AWS - EKS EC2 One Connect Deployment Manual with Terraform

This manual provides step-by-step instructions for deploying an Amazon EKS (Elastic Kubernetes Service) cluster using Terraform. It includes the configuration of essential components such as AWS credentials, infrastructure provisioning, EBS CSI driver installation, and Kubernetes environment setup.

Make sure to click on the images to have a better view of the details.

Prerequisites

Before starting the deployment, you will need the following:

• Compressed folder: oneconnectEKSEC2.zip


• AWS credentials Command Line Interface Type (IAM user) :

1. Access Key ID
   
2. Secret Access Key
   
3. Generate your credentials HERE

• Region name where the deployment will take place (e.g., us-east-1)

• Required software (either pre-installed or with installation instructions):

  • Terraform

  • AWS CLI

  • kubectl

• Create an AWS key pair .pem (You will need the name of this Key pair)

1. Access to Docker Hub Login if using a private network (Docker Hub Token will be provided by the Onibex Team)

• Refer to the following sizing manual to identify your kubernetes sizing: Kubernetes Sizing

Step-by-Step Instructions

1. Initial Setup

1.1 Locate the project folder

Open your terminal and navigate to the directory that contains the Terraform files:

cd oneconnect-kubernetes 

1.2 Configure your AWS credentials

Run the following command:

aws configure

Then enter the following when prompted:

• Access Key ID

• Secret Access Key

• Default region name (must match your target deployment region)

• Output format: leave it blank (press Enter)
  

2. Terraform Initialization

Run the following command:

terraform init

• Wait for the process to complete (this may take a few minutes).

• Ensure there are no error messages in red before proceeding.
  

3. Deployment Plan Review

Generate an execution plan:

terraform plan

• Type the name of you create key pair when requested.

• Review the summary output — it should indicate how many resources will be created.

• If any error messages appear, stop the process and contact the technical team before continuing.
  

4. EKS Cluster Deployment

Run the deployment command:

terraform apply

1. Type the name of you create key pair when requested.

1. Type "yes" to confirm the deployment.
   

1. Wait for the process to finish — this may take 10–20 minutes.
   

1. Take note of any output displayed at the end, especially resource names or important URLs.
   

5. Accessing the AWS Console

Go to: https://console.aws.amazon.com

Navigate to Services > EKS > Clusters

Select your newly created cluster

Within the Cluster, click the Access tab

Select "Create access entry"

Select the IAM user who executed terraform apply (normally your logged-in user) and of standard type

On the next screen, select the following policies and click 'Add policy':

1. AmazonEKSAdminPolicy
   

1. AmazonEKSClusterAdminPolicy
   

Select the policy and click 'Add policy' for each one.
Then click 'Next'.

Finally, review that it has everything needed and click 'Create'.

6. kubectl Configuration

Update your kubectl configuration with the following command:

aws eks update-kubeconfig --region <your-region> --name <cluster-name>

(The command should appear in the output of the previous command)

Otherwise, replace:

REGION with the region where you created the cluster

Then verify the connection:

kubectl get nodes

If the connection is successful, you'll see a list of the nodes in your EKS cluster.

7. EBS CSI Driver Configuration

Retrieve Cluster Information

Run the following commands in your terminal:

# Get the OIDC URL for your cluster (replace "my-cluster" with your actual cluster name) aws eks describe-cluster --name SmartGatewayDemo --query "cluster.identity.oidc.issuer" --output text 

# Get your AWS Account ID aws sts get-caller-identity --query "Account" --output text

Take note of these values — you’ll need them in the next steps.

Edit the file named aws-ebs-csi-driver-trust-policy.json with this content using the command

nano aws-ebs-csi-driver-trust-policy.json 

Replace the following placeholders:

1. ACCOUNTID: Your AWS Account ID
   
2. REGION: Your AWS region (e.g., us-east-1)
   
3. OIDCID: The OIDC ID 
   

Create the IAM Role

Run the following to update the existing role:

aws iam update-assume-role-policy  --role-name AmazonEKS_EBS_CSI_DriverRole  --policy-document file://aws-ebs-csi-driver-trust-policy.json 

Run the following command to get the list of node groups in your cluster

aws eks list-nodegroups --cluster-name SmartGatewayDemo --output table

Copy the name of the node group and add it to the following command, which you will run later:

aws eks describe-nodegroup --cluster-name SmartGatewayDemo --nodegroup-name <NODEGROUPNAME> --query "nodegroup.nodeRole" --output text

Replace NODEGROUPNAME with the output text from the previous command, and run it as shown in the example image:

Now, using the output text from the previous command, adapt the following command and execute it:

aws iam attach-role-policy --role-name <NODEGROUPNAME> --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy 

Replace NODEGROUPNAME with the output text from the previous command. Example: SmarGatewayDemo-eks-node-group-20250905195555043200000002.

Attach Policy to the Role

Attach the AWS-managed policy to the IAM role:

aws iam attach-role-policy --policy-arn arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy --role-name AmazonEKS_EBS_CSI_DriverRole

Configure the ServiceAccount in Kubernetes

Execute the following command:

kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=release-1.20" 

Configure the ServiceAccount in Kubernetes

Create the ServiceAccount:

kubectl create serviceaccount ebs-csi-controller-sa -n kube-system

Annotate the ServiceAccount with the IAM role:

kubectl annotate serviceaccount ebs-csi-controller-sa -n kube-system eks.amazonaws.com/role-arn=arn:aws:iam::ACCOUNTID:role/AmazonEKS_EBS_CSI_DriverRole 

Replace ACCOUNTID with your actual AWS Account ID.

Then, navigate to the deployment directory:

cd oneconnect-kubernetes

8. Configure the .env File

Open the oneconnect.env file with a text editor (e.g., nano) and update the environment variables as needed for your deployment:

nano oneconnect.env

Modify the values according to your infrastructure, credentials, and environment-specific settings.

Make sure to save the file before exiting.

# Indicates whether to enable or disable the use of an Ingress resource in the Kubernetes cluster. 
export KUBERNETES_ISINGRESSACTIVE=false 
 
# Determines the port on which the system's frontend will be accessible. 
export FRONTENDPORT=5050 
 
# Specifies the port used by the API Gateway. 
export APIGATEWAYPORT=80 
 
# Specifies the Docker token used for authentication. 
export DOCKERHUB_TOKEN= 

#Specifies the license manager for datasynchub. 

export LICENSEMANAGER_LICENSE= 

# Defines the Kubernetes namespace for the application (Do not change unless necessary). 

export NAMESPACE_ONECONNECT=oneconnect 

For advanced Kubernetes configurations, refer to the following manual.

Note

The DOCKERHUB_TOKEN variable will be provided by the Onibex Sales team. Make sure to request it in advance, as it is required to during the deployment.

9. Run the OneConnect Deployment

Grant permissions to the scripts Run the following commands to grant permissions to the scripts we will need to run later: 

dos2unix oneconnect.env 

dos2unix generate-deployments.sh  

chmod +x generate-deployments.sh 

dos2unix setup.sh  

chmod +x setup.sh 

Once you have your oneconnect.env file ready, you'll need to run the generate-deployments.sh which will generate all the yaml archives needed to make the deployment. 

./generate-deployments.sh 

Run setup.sh after you run the generate-deployment.sh script, this will deploy all the services and deployments 

./setup.sh 

To start working with your newly deployed SmartGateway, refer to the following manuals

• Related Articles

• One Connect Cloud Deployment

  Prerequisites Download the required .zip folders attached at the end of the document: sql.zip one-connect.zip kafka-compose.zip Requirements for the Virtual Machine System: Linux Architecture: 64-bit processors (x86_64) support Instance ...

• Azure - One Connect Deployment Prerequisites

  Before you Begin: The following deployment manuals assumes a basic understanding of Kubernetes concepts. For more information, refer to Kubernetes core concepts for Azure Kubernetes Service (AKS). Before you begin: If you don't have an Azure account, ...

• Azure - OneConnect Deployment and Configuration

  One Connect Platform: Kubernetes Azure Deployment Manual for Private Network This manual outlines the steps required to deploy the One Connect system on a Kubernetes cluster within a Private Network (meaning the OneConnect Platform will not be ...

• AWS - Creation and Configuration of Service for Producer Pods

  Creation and Configuration of Service for Producer Pods This procedure applies only to producer pods that are automatically generated after creating a new workspace in the One Connect platform. The goal is to expose these pods through an internal ...

• One Connect Platform - Functionalities

  Introduction The table below outlines key features of the OneConnect platform, showcasing out of the box functionalities that support user management, system monitoring, SAP connectivity, and real-time data operations. No Function Description 1 ...