform-aws-eks\/blob\/master\/examples\/irsa\/main.tf\" target=\"_blank\" rel=\"noopener\">AWS Official Example<\/a><\/strong> for ALB Controller:\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/terraform-aws-modules\/terraform-aws-eks\/blob\/master\/examples\/irsa\/main.tf\" target=\"_blank\" rel=\"noopener\">Terraform-aws-eks\/examples\/irsa\/<\/a><\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong><a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/aws-load-balancer-controller.html#deploy-terraform\" target=\"_blank\" rel=\"noopener\">AWS Docs: Deploy ALB Controller with Terraform<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>AWS EKS Blueprints Module<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/aws-ia\/terraform-aws-eks-blueprints\" target=\"_blank\" rel=\"noopener\">aws-ia\/terraform-aws-eks-blueprints<\/a> supports ALB Controller as an add-on.<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>Community Examples<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/terraform-aws-modules\/terraform-aws-eks\/tree\/master\/examples\/load_balancer_controller\" target=\"_blank\" rel=\"noopener\">terraform-aws-modules\/eks\/examples\/load_balancer_controller<\/a><\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83c\udfc6 <strong>Recommended High-Level Steps<\/strong><\/h2>\n\n\n\n<p><strong>(You can use the example links above for copy-pasteable code!)<\/strong><\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Enable OIDC for EKS Cluster:<\/strong> <\/li>\n<\/ol>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\"><span class=\"hljs-built_in\">module<\/span> <span class=\"hljs-string\">\"eks\"<\/span> {\n  source          = <span class=\"hljs-string\">\"terraform-aws-modules\/eks\/aws\"<\/span>\n  ...\n  enable_irsa     = <span class=\"hljs-literal\">true<\/span>\n}\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Create IAM Role &amp; Policy for ALB Controller:<\/strong><ul><li>Use the <a href=\"https:\/\/docs.aws.amazon.com\/eks\/latest\/userguide\/aws-load-balancer-controller.html#service-account\" target=\"_blank\" rel=\"noopener\">official AWS managed policy<\/a>.<\/li><\/ul><\/li>\n<\/ol>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\"><span class=\"hljs-built_in\">module<\/span> <span class=\"hljs-string\">\"alb_irsa_role\"<\/span> {\n  source = <span class=\"hljs-string\">\"terraform-aws-modules\/iam\/aws\/\/modules\/iam-role-for-service-accounts-eks\"<\/span>\n  ...\n  role_name = <span class=\"hljs-string\">\"alb-ingress-controller\"<\/span>\n  policy_arns = &#91;\n    <span class=\"hljs-string\">\"arn:aws:iam::aws:policy\/AWSLoadBalancerControllerIAMPolicy\"<\/span>\n  ]\n  ...\n}<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Deploy the Helm Chart using Terraform:<\/strong> <\/li>\n<\/ol>\n\n\n<pre class=\"wp-block-code\"><span><code class=\"hljs\">resource \"helm_release\" \"aws_load_balancer_controller\" {\n  name       = \"aws-load-balancer-controller\"\n  repository = \"https:\/\/aws.github.io\/eks-charts\"\n  chart      = \"aws-load-balancer-controller\"\n  namespace  = \"kube-system\"\n  version    = \"1.8.2\" # check for latest version\n\n  set {\n    name  = \"clusterName\"\n    value = module.eks.cluster_name\n  }\n\n  set {\n    name  = \"serviceAccount.create\"\n    value = false\n  }\n\n  set {\n    name  = \"serviceAccount.name\"\n    value = module.alb_irsa_role.service_account_name\n  }\n\n  set {\n    name  = \"region\"\n    value = var.aws_region\n  }\n\n  set {\n    name  = \"vpcId\"\n    value = module.eks.vpc_id\n  }\n}\n<\/code><\/span><\/pre>\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Check Outputs and Validate Controller is Running<\/strong><\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\ud83d\ude80 <strong>Quick-Start Official Template<\/strong><\/h2>\n\n\n\n<p><strong>Best Reference<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/terraform-aws-modules\/terraform-aws-eks\/tree\/master\/examples\/load_balancer_controller\" target=\"_blank\" rel=\"noopener\">terraform-aws-modules\/eks\/examples\/load_balancer_controller<\/a><\/li>\n<\/ul>\n\n\n\n<p>Clone and use as a baseline!<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">\u26a1\ufe0f <strong>Summary Table<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><thead><tr><th>Step<\/th><th>Official Resource\/Reference<\/th><\/tr><\/thead><tbody><tr><td>EKS Module<\/td><td><a href=\"https:\/\/github.com\/terraform-aws-modules\/terraform-aws-eks\" target=\"_blank\" rel=\"noopener\">terraform-aws-modules\/eks<\/a><\/td><\/tr><tr><td>ALB IAM Role<\/td><td><a href=\"https:\/\/github.com\/terraform-aws-modules\/iam\/tree\/master\/modules\/iam-role-for-service-accounts-eks\" target=\"_blank\" rel=\"noopener\">IAM Role Module<\/a><\/td><\/tr><tr><td>Helm Chart<\/td><td><a href=\"https:\/\/github.com\/aws\/eks-charts\/tree\/master\/stable\/aws-load-balancer-controller\" target=\"_blank\" rel=\"noopener\">AWS EKS Charts &#8211; ALB Controller<\/a><\/td><\/tr><tr><td>End-to-End Example<\/td><td><a href=\"https:\/\/github.com\/terraform-aws-modules\/terraform-aws-eks\/tree\/master\/examples\/load_balancer_controller\" target=\"_blank\" rel=\"noopener\">load_balancer_controller example<\/a><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Let me know if you want:<\/strong><\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Complete, ready-to-use Terraform code block for your setup<\/li>\n\n\n\n<li>Additional hardening\/production tips<\/li>\n\n\n\n<li>Steps to validate or troubleshoot deployment<\/li>\n\n\n\n<li>Guidance for multi-cluster, multi-region, or CI\/CD pipeline integration<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Example: Deploying AWS Load Balancer Controller Using AWS EKS Blueprints Addons Module<\/h2>\n\n\n\n<p>The <strong>AWS EKS Blueprints Addons<\/strong> Terraform module provides a streamlined, production-ready way to deploy the AWS Load Balancer Controller into your EKS cluster. Below is a practical example and key configuration points.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">1. Module Configuration Example<\/h2>\n\n\n\n<pre class=\"wp-block-preformatted\">text<code>module \"eks_blueprints_addons\" {\n  source  = \"aws-ia\/eks-blueprints-addons\/aws\"\n  version = \"~&gt; 1.0\"\n\n  cluster_name         = module.eks.cluster_name\n  cluster_endpoint     = module.eks.cluster_endpoint\n  cluster_version      = module.eks.cluster_version\n  oidc_provider_arn    = module.eks.oidc_provider_arn\n  vpc_id               = module.vpc.vpc_id\n  tags                 = local.tags\n\n  enable_aws_load_balancer_controller = true\n\n  aws_load_balancer_controller = {\n    set = [\n      {\n        name  = \"vpcId\"\n        value = module.vpc.vpc_id\n      },\n      {\n        name  = \"podDisruptionBudget.maxUnavailable\"\n        value = 1\n      },\n      {\n        name  = \"resources.requests.cpu\"\n        value = \"100m\"\n      },\n      {\n        name  = \"resources.requests.memory\"\n        value = \"128Mi\"\n      }\n      \/\/ Add more Helm chart values as needed\n    ]\n  }\n}\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Note:<\/strong> Replace <code>module.eks.*<\/code> and <code>module.vpc.*<\/code> with your actual EKS and VPC module outputs.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">2. Key Points<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>IAM Roles for Service Accounts (IRSA):<\/strong><br>The module is designed to work with IRSA, ensuring secure permissions for the controller.<\/li>\n\n\n\n<li><strong>Helm Chart Customization:<\/strong><br>The <code>aws_load_balancer_controller<\/code> block allows you to pass Helm values for production tuning (e.g., resource requests, pod disruption budgets, webhook settings).<\/li>\n\n\n\n<li><strong>CRD Management:<\/strong><br>The module manages all required CustomResourceDefinitions (CRDs) automatically.<\/li>\n\n\n\n<li><strong>Version Pinning:<\/strong><br>Always pin the module and Helm chart versions for stability.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">3. Validation<\/h2>\n\n\n\n<p>After applying your Terraform configuration, validate the deployment:<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">text<code>kubectl -n kube-system get pods | grep aws-load-balancer-controller\n<\/code><\/pre>\n\n\n\n<p>You should see running pods for the controller in the <code>kube-system<\/code> namespace<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/aws-ia.github.io\/terraform-aws-eks-blueprints-addons\/v1.13.0\/addons\/aws-load-balancer-controller\/\">1<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">4. References<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/aws-ia\/terraform-aws-eks-blueprints-addons\" target=\"_blank\" rel=\"noreferrer noopener\">Official AWS EKS Blueprints Addons Module Documentation<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/aws-ia.github.io\/terraform-aws-eks-blueprints-addons\/v1.13.0\/addons\/aws-load-balancer-controller\/\" target=\"_blank\" rel=\"noreferrer noopener\">AWS Load Balancer Controller Addon Usage Guide<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/spacelift.io\/blog\/bootstrap-complete-amazon-eks-clusters-with-eks-blueprints-for-terraform\" target=\"_blank\" rel=\"noreferrer noopener\">Production Example with Terraform<\/a><\/li>\n<\/ul>\n\n\n\n<p><strong>Summary:<\/strong><br>This approach leverages AWS-supported modules for a robust, maintainable, and secure deployment of the AWS Load Balancer Controller in EKS, following best practices for production environments<a rel=\"noreferrer noopener\" target=\"_blank\" href=\"https:\/\/aws-ia.github.io\/terraform-aws-eks-blueprints-addons\/v1.13.0\/addons\/aws-load-balancer-controller\/\">3<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Absolutely, deploying the AWS Load Balancer Controller (ALB Controller) in production via Terraform is now a very common, robust, and recommended practice. There are official Terraform modules and documented best&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-49969","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49969","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=49969"}],"version-history":[{"count":4,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49969\/revisions"}],"predecessor-version":[{"id":49973,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49969\/revisions\/49973"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=49969"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=49969"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=49969"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}