How to Set Up Kubernetes on AWS: Security Groups, EC2, and Elastic IPs

If you want to set up Kubernetes on AWS, the infrastructure you prepare matters as much as the Kubernetes installation itself. From security groups to EC2 sizing and Elastic IPs, small missteps here can lead to connectivity issues, unstable nodes, and unnecessary rework later.

This guide explains how to set up Kubernetes on AWS with a clean baseline: separate security groups for control plane and worker nodes, properly sized EC2 instances, and static public IPs for predictable access.

Step 1: Set up security groups for Kubernetes

AWS security groups act as virtual firewalls for EC2 instances. For Kubernetes, it’s best to separate access rules for the control plane and worker nodes to keep your cluster manageable and secure.

Control plane security group

1. Open AWS Management Console → EC2 → Security Groups

2. Click Create security group and name it something like k8s-control-plane-sg

3. Add these inbound rules:

• Port 22 (SSH): Allow from your IP (avoid “Anywhere” unless you must)

• Port 6443 (Kubernetes API Server): Allow from your IP or admin network

• Ports 2379–2380 (etcd): Allow from your VPC CIDR

• Ports 10250–10259 (kubelet + control plane components): Allow from your VPC CIDR

4. Add an outbound rule: allow all traffic (default is typically fine)

Worker node security group

1. Create a second security group, e.g., k8s-worker-node-sg

2. Add these inbound rules:

• Port 22 (SSH): Allow from your IP

• Ports 10250–10256 (kubelet/internal node communication): Allow from your VPC CIDR

3. Add an outbound rule: allow all traffic

This separation is one of the simplest ways to set up Kubernetes on AWS with fewer network problems later.

Step 2: Launch EC2 instances for control plane and worker nodes

For a minimal cluster, use at least:

• 1 control plane instance

• 1 worker node instance

Control plane instance

1. Go to EC2 → Instances → Launch instance

2. Configure:

• Name: k8s-control-plane

• AMI: Ubuntu 22.04 LTS (64-bit)

• Instance type: t2.medium (2 vCPU, 4GB RAM) for a reasonable baseline

• Key pair: create/select (e.g., k8s-master-key)

• Network settings: choose the VPC and attach k8s-control-plane-sg

• Storage: at least 12 GB

3. Launch the instance

Worker node instance

Repeat the same process with:

• Name: k8s-worker-node

• Security group: attach k8s-worker-node-sg

• Storage: at least 15 GB

This structure keeps your foundation clean when you set up Kubernetes on AWS and start installing kubeadm-based components.

Step 3: Assign Elastic IPs

Elastic IPs give your instances static public IP addresses, which helps avoid surprises when instances restart.

1. Open EC2 → Elastic IPs → Allocate Elastic IP address

2. Associate one Elastic IP to the control plane instance:

   • Select the Elastic IP → Actions → Associate

   • Choose k8s-control-plane

3. Repeat for the worker node instance

Elastic IPs aren’t required for every production design, but they’re helpful in beginner setups where you set up Kubernetes on AWS and need stable access while learning or testing.

Best practices for AWS setup

1. Prefer private networking where possible
   Use private IPs internally and restrict public access to only what’s required.

2. Enable monitoring early
   Use CloudWatch metrics to track CPU, memory pressure indicators, and network patterns.

3. Plan storage with Kubernetes in mind
   Logs, container images, and workloads consume disk quickly. Allocate extra headroom if you expect growth.

Closing

A secure AWS baseline is the first step to a stable cluster. Once you set up Kubernetes on AWS with the right security groups, EC2 instances, and IP strategy, the Kubernetes installation becomes far smoother.

In the next blog, we’ll cover configuring your nodes, prerequisites, and installing kubeadm, kubelet, and kubectl to bring the cluster online.