EKS

AWS Elastic Kubernetes Service (EKS) is used to provide the compute requirements and network mesh required for Prefect.

The cluster infrastructure is provisioned through Terraform. A section is included in IAM regarding permissions required.

Terraform Cloud

There are two ways to configure Terraform Cloud. You can either use GitHub Actions as the executor and treat Terraform Cloud as a state-store (docs), or you can have Terraform Cloud act as both the executor and state-store (docs). We will use Terraform Cloud as both the executor and state-store. As such, pretty much everything is configured there, as opposed to in GitHub Actions. The Terraform Cloud execution mode should be set to Remote.

Create a new workspace for each environment, connect them to this GitHub repository, and then set the following variables:

AWS_ACCESS_KEY_ID - environment variable (sensitive) AWS_SECRET_ACCESS_KEY - environment variable (sensitive) env - Terraform variable - staging or prod prefect_cloud_account_id - Terraform variable prefect_cloud_workspace_id - Terraform variable prefect_cloud_api_key - Terraform variable (sensitive)

Node Size

Service performance has been tested and evaluated using node sides of c6a.2xlarge. This provides for 8vCPU's and 16GiB of memory, which is very performant in running Prefect.

Autoscaling

The EKS cluster comes provisioned by default with 3 nodes (c6a.2xlarge - 8vCPU, 16GiB). A cluster autoscaler module is additionally enabled to configure and scalue nodes to a defined maximum. Read more here for additional details and configuration.

IRSA

IAM Roles are created and attached to the cluster through Terraform to provision IAM Roles for Service Accounts. This permits granular IAM access to be assigned to the cluster for pod level objects and services.