CloudWatch | Notion

CLUSTER_NAME=<CLUSTER_NAME>
AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)

eksctl create iamserviceaccount \\
  --cluster=$CLUSTER_NAME \\
  --namespace=keda-cloudwatch-guidance \\
  --name=keda-operator \\
  --role-name=keda-operator-role \\
  --attach-policy-arn=arn:aws:iam::aws:policy/CloudWatchFullAccess \\
  --approve

helm repo add kedacore <https://kedacore.github.io/charts>
helm repo update
helm install keda kedacore/keda \\
  -n keda-cloudwatch-guidance \\
  --set serviceAccount.operator.create=false \\
  --set serviceAccount.operator.name=keda-operator

helm repo add eks <https://aws.github.io/eks-charts>
helm repo update eks
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \\
  -n kube-system \\
  --set clusterName=$CLUSTER_NAME \\
  --set serviceAccount.create=false \\
  --set serviceAccount.name=aws-load-balancer-controller

public_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-public-subnet-a" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)
public_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-public-subnet-b" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)
private_a=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-private-subnet-a" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)
private_b=$(aws ec2 describe-subnets --filters "Name=tag:Name,Values=skills-private-subnet-b" --query "Subnets[].SubnetId[]" --region ap-northeast-2 --output text)

public_subnet_name=("$public_a" "$public_b")
private_subnet_name=("$private_a" "$private_b")

for name in "${public_subnet_name[@]}"
do
    aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/elb,Value=1
done

for name in "${private_subnet_name[@]}"
do
    aws ec2 create-tags --resources $name --tags Key=kubernetes.io/role/internal-elb,Value=1
done

aws iam create-user --user-name user

aws iam attach-user-policy --user-name user --policy-arn arn:aws:iam::aws:policy/CloudWatchFullAccess

aws iam create-access-key --user-name user

echo -n "<AWS_ACCESS_KEY_ID>" | base64
echo -n "<AWS_SECRET_ACCESS_KEY>" | base64

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  namespace: keda-cloudwatch-guidance
  labels:
    app: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      serviceAccountName: keda-operator
      containers:
        - name: nginx
          image: nginx:latest
          ports:
            - containerPort: 80