Rapid-eks – Production EKS in 13 minutes with Terraform + Python

Hey HN! I built rapid-eks - a CLI that deploys production-ready AWS EKS clusters in 13 minutes (validated).

GitHub: https://github.com/jtaylortech/rapid-eks

The Problem

I've set up EKS at 5+ companies. Every time, same 2-4 week grind:

• Multi-AZ VPC with proper CIDR planning
• IRSA (IAM Roles for Service Accounts) - always breaks
• Karpenter, ALB Controller, Prometheus - manual Helm hell
• IAM policies that are too permissive or too restrictive
• Debugging "why can't my pod access S3?"

It's undifferentiated heavy lifting. Same bugs, every time.

How It Works

rapid-eks is a Python CLI that generates and manages Terraform:

1. Config validation (Pydantic) - Type-safe YAML parsing
2. Preflight checks - AWS creds, Terraform version, kubectl, quotas
3. Terraform generation (Jinja2) - Uses official AWS modules
4. Deployment - Runs terraform apply with progress tracking
5. Health validation - Waits for cluster/nodes/addons to be ready
6. IRSA configuration - Automatically sets up pod→AWS auth

All generated Terraform lives in .rapid-eks/ - you can inspect/modify it.

What You Get (13 minutes)

Infrastructure:

• Multi-AZ VPC (3 AZs, 6 subnets, 3 NAT gateways)
• EKS 1.31 with OIDC provider
• Managed node group (t3.medium, 2-4 nodes, autoscaling)

Addons (with IRSA):

• Karpenter - Node autoscaling with spot instance support
• AWS Load Balancer Controller - Native ALB/NLB integration
• Prometheus + Grafana - Monitoring stack

Security:

• IRSA for all workloads (no static credentials)
• Least-privilege IAM policies
• Private subnets for nodes
• Security groups with minimal access

Technical Details

Stack:

• Python 3.11+ with type hints (Pydantic for validation)
• Jinja2 templates for Terraform generation
• Click for CLI, Rich for output
• Uses official terraform-aws-modules (vpc, eks, iam)

Why generate Terraform vs pure Python?

• Terraform state management is battle-tested
• AWS modules are well-maintained
• Users can inspect/modify generated code
• Easier to debug than boto3 API calls
• Idempotent by default

Preflight checks:

def validate_aws_credentials():
    """Verify AWS creds work and have necessary permissions"""
    try:
        sts = boto3.client('sts')
        identity = sts.get_caller_identity()
        # Check for required IAM permissions
        return True
    except ClientError:
        return False

IRSA setup:

• Creates OIDC provider for cluster
• Generates IAM roles with trust policies
• Annotates ServiceAccounts with role ARNs
• Validates pod→AWS auth works

Health validation:

def wait_for_cluster_ready(cluster_name, region, timeout=600):
    """Poll EKS API until cluster is ACTIVE"""
    eks = boto3.client('eks', region_name=region)
    start = time.time()
    while time.time() - start < timeout:
        cluster = eks.describe_cluster(name=cluster_name)
        if cluster['cluster']['status'] == 'ACTIVE':
            return True
        time.sleep(10)
    return False

Try It

pip install git+https://github.com/jtaylortech/rapid-eks.git
rapid-eks create demo --region us-east-1
# ~13 minutes later
kubectl get nodes

Destroy is just as fast:

rapid-eks destroy demo --auto-approve
# ~17 minutes, validates clean removal

Feedback Wanted

• Edge cases I'm missing?
• Additional addons needed? (cert-manager, external-dns, etc.)
• AWS regions with issues?
• Better IRSA patterns?
• Documentation gaps?

All code is on GitHub, MIT licensed. Issues and PRs welcome.

https://github.com/jtaylortech/rapid-eks/tree/main/docs?embedable=true