Installing AWS Load Balancer Controller on Amazon EKS

This guide walks you through installing the AWS Load Balancer Controller on your Amazon EKS cluster.

Prerequisites

Helm installed on your local machine.
Ensure the following EKS add-ons are at minimum required versions:
- Amazon VPC CNI plugin for Kubernetes
- kube-proxy
- CoreDNS

Step 1: Create IAM Policy and IAM Role

1.1 Download IAM Policy JSON

curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.13.0/docs/install/iam_policy.json

1.2 Create IAM Policy

aws iam create-policy \
  --policy-name AWSLoadBalancerControllerIAMPolicy \
  --policy-document file://iam_policy.json

Note: You can ignore any warnings during policy creation.

ref:

eksctl utils associate-iam-oidc-provider --region=ap-south-1 --cluster=premium-8j8pdg5wb0 --approve

1.3 Create IAM Role using `eksctl`

eksctl create iamserviceaccount \
  --cluster=premium-m3mg48mf8u \
  --namespace=kube-system \
  --name=aws-load-balancer-controller \
  --attach-policy-arn=arn:aws:iam::x:policy/AWSLoadBalancerControllerIAMPolicy \
  --override-existing-serviceaccounts \
  --region ap-south-1 \
  --approve
 
kubectl get serviceaccount aws-load-balancer-controller -n kube-system

Step 2: Install AWS Load Balancer Controller using Helm

2.1 Add and Update EKS Helm Chart Repository

helm repo add eks https://aws.github.io/eks-charts
helm repo update eks

2.2 Install the Controller

Replace my-cluster with your actual EKS cluster name.

helm uninstall aws-load-balancer-controller -n kube-system
helm install aws-load-balancer-controller eks/aws-load-balancer-controller \
  -n kube-system \
  --set clusterName=premium-m3mg48mf8u \
  --set serviceAccount.create=false \
  --set serviceAccount.name=aws-load-balancer-controller \
  --set region=ap-south-1 \
  --set vpcId=vpc-0abcd1234ef56789

Step 3: Verify Installation

Check that the controller deployment is running:

kubectl get deployment -n kube-system aws-load-balancer-controller

Expected Output:

NAME                           READY   UP-TO-DATE   AVAILABLE   AGE
aws-load-balancer-controller   2/2     2            2           84s

TroubleShoot SA using file `IMP if LB not created YET`

eksctl delete iamserviceaccount           --config-file iam-service-account.yaml --approve
eksctl create iamserviceaccount   --config-file iam-service-account.yaml   --approve
kubectl rollout restart deployment aws-load-balancer-controller -n kube-system
kubectl get serviceaccount aws-load-balancer-controller -n kube-system -o yaml

kubectl edit deployment aws-load-balancer-controller -n kube-system
#Add the following flags under the spec.containers.args:
#- --aws-region=<region>
#- --aws-vpc-id=<vpc-id>

kubectl get pods -n kube-system -l app.kubernetes.io/name=aws-load-balancer-controller

Policy Version Update : `process`

# download latest json from `https://docs.aws.amazon.com/eks/latest/userguide/lbc-helm.html`
curl -O https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/<latest>/docs/install/iam_policy.json
# create its v2 of that policy 
aws iam create-policy-version \
  --policy-arn arn:aws:iam::767397928888:policy/AWSLoadBalancerControllerIAMPolicy \
  --policy-document file://iam_policy.json \
  --set-as-default
 
# List all its version  
aws iam list-policy-versions --policy-arn arn:aws:iam::767397928888:policy/AWSLoadBalancerControllerIAMPolicy
 
# delete older version optional 
aws iam delete-policy-version \
  --policy-arn arn:aws:iam::767397928888:policy/AWSLoadBalancerControllerIAMPolicy \
  --version-id v1
 
# restart the controller to update its policy 
kubectl rollout restart deployment aws-load-balancer-controller -n kube-system

Vault Dev Aws