An internal developer platform (IDP) is a set of standardized tools and technologies that enables development teams to self-service, offering convenient access to resources they need to create and deploy compliant code. The ultimate goal is to facilitate automation, autonomy and productivity across large teams. However, creating an IDP is highly complex, especially when bridging hybrid scenarios. In fact, build timelines can take anywhere between one to two years! In this Techstrong Learning Experience, we will discuss how platform engineers can more efficiently build an IDP with Amazon EKS and Weave GitOps and accelerate cloud-native adoption while speeding up migration of existing applications to the cloud. Our experts will also introduce EKS Blueprints, a collection of infrastructure-as-code (IaC) modules like Terraform and AWS Cloud Development Kit (AWS CDK) that will help you configure and deploy consistent EKS clusters across on-premises and cloud. Key Takeaways: - Why you should build a self-service IDP - How to leverage EKS, GitOps and EKS Blueprints to build your IDP - A review of use cases and benefits of an IDP

1. Confidential do not distribute
Building internal
developer platforms
with EKS and GitOps
In partnership with:

2. 2
Elamaran Shanmugam
Sr. Containers Specialist Solutions Architect, AWS
Elamaran (Ela) Shanmugam is a Sr. Containers Specialist Solutions
Architect with Amazon Web Services and he has 17+ years of
experience in architecting, building and operating open source,
enterprise systems and infrastructure. Ela is a Container,
Observability and Multi-Account Architecture SME and helps AWS
customers to design and build scalable, secure and optimized
container workloads on AWS. At AWS, he enjoys public speaking,
mentoring and publishing engaging technical contents such as
whitepapers, blogs and best practice guides. He is based out of
Tampa, Florida.
Darryl Weaver
Solutions Architect, Weaveworks
Darryl Weaver has worked with open source
software for over 20 years in his own business and
working for companies such as Canonical, Datapipe
and worked with organizations such as Rackspace
and Redhat. Specializing in Infrastructure and
Platform Engineering with a focus on open source,
such as Openstack and Kubernetes.
Speaker introductions

3. Confidential do not distribute
Weaveworks is backed by solid investors
Weaveworks: the GitOps company
Weaveworks is deeply committed
to the Open Source Community
Our Product
Weave GitOps Enterprise developer platform works
with Kubernetes to remove the complexity and trust
barriers to adoption
Our Mission
Deliver and own the cloud native operating model for
developers

4. Confidential do not distribute 4
Amazon Web Services and Weaveworks
● Weaveworks and AWS partnership bringing advanced
Kubernetes (EKS) to enterprises in the financial,
technology, and Telco industries
● Co-development of open source tools and technologies,
such as eksctl, the official command line tool for the
Amazon EKS managed Kubernetes service
● Uniquely - Weaveworks team is part of the AWS product
development process
● Collaboration on a great GitOps on EKS Accelerator
program available on AWS Marketplace
+

5. Confidential do not distribute 5
An Internal Developer Platform (IDP) is built by a platform team to build golden paths and enable developer
self-service. An IDP consists of many different techs and tools, glued together in a way that lowers cognitive load
on developers without abstracting away context and underlying technologies.
Internal developer platforms are being used across all sectors and org sizes, e.g. Amazon built and uses one to
minimize the operational load on their DevOps teams and provide required abstractions to their software
development teams.
Critical components include:
● Infrastructure orchestration
● Role-based action management
● Application configuration management
● Deployment management
● Environment management
● Observability
What is an Internal Developer Platform (IDP)

6. Confidential do not distribute 6
The Ops teams specify what resources start up with what environment or at what request. Ops sets baseline
templates for application configurations and govern permissions. This automates recurring tasks such as
deploying whole clusters already configured for a particular use-case and makes their setup easier to maintain by
enforcing standards. Developer teams gain autonomy by changing configurations, deploying, spinning up fully
provisioned environments, and rollback.
What we are using for our demo today:
● The EKS blueprints Terraform Library of Examples
● Weave Gitops Enterprise with embedded Terraform Controller
We are building an IDP with AWS EKS and Weave GitOps

7. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
Overview of Amazon EKS

8. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
2021 is the year Kubernetes crossed the chasm
Amazon EKS
Fully managed
container orchestration
with Kubernetes
96% of organizations are either using
or evaluating Kubernetes
5.6 Million developers using
Kubernetes today (+67% from just a
year ago).
EKS is the most popular managed
Kubernetes service available (39% of
respondents)
2021 CNCF Cloud Survey

9. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
Day 2 Operational Challenges
Amazon EKS Security
Cilium Gatekeeper
Secrets
Manager
Observability
Prometheus Fluent
Bit
OTEL
Reliability
Karpenter Autoscaler Keda
Delivery
Flux Crossplane
Other
Weave
Gitops

10. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
What we hear from customers
How do I integrate EKS external
services like with Managed
Grafana and Prometheus?
What are sensible defaults
for a best practices EKS
cluster?
How do I configure and EKS
cluster to run workloads for
multiple teams?
How can I build an EKS
cluster that meets the NSA
hardening guidelines?
How can I integrate EKS with
an external IDP to manage
cluster access? How can I run big
data/analytics workloads on
EKS?

11. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
Working backwards from customers
Flexible tools that allow customers to easily customize an EKS
cluster to meet their unique requirements
A starting point for net new development and experimentation on
container services.
Out of the box integrations with popular AWS services and open
source tools
A foundation that allows for customization and expansion over
time.

12. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
EKS Blueprints

13. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
EKS Blueprints
An open-source framework that allows you to
configure and deploy complete EKS clusters
Infrastructure as
Code with
Terraform and
CDK
Based on AWS
best practices and
recommendations
Integrated with
popular K8s
tools and
services
Fully
extensible and
customizable

14. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
Open Source Repositories

15. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
• Configure and deploy EKS clusters according to AWS best practices.
• Replicate clusters across AWS accounts and regions.
• Integrate with an existing VPC or leverage the solution to deploy a new one.
Cluster Management
• Out of the box modules for popular Kubernetes add-ons.
• Provisions AWS resources that are necessary to support add-on functionality.
Add-on Management
• Create distinct teams for both administrators and application owners.
• Manage secure namespaces access for application teams.
Team Management
• Leverage GitOps tooling to manage workloads that run across your clusters.
• Self-service onboarding of new workloads via a Pull Request.
Workload Management
What you get with EKS Blueprints

16. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
Example Blueprint
Teams
Add-ons
Clusters
Amazon EKS
Team B Team C Team D
KEDA
Nginx
CoreDNS External DNS
Cluster Autoscaler
Grafana
Cert Manager Prometheus
Team A Team E
AWS Outposts Bottlerocket AWS Fargate

17. © 2020, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential and Trademark.
Resources
Terraform
• GitHub Repo - https://github.com/aws-ia/terraform-aws-eks-blueprints
• Documentation - https://aws-ia.github.io/terraform-aws-eks-blueprints
CDK
• GitHub Repo - https://github.com/aws-quickstart/cdk-eks-blueprints
• Documentation - https://aws-quickstart.github.io/cdk-eks-blueprints
GitOps
• Workloads Repo - https://github.com/aws-samples/eks-blueprints-workloads
• Add-ons Repo - https://github.com/aws-samples/eks-blueprints-add-ons

18. 18
Confidential do not distribute
Weave GitOps Enterprise
“The software that automates your Kubernetes platform”

19. Confidential do not distribute 19
Why GitOps?
● Increased Productivity
● Enhanced Developer Experience
● Improved Stability
● Higher Reliability
● Consistency and Standardization
● Stronger Security Guardrails

20. Confidential do not distribute 20
What is Weave GitOps
DEVELOPER EXPERIENCE
• Continuous Delivery, observability and monitoring
• Consistent developer workflows across multiple
deployments
• Team workspaces for multi-tenanted usage
OPERATOR EXPERIENCE
• Extend Kubernetes to managed platform using GitOps model
• An Open Source Kubernetes platform for on-premise deployment
• Additive to manage Kubernetes (e.g. EKS, AKS or GKE)
• Upgrades to new versions
• Extensible controls to implement security and policy controls

21. Confidential do not distribute 21
App
Team
workspaces
App
Management
Cluster
App
Leaf
Cluster
Profile Policy
Management
Management
UI
Weave GitOps Enterprise
Kubernetes
Cluster Management UI
Management UI
Multi Cluster Installer (CAPI)
Weave GitOps Enterprise
Kubernetes
Weave GitOps Enterprise

22. Confidential do not distribute 22
Flatten the Terraform learning curve through a best in class developer experience. A centralized
management and observability UI and notification system reduce context switching when testing or
debugging. Developer autonomy can be established safely through guardrails when operating and
creating infrastructure.
• Reduce onramp by simplifying Terraform (No HCL) so DevOps teams can self-service their
infrastructure needs
• Central visibility and control of all TF objects across all environments - debug and fix easily
• Reduce risk by applying guardrails to infrastructure creation & management
• We help you make the most out of your Terraform investment
TF Controller

24. Confidential do not distribute 24
Benefits of Terraform Controller:
1. GitOps your existing Terraform
2. View Status and Plan of Terraform deployments using the Weave GitOps Enterprise UI
3. Manage the Terraform deployments of multiple teams with multi-tenancy
4. Run as a Terraform runner inside your target environment
5. Drift Detection notifies operators allowing investigation and corrective action
6. Git repository logs all changes for traceability, including manual approvals
7. Publish planned changes to git Pull Requests as a comment, prior to approval
8. Apply Kubernetes policy controls directly to Terraform modules
TF Controller

25. Confidential do not distribute 25
● Prerequisites:
○ Fork the EKS Blueprints repository
■ https://github.com/aws-ia/terraform-aws-eks-blueprints
○ Modify EKS Blueprints to customise values
■ AWS Region
■ Cluster Name
■ Kubernetes Version
■ Size of workload node group
○ Create a Terraform Template for Weave Gitops Enterprise
■ Use auto apply
EKS Blueprint Deployment Demo

26. Confidential do not distribute 26
● Demo
○ Create an instance of the Terraform Template in the Weave Gitops Enterprise
management cluster
■ Use the Template to deploy a copy of the EKS Blueprint with the values set
● Cluster deployment starts
■ Show an already deployed EKS Blueprint cluster
● Show the Inventory and the Last deployed Plan
● Then edit the cluster
● Approve the Pull Request
● The Terraform is re-run with new values
● The plan is produced and applied automatically
EKS Blueprint Deployment Demo

27. 27
Confidential do not distribute
Demo

28. Confidential do not distribute 28
✓ Create an instance of the Terraform Template in the WGE management cluster
✓ Use the Template to deploy a copy of the EKS Blueprint with the values set
✓ Cluster deployment starts
✓ Show an already deployed EKS Blueprint cluster
✓ Show the Inventory and the Last deployed Plan
✓ Then edit the cluster
✓ Approve the Pull Request
✓ The Terraform is re-run with new values
✓ The plan is produced and applied automatically
EKS Blueprint Deployment Tasks

29. Confidential do not distribute 29
1. Increased productivity: Ops makes the most efficient technologies and tools; repetitive tasks
are automated, pressure is relieved
2. Enable developer self service: dev teams do not rely on operations; manage deployments
and environments on its own using pre-configured platform configurations and processes.
3. Increase visibility and deployment frequency while decreasing load and lead time
4. Reduce friction - encourage developers to focus on code, innovation and experimentation
within safe and secure guardrails
5. Reduce onramp for apps and teams - rely on smooth platform processes that have been
pre-planned, allowing it to start projects quickly and with less effort
6. Reduce costs and increase stability: faster time to value for clients through internal platform's
out-of-the-box processes and workflows and consistent app deployment and management
Recap: 6 key benefits when utilizing an IDP

30. 30
Confidential do not distribute
Questions?

31. 31
Whitepaper: The GitOps Guide to Building &
Managing Internal Platformshttp://bit.ly/3ynmtxs
Learn more about Weave GitOps
www.weave.works/enterprise
Get started with our help: EKS Accelerator on
AWS Marketplace
Thank You