Skip to main content

Overview

This guide walks you through the initial setup and prerequisites needed to deploy the GovTech Multicloud Platform to AWS using Terraform and Kubernetes (EKS).

Prerequisites

Required Tools

Ensure the following tools are installed and configured:
1

Install AWS CLI

Download and install the AWS CLI:
# macOS
brew install awscli

# Linux
curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install
Verify installation:
aws --version
2

Install Terraform

Install Terraform version 1.5.0 or higher:
# macOS
brew install terraform

# Linux
wget https://releases.hashicorp.com/terraform/1.5.0/terraform_1.5.0_linux_amd64.zip
unzip terraform_1.5.0_linux_amd64.zip
sudo mv terraform /usr/local/bin/
Verify installation:
terraform version
# Should show: Terraform v1.5.0 or higher
3

Install kubectl

Install kubectl for Kubernetes cluster management:
# macOS
brew install kubectl

# Linux
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl
sudo mv kubectl /usr/local/bin/
Verify installation:
kubectl version --client

AWS Account Setup

1

Configure AWS Credentials

Configure your AWS credentials with appropriate permissions:
aws configure
Enter your AWS credentials:
  • AWS Access Key ID
  • AWS Secret Access Key
  • Default region: us-east-1
  • Default output format: json
2

Verify AWS Access

Verify your AWS account access:
aws sts get-caller-identity
This should return your account ID, user ARN, and user ID.
3

Create S3 Bucket for Terraform State

Create an S3 bucket to store Terraform state (replace account ID):
aws s3 mb s3://govtech-terraform-state-<YOUR_ACCOUNT_ID> --region us-east-1

# Enable versioning
aws s3api put-bucket-versioning \
  --bucket govtech-terraform-state-<YOUR_ACCOUNT_ID> \
  --versioning-configuration Status=Enabled

# Enable encryption
aws s3api put-bucket-encryption \
  --bucket govtech-terraform-state-<YOUR_ACCOUNT_ID> \
  --server-side-encryption-configuration '{
    "Rules": [{
      "ApplyServerSideEncryptionByDefault": {
        "SSEAlgorithm": "AES256"
      }
    }]
  }'

IAM Permissions

Your AWS user or role needs the following permissions:
  • VPC: Create and manage VPCs, subnets, route tables, internet gateways, NAT gateways
  • EKS: Create and manage EKS clusters and node groups
  • EC2: Create and manage EC2 instances, security groups, key pairs
  • RDS: Create and manage RDS instances, subnet groups, parameter groups
  • S3: Create and manage S3 buckets
  • IAM: Create and manage IAM roles, policies, OIDC providers
  • KMS: Create and manage KMS keys
  • ECR: Create and manage ECR repositories
  • CloudTrail: Create and manage CloudTrail trails
  • GuardDuty: Enable and manage GuardDuty
  • WAF: Create and manage WAF web ACLs
For production deployments, use IAM roles with least privilege access. Avoid using root account credentials.

Environment Variables

Set up required environment variables: 
# AWS Configuration
export AWS_REGION=us-east-1
export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)

# Database Password (use a secure password manager)
export TF_VAR_db_password="your-secure-password-here"

# Add to your ~/.bashrc or ~/.zshrc for persistence
echo 'export AWS_REGION=us-east-1' >> ~/.bashrc
Never commit the db_password to version control. Use environment variables, AWS Secrets Manager, or a secure secret management solution.

Project Structure

Understand the project structure before deployment: 
platform/
├── terraform/
│   ├── main.tf                    # Main Terraform configuration
│   ├── variables.tf               # Variable definitions
│   ├── modules/
│   │   ├── networking/            # VPC, subnets, gateways
│   │   ├── kubernetes-cluster/    # EKS cluster and node groups
│   │   ├── database/              # RDS PostgreSQL
│   │   ├── storage/               # S3 buckets
│   │   └── security/              # WAF, KMS, GuardDuty, CloudTrail
│   └── environments/
│       ├── dev/                   # Dev environment config
│       ├── staging/               # Staging environment config
│       └── prod/                  # Production environment config
└── kubernetes/
    ├── deploy.sh                  # Deployment script
    ├── namespace.yaml             # Namespace with security policies
    ├── configmap.yaml             # Application configuration
    ├── backend/                   # Backend deployment manifests
    ├── frontend/                  # Frontend deployment manifests
    ├── database/                  # PostgreSQL StatefulSet
    └── ingress/                   # AWS ALB Ingress

Pre-Deployment Checklist

Before deploying, verify:
  • AWS CLI installed and configured
  • Terraform >= 1.5.0 installed
  • kubectl installed
  • Git installed
  • AWS credentials configured
  • Correct AWS region selected (us-east-1)
  • IAM permissions verified
  • S3 bucket for Terraform state created
  • Environment variables set
  • Database password generated (secure)
  • Environment selected (dev/staging/prod)
  • No CIDR conflicts with existing VPCs
  • Sufficient IP addresses in chosen CIDR ranges
  • DNS resolution working

Next Steps

Once prerequisites are complete, proceed to:
  1. Terraform Configuration - Set up infrastructure
  2. Kubernetes Deployment - Deploy applications
  3. Environments - Understand environment differences

Troubleshooting

AWS CLI Not Found

If you see aws: command not found: 
# Add AWS CLI to PATH
export PATH=$PATH:/usr/local/bin

Terraform Version Mismatch

If Terraform version is too old: 
# Check current version
terraform version

# Upgrade to latest
brew upgrade terraform  # macOS

kubectl Connection Issues

If kubectl cannot connect to cluster: 
# Update kubeconfig
aws eks update-kubeconfig --name govtech-dev --region us-east-1

# Verify connection
kubectl cluster-info

Support

For additional help:

Build docs developers (and LLMs) love

Get started for freeTalk to us