How-to guides
Install Edera
Installing Edera with AWS EKS

Installing Edera with AWS EKS

This guide walks you through a fast setup of Edera on AWS EKS. It’s built for users who are comfortable with AWS and already have an EKS cluster (or are provisioning one) and want to get up and running—quick.

You’ll prep your local system with the required tools and use Terraform to deploy Edera to your EKS cluster.

ℹ️
This guide is intentionally light—just the essentials to get Edera deployed and operational.

Prerequisites

Before you begin, ensure you have the following tools installed:

Need access to Edera?
support@edera.dev

Let’s Get Started

On Your Local System (Install Machine)

Once your AWS account has been added by the Edera team, you can list available AMIs:

aws ec2 describe-images --owners 207567768011 \
  --query 'reverse(sort_by(Images[*].[CreationDate, ImageId, Name, State], &[0]))' \
  --output table

Edera AMI names follow this pattern:

edera-protect-{version}-{os}-amazon-eks-node-{k8s version}-{build date}

Example output:

| 2025-05-13T18:23:13.000Z | ami-00a607425b69a4765 | edera-protect-v1.0.3-rc4-al2023-amazon-eks-node-1.30-v20250513 | available |

Using Terraform to Deploy

Pin the Edera AMI using a data source:

data "aws_ami" "protect_al2" {
  owners      = ["207567768011"]
  most_recent = true

  filter {
    name   = "name"
    values = [
      "edera-protect-v1.*-al2-amazon-eks-node-${local.cluster_version}-*"
    ]
  }

  filter {
    name   = "state"
    values = ["available"]
  }
}

Example main.tf with terraform-aws-modules/eks/aws 

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = ">= 5.0"
    }
  }
  required_version = ">= 1.3"
}

provider "aws" {
  region = var.region
}

variable "region" {
  default = "us-west-2"
}

locals {
  cluster_name    = "edera-cluster"
  cluster_version = "1.29"
  node_group_name = "protect-al2"

  ng_defaults = {
    instance_types = ["t3.medium"]
    desired_size   = 2
    min_size       = 1
    max_size       = 3
  }
}

module "eks" {
  source  = "terraform-aws-modules/eks/aws"
  version = "20.8.4" # latest as of May 2025

  cluster_name    = local.cluster_name
  cluster_version = local.cluster_version
  subnet_ids      = ["subnet-abc123", "subnet-def456"]  # Replace with your subnets
  vpc_id          = "vpc-xyz789"                        # Replace with your VPC

  eks_managed_node_groups = {
    (local.node_group_name) = merge(local.ng_defaults, {
      ami_id   = data.aws_ami.protect_al2.id
      ami_type = "AL2_x86_64"

      labels = {
        "node-type"   = "al2"
        "ng-name"     = local.node_group_name
        "protect-ami" = "true"
      }

      tags = {
        "Name"      = "${local.cluster_name}-${local.node_group_name}"
        "EderaAMI"  = "true"
      }

      enable_bootstrap_user_data = true
    })
  }
}

Deploy It 

terraform init
terraform plan
terraform apply

Testing It Out

Connect to Your Cluster 

aws eks --region us-west-2 update-kubeconfig --name my_cluster

This sets up your kubeconfig to connect to the my_cluster EKS cluster.

Verify the Edera AMI 

for node in $(kubectl get nodes -o name); do
  instance_id=$(kubectl get "$node" -o json | jq -r '.spec.providerID' | cut -d'/' -f5)
  ami_id=$(aws ec2 describe-instances --instance-ids "$instance_id" --query 'Reservations[0].Instances[0].ImageId' --output text)
  ami_name=$(aws ec2 describe-images --image-ids "$ami_id" --query 'Images[0].Name' --output text)
  echo "$node is running AMI $ami_id ($ami_name)"
done

Sample output:

node/ip-10-0-2-59.us-west-2.compute.internal is running AMI ami-09308ca7bc80ea1d8 (edera-protect-v1.0.3-rc4-al2-amazon-eks-node-1.30-v20250513)

Apply the Edera RuntimeClass 

kubectl apply -f runtime.yaml

runtime.yaml:

apiVersion: node.k8s.io/v1
kind: RuntimeClass
metadata:
  name: edera
handler: edera

Verify it was created:

kubectl get runtimeclass

Expected output:

NAME    HANDLER   AGE
edera   edera     12s

Test with a Pod

Create a namespace and deploy a test pod:

kubectl create namespace edera-protect
kubectl apply -f edera-protect-pod.yaml

edera-protect-pod.yaml:

apiVersion: v1
kind: Pod
metadata:
  name: edera-protect-pod
  namespace: edera-protect
spec:
  runtimeClassName: edera
  containers:
    - name: nginx
      image: nginx:1.25.3

Verify:

kubectl get pods -n edera-protect

Expected output:

NAME                READY   STATUS    RESTARTS   AGE
edera-protect-pod   1/1     Running   0          2m37s

Troubleshooting

If the pod isn’t coming up:

Check pod status:

kubectl describe pod edera-protect-pod -n edera-protect

View logs:

kubectl logs edera-protect-pod -n edera-protect

Confirm runtime class:

kubectl get pod edera-protect-pod -n edera-protect -o=jsonpath="{.spec.runtimeClassName}"

Expected output:

edera

Want More?

Full documentation: docs.edera.dev
Still stuck? Email support@edera.dev — we like solving problems.

Last updated on