Docs Home
AWS v6.73.0 published on Wednesday, Mar 19, 2025 by Pulumi
aws.eks.Cluster
Explore with Pulumi AI
Manages an EKS Cluster.
Example Usage
EKS Cluster
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const cluster = new aws.iam.Role("cluster", {
name: "eks-cluster-example",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"sts:AssumeRole",
"sts:TagSession",
],
Effect: "Allow",
Principal: {
Service: "eks.amazonaws.com",
},
}],
}),
});
const clusterAmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment("cluster_AmazonEKSClusterPolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
role: cluster.name,
});
const example = new aws.eks.Cluster("example", {
name: "example",
accessConfig: {
authenticationMode: "API",
},
roleArn: exampleAwsIamRole.arn,
version: "1.31",
vpcConfig: {
subnetIds: [
az1.id,
az2.id,
az3.id,
],
},
}, {
dependsOn: [clusterAmazonEKSClusterPolicy],
});
import pulumi
import json
import pulumi_aws as aws
cluster = aws.iam.Role("cluster",
name="eks-cluster-example",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": [
"sts:AssumeRole",
"sts:TagSession",
],
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com",
},
}],
}))
cluster_amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment("cluster_AmazonEKSClusterPolicy",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
role=cluster.name)
example = aws.eks.Cluster("example",
name="example",
access_config={
"authentication_mode": "API",
},
role_arn=example_aws_iam_role["arn"],
version="1.31",
vpc_config={
"subnet_ids": [
az1["id"],
az2["id"],
az3["id"],
],
},
opts = pulumi.ResourceOptions(depends_on=[cluster_amazon_eks_cluster_policy]))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": []string{
"sts:AssumeRole",
"sts:TagSession",
},
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "eks.amazonaws.com",
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
cluster, err := iam.NewRole(ctx, "cluster", &iam.RoleArgs{
Name: pulumi.String("eks-cluster-example"),
AssumeRolePolicy: pulumi.String(json0),
})
if err != nil {
return err
}
clusterAmazonEKSClusterPolicy, err := iam.NewRolePolicyAttachment(ctx, "cluster_AmazonEKSClusterPolicy", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"),
Role: cluster.Name,
})
if err != nil {
return err
}
_, err = eks.NewCluster(ctx, "example", &eks.ClusterArgs{
Name: pulumi.String("example"),
AccessConfig: &eks.ClusterAccessConfigArgs{
AuthenticationMode: pulumi.String("API"),
},
RoleArn: pulumi.Any(exampleAwsIamRole.Arn),
Version: pulumi.String("1.31"),
VpcConfig: &eks.ClusterVpcConfigArgs{
SubnetIds: pulumi.StringArray{
az1.Id,
az2.Id,
az3.Id,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
clusterAmazonEKSClusterPolicy,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var cluster = new Aws.Iam.Role("cluster", new()
{
Name = "eks-cluster-example",
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = new[]
{
"sts:AssumeRole",
"sts:TagSession",
},
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "eks.amazonaws.com",
},
},
},
}),
});
var clusterAmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment("cluster_AmazonEKSClusterPolicy", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
Role = cluster.Name,
});
var example = new Aws.Eks.Cluster("example", new()
{
Name = "example",
AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs
{
AuthenticationMode = "API",
},
RoleArn = exampleAwsIamRole.Arn,
Version = "1.31",
VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs
{
SubnetIds = new[]
{
az1.Id,
az2.Id,
az3.Id,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
clusterAmazonEKSClusterPolicy,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.eks.Cluster;
import com.pulumi.aws.eks.ClusterArgs;
import com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;
import com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster = new Role("cluster", RoleArgs.builder()
.name("eks-cluster-example")
.assumeRolePolicy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", jsonArray(
"sts:AssumeRole",
"sts:TagSession"
)),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "eks.amazonaws.com")
))
)))
)))
.build());
var clusterAmazonEKSClusterPolicy = new RolePolicyAttachment("clusterAmazonEKSClusterPolicy", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy")
.role(cluster.name())
.build());
var example = new Cluster("example", ClusterArgs.builder()
.name("example")
.accessConfig(ClusterAccessConfigArgs.builder()
.authenticationMode("API")
.build())
.roleArn(exampleAwsIamRole.arn())
.version("1.31")
.vpcConfig(ClusterVpcConfigArgs.builder()
.subnetIds(
az1.id(),
az2.id(),
az3.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(clusterAmazonEKSClusterPolicy)
.build());
}
}
resources:
example:
type: aws:eks:Cluster
properties:
name: example
accessConfig:
authenticationMode: API
roleArn: ${exampleAwsIamRole.arn}
version: '1.31'
vpcConfig:
subnetIds:
- ${az1.id}
- ${az2.id}
- ${az3.id}
options:
dependsOn:
- ${clusterAmazonEKSClusterPolicy}
cluster:
type: aws:iam:Role
properties:
name: eks-cluster-example
assumeRolePolicy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action:
- sts:AssumeRole
- sts:TagSession
Effect: Allow
Principal:
Service: eks.amazonaws.com
clusterAmazonEKSClusterPolicy:
type: aws:iam:RolePolicyAttachment
name: cluster_AmazonEKSClusterPolicy
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
role: ${cluster.name}
EKS Cluster with EKS Auto Mode
NOTE: When using EKS Auto Mode
compute_config.enabled,kubernetes_network_config.elastic_load_balancing.enabled, andstorage_config.block_storage.enabledmust *ALL be set totrue. Likewise for disabling EKS Auto Mode, all three arguments must be set tofalse. Enabling EKS Auto Mode also requires thatbootstrap_self_managed_addonsis set tofalse.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const node = new aws.iam.Role("node", {
name: "eks-auto-node-example",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: ["sts:AssumeRole"],
Effect: "Allow",
Principal: {
Service: "ec2.amazonaws.com",
},
}],
}),
});
const cluster = new aws.iam.Role("cluster", {
name: "eks-cluster-example",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"sts:AssumeRole",
"sts:TagSession",
],
Effect: "Allow",
Principal: {
Service: "eks.amazonaws.com",
},
}],
}),
});
const clusterAmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment("cluster_AmazonEKSClusterPolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
role: cluster.name,
});
const clusterAmazonEKSComputePolicy = new aws.iam.RolePolicyAttachment("cluster_AmazonEKSComputePolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSComputePolicy",
role: cluster.name,
});
const clusterAmazonEKSBlockStoragePolicy = new aws.iam.RolePolicyAttachment("cluster_AmazonEKSBlockStoragePolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy",
role: cluster.name,
});
const clusterAmazonEKSLoadBalancingPolicy = new aws.iam.RolePolicyAttachment("cluster_AmazonEKSLoadBalancingPolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy",
role: cluster.name,
});
const clusterAmazonEKSNetworkingPolicy = new aws.iam.RolePolicyAttachment("cluster_AmazonEKSNetworkingPolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy",
role: cluster.name,
});
const example = new aws.eks.Cluster("example", {
name: "example",
accessConfig: {
authenticationMode: "API",
},
roleArn: cluster.arn,
version: "1.31",
bootstrapSelfManagedAddons: false,
computeConfig: {
enabled: true,
nodePools: ["general-purpose"],
nodeRoleArn: node.arn,
},
kubernetesNetworkConfig: {
elasticLoadBalancing: {
enabled: true,
},
},
storageConfig: {
blockStorage: {
enabled: true,
},
},
vpcConfig: {
endpointPrivateAccess: true,
endpointPublicAccess: true,
subnetIds: [
az1.id,
az2.id,
az3.id,
],
},
}, {
dependsOn: [
clusterAmazonEKSClusterPolicy,
clusterAmazonEKSComputePolicy,
clusterAmazonEKSBlockStoragePolicy,
clusterAmazonEKSLoadBalancingPolicy,
clusterAmazonEKSNetworkingPolicy,
],
});
const nodeAmazonEKSWorkerNodeMinimalPolicy = new aws.iam.RolePolicyAttachment("node_AmazonEKSWorkerNodeMinimalPolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy",
role: node.name,
});
const nodeAmazonEC2ContainerRegistryPullOnly = new aws.iam.RolePolicyAttachment("node_AmazonEC2ContainerRegistryPullOnly", {
policyArn: "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly",
role: node.name,
});
import pulumi
import json
import pulumi_aws as aws
node = aws.iam.Role("node",
name="eks-auto-node-example",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": ["sts:AssumeRole"],
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com",
},
}],
}))
cluster = aws.iam.Role("cluster",
name="eks-cluster-example",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": [
"sts:AssumeRole",
"sts:TagSession",
],
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com",
},
}],
}))
cluster_amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment("cluster_AmazonEKSClusterPolicy",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
role=cluster.name)
cluster_amazon_eks_compute_policy = aws.iam.RolePolicyAttachment("cluster_AmazonEKSComputePolicy",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSComputePolicy",
role=cluster.name)
cluster_amazon_eks_block_storage_policy = aws.iam.RolePolicyAttachment("cluster_AmazonEKSBlockStoragePolicy",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy",
role=cluster.name)
cluster_amazon_eks_load_balancing_policy = aws.iam.RolePolicyAttachment("cluster_AmazonEKSLoadBalancingPolicy",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy",
role=cluster.name)
cluster_amazon_eks_networking_policy = aws.iam.RolePolicyAttachment("cluster_AmazonEKSNetworkingPolicy",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy",
role=cluster.name)
example = aws.eks.Cluster("example",
name="example",
access_config={
"authentication_mode": "API",
},
role_arn=cluster.arn,
version="1.31",
bootstrap_self_managed_addons=False,
compute_config={
"enabled": True,
"node_pools": ["general-purpose"],
"node_role_arn": node.arn,
},
kubernetes_network_config={
"elastic_load_balancing": {
"enabled": True,
},
},
storage_config={
"block_storage": {
"enabled": True,
},
},
vpc_config={
"endpoint_private_access": True,
"endpoint_public_access": True,
"subnet_ids": [
az1["id"],
az2["id"],
az3["id"],
],
},
opts = pulumi.ResourceOptions(depends_on=[
cluster_amazon_eks_cluster_policy,
cluster_amazon_eks_compute_policy,
cluster_amazon_eks_block_storage_policy,
cluster_amazon_eks_load_balancing_policy,
cluster_amazon_eks_networking_policy,
]))
node_amazon_eks_worker_node_minimal_policy = aws.iam.RolePolicyAttachment("node_AmazonEKSWorkerNodeMinimalPolicy",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy",
role=node.name)
node_amazon_ec2_container_registry_pull_only = aws.iam.RolePolicyAttachment("node_AmazonEC2ContainerRegistryPullOnly",
policy_arn="arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly",
role=node.name)
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": []string{
"sts:AssumeRole",
},
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "ec2.amazonaws.com",
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
node, err := iam.NewRole(ctx, "node", &iam.RoleArgs{
Name: pulumi.String("eks-auto-node-example"),
AssumeRolePolicy: pulumi.String(json0),
})
if err != nil {
return err
}
tmpJSON1, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": []string{
"sts:AssumeRole",
"sts:TagSession",
},
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "eks.amazonaws.com",
},
},
},
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
cluster, err := iam.NewRole(ctx, "cluster", &iam.RoleArgs{
Name: pulumi.String("eks-cluster-example"),
AssumeRolePolicy: pulumi.String(json1),
})
if err != nil {
return err
}
clusterAmazonEKSClusterPolicy, err := iam.NewRolePolicyAttachment(ctx, "cluster_AmazonEKSClusterPolicy", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"),
Role: cluster.Name,
})
if err != nil {
return err
}
clusterAmazonEKSComputePolicy, err := iam.NewRolePolicyAttachment(ctx, "cluster_AmazonEKSComputePolicy", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSComputePolicy"),
Role: cluster.Name,
})
if err != nil {
return err
}
clusterAmazonEKSBlockStoragePolicy, err := iam.NewRolePolicyAttachment(ctx, "cluster_AmazonEKSBlockStoragePolicy", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy"),
Role: cluster.Name,
})
if err != nil {
return err
}
clusterAmazonEKSLoadBalancingPolicy, err := iam.NewRolePolicyAttachment(ctx, "cluster_AmazonEKSLoadBalancingPolicy", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy"),
Role: cluster.Name,
})
if err != nil {
return err
}
clusterAmazonEKSNetworkingPolicy, err := iam.NewRolePolicyAttachment(ctx, "cluster_AmazonEKSNetworkingPolicy", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy"),
Role: cluster.Name,
})
if err != nil {
return err
}
_, err = eks.NewCluster(ctx, "example", &eks.ClusterArgs{
Name: pulumi.String("example"),
AccessConfig: &eks.ClusterAccessConfigArgs{
AuthenticationMode: pulumi.String("API"),
},
RoleArn: cluster.Arn,
Version: pulumi.String("1.31"),
BootstrapSelfManagedAddons: pulumi.Bool(false),
ComputeConfig: &eks.ClusterComputeConfigArgs{
Enabled: pulumi.Bool(true),
NodePools: pulumi.StringArray{
pulumi.String("general-purpose"),
},
NodeRoleArn: node.Arn,
},
KubernetesNetworkConfig: &eks.ClusterKubernetesNetworkConfigArgs{
ElasticLoadBalancing: &eks.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs{
Enabled: pulumi.Bool(true),
},
},
StorageConfig: &eks.ClusterStorageConfigArgs{
BlockStorage: &eks.ClusterStorageConfigBlockStorageArgs{
Enabled: pulumi.Bool(true),
},
},
VpcConfig: &eks.ClusterVpcConfigArgs{
EndpointPrivateAccess: pulumi.Bool(true),
EndpointPublicAccess: pulumi.Bool(true),
SubnetIds: pulumi.StringArray{
az1.Id,
az2.Id,
az3.Id,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
clusterAmazonEKSClusterPolicy,
clusterAmazonEKSComputePolicy,
clusterAmazonEKSBlockStoragePolicy,
clusterAmazonEKSLoadBalancingPolicy,
clusterAmazonEKSNetworkingPolicy,
}))
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "node_AmazonEKSWorkerNodeMinimalPolicy", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy"),
Role: node.Name,
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "node_AmazonEC2ContainerRegistryPullOnly", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly"),
Role: node.Name,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var node = new Aws.Iam.Role("node", new()
{
Name = "eks-auto-node-example",
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = new[]
{
"sts:AssumeRole",
},
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "ec2.amazonaws.com",
},
},
},
}),
});
var cluster = new Aws.Iam.Role("cluster", new()
{
Name = "eks-cluster-example",
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = new[]
{
"sts:AssumeRole",
"sts:TagSession",
},
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "eks.amazonaws.com",
},
},
},
}),
});
var clusterAmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment("cluster_AmazonEKSClusterPolicy", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
Role = cluster.Name,
});
var clusterAmazonEKSComputePolicy = new Aws.Iam.RolePolicyAttachment("cluster_AmazonEKSComputePolicy", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSComputePolicy",
Role = cluster.Name,
});
var clusterAmazonEKSBlockStoragePolicy = new Aws.Iam.RolePolicyAttachment("cluster_AmazonEKSBlockStoragePolicy", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy",
Role = cluster.Name,
});
var clusterAmazonEKSLoadBalancingPolicy = new Aws.Iam.RolePolicyAttachment("cluster_AmazonEKSLoadBalancingPolicy", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy",
Role = cluster.Name,
});
var clusterAmazonEKSNetworkingPolicy = new Aws.Iam.RolePolicyAttachment("cluster_AmazonEKSNetworkingPolicy", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy",
Role = cluster.Name,
});
var example = new Aws.Eks.Cluster("example", new()
{
Name = "example",
AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs
{
AuthenticationMode = "API",
},
RoleArn = cluster.Arn,
Version = "1.31",
BootstrapSelfManagedAddons = false,
ComputeConfig = new Aws.Eks.Inputs.ClusterComputeConfigArgs
{
Enabled = true,
NodePools = new[]
{
"general-purpose",
},
NodeRoleArn = node.Arn,
},
KubernetesNetworkConfig = new Aws.Eks.Inputs.ClusterKubernetesNetworkConfigArgs
{
ElasticLoadBalancing = new Aws.Eks.Inputs.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs
{
Enabled = true,
},
},
StorageConfig = new Aws.Eks.Inputs.ClusterStorageConfigArgs
{
BlockStorage = new Aws.Eks.Inputs.ClusterStorageConfigBlockStorageArgs
{
Enabled = true,
},
},
VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs
{
EndpointPrivateAccess = true,
EndpointPublicAccess = true,
SubnetIds = new[]
{
az1.Id,
az2.Id,
az3.Id,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
clusterAmazonEKSClusterPolicy,
clusterAmazonEKSComputePolicy,
clusterAmazonEKSBlockStoragePolicy,
clusterAmazonEKSLoadBalancingPolicy,
clusterAmazonEKSNetworkingPolicy,
},
});
var nodeAmazonEKSWorkerNodeMinimalPolicy = new Aws.Iam.RolePolicyAttachment("node_AmazonEKSWorkerNodeMinimalPolicy", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy",
Role = node.Name,
});
var nodeAmazonEC2ContainerRegistryPullOnly = new Aws.Iam.RolePolicyAttachment("node_AmazonEC2ContainerRegistryPullOnly", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly",
Role = node.Name,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.eks.Cluster;
import com.pulumi.aws.eks.ClusterArgs;
import com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;
import com.pulumi.aws.eks.inputs.ClusterComputeConfigArgs;
import com.pulumi.aws.eks.inputs.ClusterKubernetesNetworkConfigArgs;
import com.pulumi.aws.eks.inputs.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs;
import com.pulumi.aws.eks.inputs.ClusterStorageConfigArgs;
import com.pulumi.aws.eks.inputs.ClusterStorageConfigBlockStorageArgs;
import com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var node = new Role("node", RoleArgs.builder()
.name("eks-auto-node-example")
.assumeRolePolicy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", jsonArray("sts:AssumeRole")),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "ec2.amazonaws.com")
))
)))
)))
.build());
var cluster = new Role("cluster", RoleArgs.builder()
.name("eks-cluster-example")
.assumeRolePolicy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", jsonArray(
"sts:AssumeRole",
"sts:TagSession"
)),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "eks.amazonaws.com")
))
)))
)))
.build());
var clusterAmazonEKSClusterPolicy = new RolePolicyAttachment("clusterAmazonEKSClusterPolicy", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy")
.role(cluster.name())
.build());
var clusterAmazonEKSComputePolicy = new RolePolicyAttachment("clusterAmazonEKSComputePolicy", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKSComputePolicy")
.role(cluster.name())
.build());
var clusterAmazonEKSBlockStoragePolicy = new RolePolicyAttachment("clusterAmazonEKSBlockStoragePolicy", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy")
.role(cluster.name())
.build());
var clusterAmazonEKSLoadBalancingPolicy = new RolePolicyAttachment("clusterAmazonEKSLoadBalancingPolicy", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy")
.role(cluster.name())
.build());
var clusterAmazonEKSNetworkingPolicy = new RolePolicyAttachment("clusterAmazonEKSNetworkingPolicy", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy")
.role(cluster.name())
.build());
var example = new Cluster("example", ClusterArgs.builder()
.name("example")
.accessConfig(ClusterAccessConfigArgs.builder()
.authenticationMode("API")
.build())
.roleArn(cluster.arn())
.version("1.31")
.bootstrapSelfManagedAddons(false)
.computeConfig(ClusterComputeConfigArgs.builder()
.enabled(true)
.nodePools("general-purpose")
.nodeRoleArn(node.arn())
.build())
.kubernetesNetworkConfig(ClusterKubernetesNetworkConfigArgs.builder()
.elasticLoadBalancing(ClusterKubernetesNetworkConfigElasticLoadBalancingArgs.builder()
.enabled(true)
.build())
.build())
.storageConfig(ClusterStorageConfigArgs.builder()
.blockStorage(ClusterStorageConfigBlockStorageArgs.builder()
.enabled(true)
.build())
.build())
.vpcConfig(ClusterVpcConfigArgs.builder()
.endpointPrivateAccess(true)
.endpointPublicAccess(true)
.subnetIds(
az1.id(),
az2.id(),
az3.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(
clusterAmazonEKSClusterPolicy,
clusterAmazonEKSComputePolicy,
clusterAmazonEKSBlockStoragePolicy,
clusterAmazonEKSLoadBalancingPolicy,
clusterAmazonEKSNetworkingPolicy)
.build());
var nodeAmazonEKSWorkerNodeMinimalPolicy = new RolePolicyAttachment("nodeAmazonEKSWorkerNodeMinimalPolicy", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy")
.role(node.name())
.build());
var nodeAmazonEC2ContainerRegistryPullOnly = new RolePolicyAttachment("nodeAmazonEC2ContainerRegistryPullOnly", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly")
.role(node.name())
.build());
}
}
resources:
example:
type: aws:eks:Cluster
properties:
name: example
accessConfig:
authenticationMode: API
roleArn: ${cluster.arn}
version: '1.31'
bootstrapSelfManagedAddons: false
computeConfig:
enabled: true
nodePools:
- general-purpose
nodeRoleArn: ${node.arn}
kubernetesNetworkConfig:
elasticLoadBalancing:
enabled: true
storageConfig:
blockStorage:
enabled: true
vpcConfig:
endpointPrivateAccess: true
endpointPublicAccess: true
subnetIds:
- ${az1.id}
- ${az2.id}
- ${az3.id}
options:
dependsOn:
- ${clusterAmazonEKSClusterPolicy}
- ${clusterAmazonEKSComputePolicy}
- ${clusterAmazonEKSBlockStoragePolicy}
- ${clusterAmazonEKSLoadBalancingPolicy}
- ${clusterAmazonEKSNetworkingPolicy}
node:
type: aws:iam:Role
properties:
name: eks-auto-node-example
assumeRolePolicy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action:
- sts:AssumeRole
Effect: Allow
Principal:
Service: ec2.amazonaws.com
nodeAmazonEKSWorkerNodeMinimalPolicy:
type: aws:iam:RolePolicyAttachment
name: node_AmazonEKSWorkerNodeMinimalPolicy
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKSWorkerNodeMinimalPolicy
role: ${node.name}
nodeAmazonEC2ContainerRegistryPullOnly:
type: aws:iam:RolePolicyAttachment
name: node_AmazonEC2ContainerRegistryPullOnly
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryPullOnly
role: ${node.name}
cluster:
type: aws:iam:Role
properties:
name: eks-cluster-example
assumeRolePolicy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action:
- sts:AssumeRole
- sts:TagSession
Effect: Allow
Principal:
Service: eks.amazonaws.com
clusterAmazonEKSClusterPolicy:
type: aws:iam:RolePolicyAttachment
name: cluster_AmazonEKSClusterPolicy
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
role: ${cluster.name}
clusterAmazonEKSComputePolicy:
type: aws:iam:RolePolicyAttachment
name: cluster_AmazonEKSComputePolicy
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKSComputePolicy
role: ${cluster.name}
clusterAmazonEKSBlockStoragePolicy:
type: aws:iam:RolePolicyAttachment
name: cluster_AmazonEKSBlockStoragePolicy
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKSBlockStoragePolicy
role: ${cluster.name}
clusterAmazonEKSLoadBalancingPolicy:
type: aws:iam:RolePolicyAttachment
name: cluster_AmazonEKSLoadBalancingPolicy
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKSLoadBalancingPolicy
role: ${cluster.name}
clusterAmazonEKSNetworkingPolicy:
type: aws:iam:RolePolicyAttachment
name: cluster_AmazonEKSNetworkingPolicy
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKSNetworkingPolicy
role: ${cluster.name}
EKS Cluster with EKS Hybrid Nodes
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const cluster = new aws.iam.Role("cluster", {
name: "eks-cluster-example",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"sts:AssumeRole",
"sts:TagSession",
],
Effect: "Allow",
Principal: {
Service: "eks.amazonaws.com",
},
}],
}),
});
const clusterAmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment("cluster_AmazonEKSClusterPolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
role: cluster.name,
});
const example = new aws.eks.Cluster("example", {
name: "example",
accessConfig: {
authenticationMode: "API",
},
roleArn: cluster.arn,
version: "1.31",
remoteNetworkConfig: {
remoteNodeNetworks: {
cidrs: ["172.16.0.0/18"],
},
remotePodNetworks: {
cidrs: ["172.16.64.0/18"],
},
},
vpcConfig: {
endpointPrivateAccess: true,
endpointPublicAccess: true,
subnetIds: [
az1.id,
az2.id,
az3.id,
],
},
}, {
dependsOn: [clusterAmazonEKSClusterPolicy],
});
import pulumi
import json
import pulumi_aws as aws
cluster = aws.iam.Role("cluster",
name="eks-cluster-example",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": [
"sts:AssumeRole",
"sts:TagSession",
],
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com",
},
}],
}))
cluster_amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment("cluster_AmazonEKSClusterPolicy",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
role=cluster.name)
example = aws.eks.Cluster("example",
name="example",
access_config={
"authentication_mode": "API",
},
role_arn=cluster.arn,
version="1.31",
remote_network_config={
"remote_node_networks": {
"cidrs": ["172.16.0.0/18"],
},
"remote_pod_networks": {
"cidrs": ["172.16.64.0/18"],
},
},
vpc_config={
"endpoint_private_access": True,
"endpoint_public_access": True,
"subnet_ids": [
az1["id"],
az2["id"],
az3["id"],
],
},
opts = pulumi.ResourceOptions(depends_on=[cluster_amazon_eks_cluster_policy]))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": []string{
"sts:AssumeRole",
"sts:TagSession",
},
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": "eks.amazonaws.com",
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
cluster, err := iam.NewRole(ctx, "cluster", &iam.RoleArgs{
Name: pulumi.String("eks-cluster-example"),
AssumeRolePolicy: pulumi.String(json0),
})
if err != nil {
return err
}
clusterAmazonEKSClusterPolicy, err := iam.NewRolePolicyAttachment(ctx, "cluster_AmazonEKSClusterPolicy", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"),
Role: cluster.Name,
})
if err != nil {
return err
}
_, err = eks.NewCluster(ctx, "example", &eks.ClusterArgs{
Name: pulumi.String("example"),
AccessConfig: &eks.ClusterAccessConfigArgs{
AuthenticationMode: pulumi.String("API"),
},
RoleArn: cluster.Arn,
Version: pulumi.String("1.31"),
RemoteNetworkConfig: &eks.ClusterRemoteNetworkConfigArgs{
RemoteNodeNetworks: &eks.ClusterRemoteNetworkConfigRemoteNodeNetworksArgs{
Cidrs: pulumi.StringArray{
pulumi.String("172.16.0.0/18"),
},
},
RemotePodNetworks: &eks.ClusterRemoteNetworkConfigRemotePodNetworksArgs{
Cidrs: pulumi.StringArray{
pulumi.String("172.16.64.0/18"),
},
},
},
VpcConfig: &eks.ClusterVpcConfigArgs{
EndpointPrivateAccess: pulumi.Bool(true),
EndpointPublicAccess: pulumi.Bool(true),
SubnetIds: pulumi.StringArray{
az1.Id,
az2.Id,
az3.Id,
},
},
}, pulumi.DependsOn([]pulumi.Resource{
clusterAmazonEKSClusterPolicy,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var cluster = new Aws.Iam.Role("cluster", new()
{
Name = "eks-cluster-example",
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = new[]
{
"sts:AssumeRole",
"sts:TagSession",
},
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = "eks.amazonaws.com",
},
},
},
}),
});
var clusterAmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment("cluster_AmazonEKSClusterPolicy", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
Role = cluster.Name,
});
var example = new Aws.Eks.Cluster("example", new()
{
Name = "example",
AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs
{
AuthenticationMode = "API",
},
RoleArn = cluster.Arn,
Version = "1.31",
RemoteNetworkConfig = new Aws.Eks.Inputs.ClusterRemoteNetworkConfigArgs
{
RemoteNodeNetworks = new Aws.Eks.Inputs.ClusterRemoteNetworkConfigRemoteNodeNetworksArgs
{
Cidrs = new[]
{
"172.16.0.0/18",
},
},
RemotePodNetworks = new Aws.Eks.Inputs.ClusterRemoteNetworkConfigRemotePodNetworksArgs
{
Cidrs = new[]
{
"172.16.64.0/18",
},
},
},
VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs
{
EndpointPrivateAccess = true,
EndpointPublicAccess = true,
SubnetIds = new[]
{
az1.Id,
az2.Id,
az3.Id,
},
},
}, new CustomResourceOptions
{
DependsOn =
{
clusterAmazonEKSClusterPolicy,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.eks.Cluster;
import com.pulumi.aws.eks.ClusterArgs;
import com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;
import com.pulumi.aws.eks.inputs.ClusterRemoteNetworkConfigArgs;
import com.pulumi.aws.eks.inputs.ClusterRemoteNetworkConfigRemoteNodeNetworksArgs;
import com.pulumi.aws.eks.inputs.ClusterRemoteNetworkConfigRemotePodNetworksArgs;
import com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var cluster = new Role("cluster", RoleArgs.builder()
.name("eks-cluster-example")
.assumeRolePolicy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", jsonArray(
"sts:AssumeRole",
"sts:TagSession"
)),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", "eks.amazonaws.com")
))
)))
)))
.build());
var clusterAmazonEKSClusterPolicy = new RolePolicyAttachment("clusterAmazonEKSClusterPolicy", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy")
.role(cluster.name())
.build());
var example = new Cluster("example", ClusterArgs.builder()
.name("example")
.accessConfig(ClusterAccessConfigArgs.builder()
.authenticationMode("API")
.build())
.roleArn(cluster.arn())
.version("1.31")
.remoteNetworkConfig(ClusterRemoteNetworkConfigArgs.builder()
.remoteNodeNetworks(ClusterRemoteNetworkConfigRemoteNodeNetworksArgs.builder()
.cidrs("172.16.0.0/18")
.build())
.remotePodNetworks(ClusterRemoteNetworkConfigRemotePodNetworksArgs.builder()
.cidrs("172.16.64.0/18")
.build())
.build())
.vpcConfig(ClusterVpcConfigArgs.builder()
.endpointPrivateAccess(true)
.endpointPublicAccess(true)
.subnetIds(
az1.id(),
az2.id(),
az3.id())
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(clusterAmazonEKSClusterPolicy)
.build());
}
}
resources:
example:
type: aws:eks:Cluster
properties:
name: example
accessConfig:
authenticationMode: API
roleArn: ${cluster.arn}
version: '1.31'
remoteNetworkConfig:
remoteNodeNetworks:
cidrs:
- 172.16.0.0/18
remotePodNetworks:
cidrs:
- 172.16.64.0/18
vpcConfig:
endpointPrivateAccess: true
endpointPublicAccess: true
subnetIds:
- ${az1.id}
- ${az2.id}
- ${az3.id}
options:
dependsOn:
- ${clusterAmazonEKSClusterPolicy}
cluster:
type: aws:iam:Role
properties:
name: eks-cluster-example
assumeRolePolicy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action:
- sts:AssumeRole
- sts:TagSession
Effect: Allow
Principal:
Service: eks.amazonaws.com
clusterAmazonEKSClusterPolicy:
type: aws:iam:RolePolicyAttachment
name: cluster_AmazonEKSClusterPolicy
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKSClusterPolicy
role: ${cluster.name}
Local EKS Cluster on AWS Outpost
Creating a local Amazon EKS cluster on an AWS Outpost
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = aws.outposts.getOutpost({
name: "example",
});
const cluster = new aws.iam.Role("cluster", {
name: "eks-cluster-example",
assumeRolePolicy: JSON.stringify({
Version: "2012-10-17",
Statement: [{
Action: [
"sts:AssumeRole",
"sts:TagSession",
],
Effect: "Allow",
Principal: {
Service: [
"eks.amazonaws.com",
"ec2.amazonaws.com",
],
},
}],
}),
});
const clusterAmazonEKSLocalOutpostClusterPolicy = new aws.iam.RolePolicyAttachment("cluster_AmazonEKSLocalOutpostClusterPolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy",
role: cluster.name,
});
const exampleCluster = new aws.eks.Cluster("example", {
name: "example",
accessConfig: {
authenticationMode: "CONFIG_MAP",
},
roleArn: exampleAwsIamRole.arn,
version: "1.31",
vpcConfig: {
endpointPrivateAccess: true,
endpointPublicAccess: false,
subnetIds: [
az1.id,
az2.id,
az3.id,
],
},
outpostConfig: {
controlPlaneInstanceType: "m5.large",
outpostArns: [example.then(example => example.arn)],
},
}, {
dependsOn: [clusterAmazonEKSLocalOutpostClusterPolicy],
});
import pulumi
import json
import pulumi_aws as aws
example = aws.outposts.get_outpost(name="example")
cluster = aws.iam.Role("cluster",
name="eks-cluster-example",
assume_role_policy=json.dumps({
"Version": "2012-10-17",
"Statement": [{
"Action": [
"sts:AssumeRole",
"sts:TagSession",
],
"Effect": "Allow",
"Principal": {
"Service": [
"eks.amazonaws.com",
"ec2.amazonaws.com",
],
},
}],
}))
cluster_amazon_eks_local_outpost_cluster_policy = aws.iam.RolePolicyAttachment("cluster_AmazonEKSLocalOutpostClusterPolicy",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy",
role=cluster.name)
example_cluster = aws.eks.Cluster("example",
name="example",
access_config={
"authentication_mode": "CONFIG_MAP",
},
role_arn=example_aws_iam_role["arn"],
version="1.31",
vpc_config={
"endpoint_private_access": True,
"endpoint_public_access": False,
"subnet_ids": [
az1["id"],
az2["id"],
az3["id"],
],
},
outpost_config={
"control_plane_instance_type": "m5.large",
"outpost_arns": [example.arn],
},
opts = pulumi.ResourceOptions(depends_on=[cluster_amazon_eks_local_outpost_cluster_policy]))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/eks"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/outposts"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := outposts.GetOutpost(ctx, &outposts.GetOutpostArgs{
Name: pulumi.StringRef("example"),
}, nil)
if err != nil {
return err
}
tmpJSON0, err := json.Marshal(map[string]interface{}{
"Version": "2012-10-17",
"Statement": []map[string]interface{}{
map[string]interface{}{
"Action": []string{
"sts:AssumeRole",
"sts:TagSession",
},
"Effect": "Allow",
"Principal": map[string]interface{}{
"Service": []string{
"eks.amazonaws.com",
"ec2.amazonaws.com",
},
},
},
},
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
cluster, err := iam.NewRole(ctx, "cluster", &iam.RoleArgs{
Name: pulumi.String("eks-cluster-example"),
AssumeRolePolicy: pulumi.String(json0),
})
if err != nil {
return err
}
clusterAmazonEKSLocalOutpostClusterPolicy, err := iam.NewRolePolicyAttachment(ctx, "cluster_AmazonEKSLocalOutpostClusterPolicy", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy"),
Role: cluster.Name,
})
if err != nil {
return err
}
_, err = eks.NewCluster(ctx, "example", &eks.ClusterArgs{
Name: pulumi.String("example"),
AccessConfig: &eks.ClusterAccessConfigArgs{
AuthenticationMode: pulumi.String("CONFIG_MAP"),
},
RoleArn: pulumi.Any(exampleAwsIamRole.Arn),
Version: pulumi.String("1.31"),
VpcConfig: &eks.ClusterVpcConfigArgs{
EndpointPrivateAccess: pulumi.Bool(true),
EndpointPublicAccess: pulumi.Bool(false),
SubnetIds: pulumi.StringArray{
az1.Id,
az2.Id,
az3.Id,
},
},
OutpostConfig: &eks.ClusterOutpostConfigArgs{
ControlPlaneInstanceType: pulumi.String("m5.large"),
OutpostArns: pulumi.StringArray{
pulumi.String(example.Arn),
},
},
}, pulumi.DependsOn([]pulumi.Resource{
clusterAmazonEKSLocalOutpostClusterPolicy,
}))
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var example = Aws.Outposts.GetOutpost.Invoke(new()
{
Name = "example",
});
var cluster = new Aws.Iam.Role("cluster", new()
{
Name = "eks-cluster-example",
AssumeRolePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["Version"] = "2012-10-17",
["Statement"] = new[]
{
new Dictionary<string, object?>
{
["Action"] = new[]
{
"sts:AssumeRole",
"sts:TagSession",
},
["Effect"] = "Allow",
["Principal"] = new Dictionary<string, object?>
{
["Service"] = new[]
{
"eks.amazonaws.com",
"ec2.amazonaws.com",
},
},
},
},
}),
});
var clusterAmazonEKSLocalOutpostClusterPolicy = new Aws.Iam.RolePolicyAttachment("cluster_AmazonEKSLocalOutpostClusterPolicy", new()
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy",
Role = cluster.Name,
});
var exampleCluster = new Aws.Eks.Cluster("example", new()
{
Name = "example",
AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs
{
AuthenticationMode = "CONFIG_MAP",
},
RoleArn = exampleAwsIamRole.Arn,
Version = "1.31",
VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs
{
EndpointPrivateAccess = true,
EndpointPublicAccess = false,
SubnetIds = new[]
{
az1.Id,
az2.Id,
az3.Id,
},
},
OutpostConfig = new Aws.Eks.Inputs.ClusterOutpostConfigArgs
{
ControlPlaneInstanceType = "m5.large",
OutpostArns = new[]
{
example.Apply(getOutpostResult => getOutpostResult.Arn),
},
},
}, new CustomResourceOptions
{
DependsOn =
{
clusterAmazonEKSLocalOutpostClusterPolicy,
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.outposts.OutpostsFunctions;
import com.pulumi.aws.outposts.inputs.GetOutpostArgs;
import com.pulumi.aws.iam.Role;
import com.pulumi.aws.iam.RoleArgs;
import com.pulumi.aws.iam.RolePolicyAttachment;
import com.pulumi.aws.iam.RolePolicyAttachmentArgs;
import com.pulumi.aws.eks.Cluster;
import com.pulumi.aws.eks.ClusterArgs;
import com.pulumi.aws.eks.inputs.ClusterAccessConfigArgs;
import com.pulumi.aws.eks.inputs.ClusterVpcConfigArgs;
import com.pulumi.aws.eks.inputs.ClusterOutpostConfigArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import com.pulumi.resources.CustomResourceOptions;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var example = OutpostsFunctions.getOutpost(GetOutpostArgs.builder()
.name("example")
.build());
var cluster = new Role("cluster", RoleArgs.builder()
.name("eks-cluster-example")
.assumeRolePolicy(serializeJson(
jsonObject(
jsonProperty("Version", "2012-10-17"),
jsonProperty("Statement", jsonArray(jsonObject(
jsonProperty("Action", jsonArray(
"sts:AssumeRole",
"sts:TagSession"
)),
jsonProperty("Effect", "Allow"),
jsonProperty("Principal", jsonObject(
jsonProperty("Service", jsonArray(
"eks.amazonaws.com",
"ec2.amazonaws.com"
))
))
)))
)))
.build());
var clusterAmazonEKSLocalOutpostClusterPolicy = new RolePolicyAttachment("clusterAmazonEKSLocalOutpostClusterPolicy", RolePolicyAttachmentArgs.builder()
.policyArn("arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy")
.role(cluster.name())
.build());
var exampleCluster = new Cluster("exampleCluster", ClusterArgs.builder()
.name("example")
.accessConfig(ClusterAccessConfigArgs.builder()
.authenticationMode("CONFIG_MAP")
.build())
.roleArn(exampleAwsIamRole.arn())
.version("1.31")
.vpcConfig(ClusterVpcConfigArgs.builder()
.endpointPrivateAccess(true)
.endpointPublicAccess(false)
.subnetIds(
az1.id(),
az2.id(),
az3.id())
.build())
.outpostConfig(ClusterOutpostConfigArgs.builder()
.controlPlaneInstanceType("m5.large")
.outpostArns(example.applyValue(getOutpostResult -> getOutpostResult.arn()))
.build())
.build(), CustomResourceOptions.builder()
.dependsOn(clusterAmazonEKSLocalOutpostClusterPolicy)
.build());
}
}
resources:
exampleCluster:
type: aws:eks:Cluster
name: example
properties:
name: example
accessConfig:
authenticationMode: CONFIG_MAP
roleArn: ${exampleAwsIamRole.arn}
version: '1.31'
vpcConfig:
endpointPrivateAccess: true
endpointPublicAccess: false
subnetIds:
- ${az1.id}
- ${az2.id}
- ${az3.id}
outpostConfig:
controlPlaneInstanceType: m5.large
outpostArns:
- ${example.arn}
options:
dependsOn:
- ${clusterAmazonEKSLocalOutpostClusterPolicy}
cluster:
type: aws:iam:Role
properties:
name: eks-cluster-example
assumeRolePolicy:
fn::toJSON:
Version: 2012-10-17
Statement:
- Action:
- sts:AssumeRole
- sts:TagSession
Effect: Allow
Principal:
Service:
- eks.amazonaws.com
- ec2.amazonaws.com
clusterAmazonEKSLocalOutpostClusterPolicy:
type: aws:iam:RolePolicyAttachment
name: cluster_AmazonEKSLocalOutpostClusterPolicy
properties:
policyArn: arn:aws:iam::aws:policy/AmazonEKSLocalOutpostClusterPolicy
role: ${cluster.name}
variables:
example:
fn::invoke:
function: aws:outposts:getOutpost
arguments:
name: example
Create Cluster Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Cluster(name: string, args: ClusterArgs, opts?: CustomResourceOptions);@overload
def Cluster(resource_name: str,
args: ClusterArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Cluster(resource_name: str,
opts: Optional[ResourceOptions] = None,
role_arn: Optional[str] = None,
vpc_config: Optional[ClusterVpcConfigArgs] = None,
outpost_config: Optional[ClusterOutpostConfigArgs] = None,
remote_network_config: Optional[ClusterRemoteNetworkConfigArgs] = None,
enabled_cluster_log_types: Optional[Sequence[str]] = None,
encryption_config: Optional[ClusterEncryptionConfigArgs] = None,
kubernetes_network_config: Optional[ClusterKubernetesNetworkConfigArgs] = None,
name: Optional[str] = None,
access_config: Optional[ClusterAccessConfigArgs] = None,
default_addons_to_removes: Optional[Sequence[str]] = None,
compute_config: Optional[ClusterComputeConfigArgs] = None,
storage_config: Optional[ClusterStorageConfigArgs] = None,
tags: Optional[Mapping[str, str]] = None,
upgrade_policy: Optional[ClusterUpgradePolicyArgs] = None,
version: Optional[str] = None,
bootstrap_self_managed_addons: Optional[bool] = None,
zonal_shift_config: Optional[ClusterZonalShiftConfigArgs] = None)func NewCluster(ctx *Context, name string, args ClusterArgs, opts ...ResourceOption) (*Cluster, error)public Cluster(string name, ClusterArgs args, CustomResourceOptions? opts = null)
public Cluster(String name, ClusterArgs args)
public Cluster(String name, ClusterArgs args, CustomResourceOptions options)
type: aws:eks:Cluster
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var exampleclusterResourceResourceFromEkscluster = new Aws.Eks.Cluster("exampleclusterResourceResourceFromEkscluster", new()
{
RoleArn = "string",
VpcConfig = new Aws.Eks.Inputs.ClusterVpcConfigArgs
{
SubnetIds = new[]
{
"string",
},
ClusterSecurityGroupId = "string",
EndpointPrivateAccess = false,
EndpointPublicAccess = false,
PublicAccessCidrs = new[]
{
"string",
},
SecurityGroupIds = new[]
{
"string",
},
VpcId = "string",
},
OutpostConfig = new Aws.Eks.Inputs.ClusterOutpostConfigArgs
{
ControlPlaneInstanceType = "string",
OutpostArns = new[]
{
"string",
},
ControlPlanePlacement = new Aws.Eks.Inputs.ClusterOutpostConfigControlPlanePlacementArgs
{
GroupName = "string",
},
},
RemoteNetworkConfig = new Aws.Eks.Inputs.ClusterRemoteNetworkConfigArgs
{
RemoteNodeNetworks = new Aws.Eks.Inputs.ClusterRemoteNetworkConfigRemoteNodeNetworksArgs
{
Cidrs = new[]
{
"string",
},
},
RemotePodNetworks = new Aws.Eks.Inputs.ClusterRemoteNetworkConfigRemotePodNetworksArgs
{
Cidrs = new[]
{
"string",
},
},
},
EnabledClusterLogTypes = new[]
{
"string",
},
EncryptionConfig = new Aws.Eks.Inputs.ClusterEncryptionConfigArgs
{
Provider = new Aws.Eks.Inputs.ClusterEncryptionConfigProviderArgs
{
KeyArn = "string",
},
Resources = new[]
{
"string",
},
},
KubernetesNetworkConfig = new Aws.Eks.Inputs.ClusterKubernetesNetworkConfigArgs
{
ElasticLoadBalancing = new Aws.Eks.Inputs.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs
{
Enabled = false,
},
IpFamily = "string",
ServiceIpv4Cidr = "string",
ServiceIpv6Cidr = "string",
},
Name = "string",
AccessConfig = new Aws.Eks.Inputs.ClusterAccessConfigArgs
{
AuthenticationMode = "string",
BootstrapClusterCreatorAdminPermissions = false,
},
DefaultAddonsToRemoves = new[]
{
"string",
},
ComputeConfig = new Aws.Eks.Inputs.ClusterComputeConfigArgs
{
Enabled = false,
NodePools = new[]
{
"string",
},
NodeRoleArn = "string",
},
StorageConfig = new Aws.Eks.Inputs.ClusterStorageConfigArgs
{
BlockStorage = new Aws.Eks.Inputs.ClusterStorageConfigBlockStorageArgs
{
Enabled = false,
},
},
Tags =
{
{ "string", "string" },
},
UpgradePolicy = new Aws.Eks.Inputs.ClusterUpgradePolicyArgs
{
SupportType = "string",
},
Version = "string",
BootstrapSelfManagedAddons = false,
ZonalShiftConfig = new Aws.Eks.Inputs.ClusterZonalShiftConfigArgs
{
Enabled = false,
},
});
example, err := eks.NewCluster(ctx, "exampleclusterResourceResourceFromEkscluster", &eks.ClusterArgs{
RoleArn: pulumi.String("string"),
VpcConfig: &eks.ClusterVpcConfigArgs{
SubnetIds: pulumi.StringArray{
pulumi.String("string"),
},
ClusterSecurityGroupId: pulumi.String("string"),
EndpointPrivateAccess: pulumi.Bool(false),
EndpointPublicAccess: pulumi.Bool(false),
PublicAccessCidrs: pulumi.StringArray{
pulumi.String("string"),
},
SecurityGroupIds: pulumi.StringArray{
pulumi.String("string"),
},
VpcId: pulumi.String("string"),
},
OutpostConfig: &eks.ClusterOutpostConfigArgs{
ControlPlaneInstanceType: pulumi.String("string"),
OutpostArns: pulumi.StringArray{
pulumi.String("string"),
},
ControlPlanePlacement: &eks.ClusterOutpostConfigControlPlanePlacementArgs{
GroupName: pulumi.String("string"),
},
},
RemoteNetworkConfig: &eks.ClusterRemoteNetworkConfigArgs{
RemoteNodeNetworks: &eks.ClusterRemoteNetworkConfigRemoteNodeNetworksArgs{
Cidrs: pulumi.StringArray{
pulumi.String("string"),
},
},
RemotePodNetworks: &eks.ClusterRemoteNetworkConfigRemotePodNetworksArgs{
Cidrs: pulumi.StringArray{
pulumi.String("string"),
},
},
},
EnabledClusterLogTypes: pulumi.StringArray{
pulumi.String("string"),
},
EncryptionConfig: &eks.ClusterEncryptionConfigArgs{
Provider: &eks.ClusterEncryptionConfigProviderArgs{
KeyArn: pulumi.String("string"),
},
Resources: pulumi.StringArray{
pulumi.String("string"),
},
},
KubernetesNetworkConfig: &eks.ClusterKubernetesNetworkConfigArgs{
ElasticLoadBalancing: &eks.ClusterKubernetesNetworkConfigElasticLoadBalancingArgs{
Enabled: pulumi.Bool(false),
},
IpFamily: pulumi.String("string"),
ServiceIpv4Cidr: pulumi.String("string"),
ServiceIpv6Cidr: pulumi.String("string"),
},
Name: pulumi.String("string"),
AccessConfig: &eks.ClusterAccessConfigArgs{
AuthenticationMode: pulumi.String("string"),
BootstrapClusterCreatorAdminPermissions: pulumi.Bool(false),
},
DefaultAddonsToRemoves: pulumi.StringArray{
pulumi.String("string"),
},
ComputeConfig: &eks.ClusterComputeConfigArgs{
Enabled: pulumi.Bool(false),
NodePools: pulumi.StringArray{
pulumi.String("string"),
},
NodeRoleArn: pulumi.String("string"),
},
StorageConfig: &eks.ClusterStorageConfigArgs{
BlockStorage: &eks.ClusterStorageConfigBlockStorageArgs{
Enabled: pulumi.Bool(false),
},
},
Tags: pulumi.StringMap{
"string": pulumi.String("string"),
},
UpgradePolicy: &eks.ClusterUpgradePolicyArgs{
SupportType: pulumi.String("string"),
},
Version: pulumi.String("string"),
BootstrapSelfManagedAddons: pulumi.Bool(false),
ZonalShiftConfig: &eks.ClusterZonalShiftConfigArgs{
Enabled: pulumi.Bool(false),
},
})
var exampleclusterResourceResourceFromEkscluster = new Cluster("exampleclusterResourceResourceFromEkscluster", ClusterArgs.builder()
.roleArn("string")
.vpcConfig(ClusterVpcConfigArgs.builder()
.subnetIds("string")
.clusterSecurityGroupId("string")
.endpointPrivateAccess(false)
.endpointPublicAccess(false)
.publicAccessCidrs("string")
.securityGroupIds("string")
.vpcId("string")
.build())
.outpostConfig(ClusterOutpostConfigArgs.builder()
.controlPlaneInstanceType("string")
.outpostArns("string")
.controlPlanePlacement(ClusterOutpostConfigControlPlanePlacementArgs.builder()
.groupName("string")
.build())
.build())
.remoteNetworkConfig(ClusterRemoteNetworkConfigArgs.builder()
.remoteNodeNetworks(ClusterRemoteNetworkConfigRemoteNodeNetworksArgs.builder()
.cidrs("string")
.build())
.remotePodNetworks(ClusterRemoteNetworkConfigRemotePodNetworksArgs.builder()
.cidrs("string")
.build())
.build())
.enabledClusterLogTypes("string")
.encryptionConfig(ClusterEncryptionConfigArgs.builder()
.provider(ClusterEncryptionConfigProviderArgs.builder()
.keyArn("string")
.build())
.resources("string")
.build())
.kubernetesNetworkConfig(ClusterKubernetesNetworkConfigArgs.builder()
.elasticLoadBalancing(ClusterKubernetesNetworkConfigElasticLoadBalancingArgs.builder()
.enabled(false)
.build())
.ipFamily("string")
.serviceIpv4Cidr("string")
.serviceIpv6Cidr("string")
.build())
.name("string")
.accessConfig(ClusterAccessConfigArgs.builder()
.authenticationMode("string")
.bootstrapClusterCreatorAdminPermissions(false)
.build())
.defaultAddonsToRemoves("string")
.computeConfig(ClusterComputeConfigArgs.builder()
.enabled(false)
.nodePools("string")
.nodeRoleArn("string")
.build())
.storageConfig(ClusterStorageConfigArgs.builder()
.blockStorage(ClusterStorageConfigBlockStorageArgs.builder()
.enabled(false)
.build())
.build())
.tags(Map.of("string", "string"))
.upgradePolicy(ClusterUpgradePolicyArgs.builder()
.supportType("string")
.build())
.version("string")
.bootstrapSelfManagedAddons(false)
.zonalShiftConfig(ClusterZonalShiftConfigArgs.builder()
.enabled(false)
.build())
.build());
examplecluster_resource_resource_from_ekscluster = aws.eks.Cluster("exampleclusterResourceResourceFromEkscluster",
role_arn="string",
vpc_config={
"subnet_ids": ["string"],
"cluster_security_group_id": "string",
"endpoint_private_access": False,
"endpoint_public_access": False,
"public_access_cidrs": ["string"],
"security_group_ids": ["string"],
"vpc_id": "string",
},
outpost_config={
"control_plane_instance_type": "string",
"outpost_arns": ["string"],
"control_plane_placement": {
"group_name": "string",
},
},
remote_network_config={
"remote_node_networks": {
"cidrs": ["string"],
},
"remote_pod_networks": {
"cidrs": ["string"],
},
},
enabled_cluster_log_types=["string"],
encryption_config={
"provider": {
"key_arn": "string",
},
"resources": ["string"],
},
kubernetes_network_config={
"elastic_load_balancing": {
"enabled": False,
},
"ip_family": "string",
"service_ipv4_cidr": "string",
"service_ipv6_cidr": "string",
},
name="string",
access_config={
"authentication_mode": "string",
"bootstrap_cluster_creator_admin_permissions": False,
},
default_addons_to_removes=["string"],
compute_config={
"enabled": False,
"node_pools": ["string"],
"node_role_arn": "string",
},
storage_config={
"block_storage": {
"enabled": False,
},
},
tags={
"string": "string",
},
upgrade_policy={
"support_type": "string",
},
version="string",
bootstrap_self_managed_addons=False,
zonal_shift_config={
"enabled": False,
})
const exampleclusterResourceResourceFromEkscluster = new aws.eks.Cluster("exampleclusterResourceResourceFromEkscluster", {
roleArn: "string",
vpcConfig: {
subnetIds: ["string"],
clusterSecurityGroupId: "string",
endpointPrivateAccess: false,
endpointPublicAccess: false,
publicAccessCidrs: ["string"],
securityGroupIds: ["string"],
vpcId: "string",
},
outpostConfig: {
controlPlaneInstanceType: "string",
outpostArns: ["string"],
controlPlanePlacement: {
groupName: "string",
},
},
remoteNetworkConfig: {
remoteNodeNetworks: {
cidrs: ["string"],
},
remotePodNetworks: {
cidrs: ["string"],
},
},
enabledClusterLogTypes: ["string"],
encryptionConfig: {
provider: {
keyArn: "string",
},
resources: ["string"],
},
kubernetesNetworkConfig: {
elasticLoadBalancing: {
enabled: false,
},
ipFamily: "string",
serviceIpv4Cidr: "string",
serviceIpv6Cidr: "string",
},
name: "string",
accessConfig: {
authenticationMode: "string",
bootstrapClusterCreatorAdminPermissions: false,
},
defaultAddonsToRemoves: ["string"],
computeConfig: {
enabled: false,
nodePools: ["string"],
nodeRoleArn: "string",
},
storageConfig: {
blockStorage: {
enabled: false,
},
},
tags: {
string: "string",
},
upgradePolicy: {
supportType: "string",
},
version: "string",
bootstrapSelfManagedAddons: false,
zonalShiftConfig: {
enabled: false,
},
});
type: aws:eks:Cluster
properties:
accessConfig:
authenticationMode: string
bootstrapClusterCreatorAdminPermissions: false
bootstrapSelfManagedAddons: false
computeConfig:
enabled: false
nodePools:
- string
nodeRoleArn: string
defaultAddonsToRemoves:
- string
enabledClusterLogTypes:
- string
encryptionConfig:
provider:
keyArn: string
resources:
- string
kubernetesNetworkConfig:
elasticLoadBalancing:
enabled: false
ipFamily: string
serviceIpv4Cidr: string
serviceIpv6Cidr: string
name: string
outpostConfig:
controlPlaneInstanceType: string
controlPlanePlacement:
groupName: string
outpostArns:
- string
remoteNetworkConfig:
remoteNodeNetworks:
cidrs:
- string
remotePodNetworks:
cidrs:
- string
roleArn: string
storageConfig:
blockStorage:
enabled: false
tags:
string: string
upgradePolicy:
supportType: string
version: string
vpcConfig:
clusterSecurityGroupId: string
endpointPrivateAccess: false
endpointPublicAccess: false
publicAccessCidrs:
- string
securityGroupIds:
- string
subnetIds:
- string
vpcId: string
zonalShiftConfig:
enabled: false
Cluster Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Cluster resource accepts the following input properties:
- Role
Arn string - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - Vpc
Config ClusterVpc Config Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- Access
Config ClusterAccess Config - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- Bootstrap
Self boolManaged Addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. - Compute
Config ClusterCompute Config - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- Default
Addons List<string>To Removes - Enabled
Cluster List<string>Log Types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- Encryption
Config ClusterEncryption Config - Configuration block with encryption configuration for the cluster. Detailed below.
- Kubernetes
Network ClusterConfig Kubernetes Network Config - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- Name string
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - Outpost
Config ClusterOutpost Config - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- Remote
Network ClusterConfig Remote Network Config - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- Storage
Config ClusterStorage Config - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Upgrade
Policy ClusterUpgrade Policy - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- Version string
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- Zonal
Shift ClusterConfig Zonal Shift Config - Configuration block with zonal shift configuration for the cluster. Detailed below.
- Role
Arn string - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - Vpc
Config ClusterVpc Config Args Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- Access
Config ClusterAccess Config Args - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- Bootstrap
Self boolManaged Addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. - Compute
Config ClusterCompute Config Args - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- Default
Addons []stringTo Removes - Enabled
Cluster []stringLog Types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- Encryption
Config ClusterEncryption Config Args - Configuration block with encryption configuration for the cluster. Detailed below.
- Kubernetes
Network ClusterConfig Kubernetes Network Config Args - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- Name string
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - Outpost
Config ClusterOutpost Config Args - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- Remote
Network ClusterConfig Remote Network Config Args - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- Storage
Config ClusterStorage Config Args - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- map[string]string
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Upgrade
Policy ClusterUpgrade Policy Args - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- Version string
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- Zonal
Shift ClusterConfig Zonal Shift Config Args - Configuration block with zonal shift configuration for the cluster. Detailed below.
- role
Arn String - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - vpc
Config ClusterVpc Config Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- access
Config ClusterAccess Config - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- bootstrap
Self BooleanManaged Addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. - compute
Config ClusterCompute Config - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- default
Addons List<String>To Removes - enabled
Cluster List<String>Log Types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- encryption
Config ClusterEncryption Config - Configuration block with encryption configuration for the cluster. Detailed below.
- kubernetes
Network ClusterConfig Kubernetes Network Config - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- name String
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - outpost
Config ClusterOutpost Config - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- remote
Network ClusterConfig Remote Network Config - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- storage
Config ClusterStorage Config - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - upgrade
Policy ClusterUpgrade Policy - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- version String
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- zonal
Shift ClusterConfig Zonal Shift Config - Configuration block with zonal shift configuration for the cluster. Detailed below.
- role
Arn string - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - vpc
Config ClusterVpc Config Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- access
Config ClusterAccess Config - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- bootstrap
Self booleanManaged Addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. - compute
Config ClusterCompute Config - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- default
Addons string[]To Removes - enabled
Cluster string[]Log Types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- encryption
Config ClusterEncryption Config - Configuration block with encryption configuration for the cluster. Detailed below.
- kubernetes
Network ClusterConfig Kubernetes Network Config - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- name string
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - outpost
Config ClusterOutpost Config - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- remote
Network ClusterConfig Remote Network Config - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- storage
Config ClusterStorage Config - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - upgrade
Policy ClusterUpgrade Policy - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- version string
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- zonal
Shift ClusterConfig Zonal Shift Config - Configuration block with zonal shift configuration for the cluster. Detailed below.
- role_
arn str - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - vpc_
config ClusterVpc Config Args Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- access_
config ClusterAccess Config Args - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- bootstrap_
self_ boolmanaged_ addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. - compute_
config ClusterCompute Config Args - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- default_
addons_ Sequence[str]to_ removes - enabled_
cluster_ Sequence[str]log_ types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- encryption_
config ClusterEncryption Config Args - Configuration block with encryption configuration for the cluster. Detailed below.
- kubernetes_
network_ Clusterconfig Kubernetes Network Config Args - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- name str
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - outpost_
config ClusterOutpost Config Args - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- remote_
network_ Clusterconfig Remote Network Config Args - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- storage_
config ClusterStorage Config Args - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - upgrade_
policy ClusterUpgrade Policy Args - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- version str
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- zonal_
shift_ Clusterconfig Zonal Shift Config Args - Configuration block with zonal shift configuration for the cluster. Detailed below.
- role
Arn String - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - vpc
Config Property Map Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- access
Config Property Map - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- bootstrap
Self BooleanManaged Addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. - compute
Config Property Map - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- default
Addons List<String>To Removes - enabled
Cluster List<String>Log Types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- encryption
Config Property Map - Configuration block with encryption configuration for the cluster. Detailed below.
- kubernetes
Network Property MapConfig - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- name String
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - outpost
Config Property Map - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- remote
Network Property MapConfig - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- storage
Config Property Map - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- Map<String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - upgrade
Policy Property Map - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- version String
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- zonal
Shift Property MapConfig - Configuration block with zonal shift configuration for the cluster. Detailed below.
Outputs
All input properties are implicitly available as output properties. Additionally, the Cluster resource produces the following output properties:
- Arn string
- ARN of the cluster.
-
List<Cluster
Certificate Authority> -
Cluster
Certificate Authority - Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - Cluster
Id string - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- Created
At string - Unix epoch timestamp in seconds for when the cluster was created.
- Endpoint string
- Endpoint for your Kubernetes API server.
- Id string
- The provider-assigned unique ID for this managed resource.
- Identities
List<Cluster
Identity> - Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- Platform
Version string - Platform version for the cluster.
- Status string
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- Arn string
- ARN of the cluster.
-
[]Cluster
Certificate Authority -
Cluster
Certificate Authority - Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - Cluster
Id string - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- Created
At string - Unix epoch timestamp in seconds for when the cluster was created.
- Endpoint string
- Endpoint for your Kubernetes API server.
- Id string
- The provider-assigned unique ID for this managed resource.
- Identities
[]Cluster
Identity - Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- Platform
Version string - Platform version for the cluster.
- Status string
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
- ARN of the cluster.
-
List<Cluster
Certificate Authority> -
Cluster
Certificate Authority - Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - cluster
Id String - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- created
At String - Unix epoch timestamp in seconds for when the cluster was created.
- endpoint String
- Endpoint for your Kubernetes API server.
- id String
- The provider-assigned unique ID for this managed resource.
- identities
List<Cluster
Identity> - Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- platform
Version String - Platform version for the cluster.
- status String
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn string
- ARN of the cluster.
-
Cluster
Certificate Authority[] -
Cluster
Certificate Authority - Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - cluster
Id string - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- created
At string - Unix epoch timestamp in seconds for when the cluster was created.
- endpoint string
- Endpoint for your Kubernetes API server.
- id string
- The provider-assigned unique ID for this managed resource.
- identities
Cluster
Identity[] - Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- platform
Version string - Platform version for the cluster.
- status string
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn str
- ARN of the cluster.
-
Sequence[Cluster
Certificate Authority] -
Cluster
Certificate Authority - Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - cluster_
id str - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- created_
at str - Unix epoch timestamp in seconds for when the cluster was created.
- endpoint str
- Endpoint for your Kubernetes API server.
- id str
- The provider-assigned unique ID for this managed resource.
- identities
Sequence[Cluster
Identity] - Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- platform_
version str - Platform version for the cluster.
- status str
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
- arn String
- ARN of the cluster.
- List<Property Map>
- Property Map
- Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - cluster
Id String - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- created
At String - Unix epoch timestamp in seconds for when the cluster was created.
- endpoint String
- Endpoint for your Kubernetes API server.
- id String
- The provider-assigned unique ID for this managed resource.
- identities List<Property Map>
- Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- platform
Version String - Platform version for the cluster.
- status String
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block.
Look up Existing Cluster Resource
Get an existing Cluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClusterState, opts?: CustomResourceOptions): Cluster@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
access_config: Optional[ClusterAccessConfigArgs] = None,
arn: Optional[str] = None,
bootstrap_self_managed_addons: Optional[bool] = None,
certificate_authorities: Optional[Sequence[ClusterCertificateAuthorityArgs]] = None,
certificate_authority: Optional[ClusterCertificateAuthorityArgs] = None,
cluster_id: Optional[str] = None,
compute_config: Optional[ClusterComputeConfigArgs] = None,
created_at: Optional[str] = None,
default_addons_to_removes: Optional[Sequence[str]] = None,
enabled_cluster_log_types: Optional[Sequence[str]] = None,
encryption_config: Optional[ClusterEncryptionConfigArgs] = None,
endpoint: Optional[str] = None,
identities: Optional[Sequence[ClusterIdentityArgs]] = None,
kubernetes_network_config: Optional[ClusterKubernetesNetworkConfigArgs] = None,
name: Optional[str] = None,
outpost_config: Optional[ClusterOutpostConfigArgs] = None,
platform_version: Optional[str] = None,
remote_network_config: Optional[ClusterRemoteNetworkConfigArgs] = None,
role_arn: Optional[str] = None,
status: Optional[str] = None,
storage_config: Optional[ClusterStorageConfigArgs] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
upgrade_policy: Optional[ClusterUpgradePolicyArgs] = None,
version: Optional[str] = None,
vpc_config: Optional[ClusterVpcConfigArgs] = None,
zonal_shift_config: Optional[ClusterZonalShiftConfigArgs] = None) -> Clusterfunc GetCluster(ctx *Context, name string, id IDInput, state *ClusterState, opts ...ResourceOption) (*Cluster, error)public static Cluster Get(string name, Input<string> id, ClusterState? state, CustomResourceOptions? opts = null)public static Cluster get(String name, Output<String> id, ClusterState state, CustomResourceOptions options)resources: _: type: aws:eks:Cluster get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Access
Config ClusterAccess Config - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- Arn string
- ARN of the cluster.
- Bootstrap
Self boolManaged Addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. -
List<Cluster
Certificate Authority> -
Cluster
Certificate Authority - Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - Cluster
Id string - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- Compute
Config ClusterCompute Config - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- Created
At string - Unix epoch timestamp in seconds for when the cluster was created.
- Default
Addons List<string>To Removes - Enabled
Cluster List<string>Log Types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- Encryption
Config ClusterEncryption Config - Configuration block with encryption configuration for the cluster. Detailed below.
- Endpoint string
- Endpoint for your Kubernetes API server.
- Identities
List<Cluster
Identity> - Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- Kubernetes
Network ClusterConfig Kubernetes Network Config - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- Name string
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - Outpost
Config ClusterOutpost Config - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- Platform
Version string - Platform version for the cluster.
- Remote
Network ClusterConfig Remote Network Config - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- Role
Arn string - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - Status string
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - Storage
Config ClusterStorage Config - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- Dictionary<string, string>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Dictionary<string, string>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Upgrade
Policy ClusterUpgrade Policy - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- Version string
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- Vpc
Config ClusterVpc Config Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- Zonal
Shift ClusterConfig Zonal Shift Config - Configuration block with zonal shift configuration for the cluster. Detailed below.
- Access
Config ClusterAccess Config Args - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- Arn string
- ARN of the cluster.
- Bootstrap
Self boolManaged Addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. -
[]Cluster
Certificate Authority Args -
Cluster
Certificate Authority Args - Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - Cluster
Id string - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- Compute
Config ClusterCompute Config Args - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- Created
At string - Unix epoch timestamp in seconds for when the cluster was created.
- Default
Addons []stringTo Removes - Enabled
Cluster []stringLog Types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- Encryption
Config ClusterEncryption Config Args - Configuration block with encryption configuration for the cluster. Detailed below.
- Endpoint string
- Endpoint for your Kubernetes API server.
- Identities
[]Cluster
Identity Args - Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- Kubernetes
Network ClusterConfig Kubernetes Network Config Args - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- Name string
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - Outpost
Config ClusterOutpost Config Args - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- Platform
Version string - Platform version for the cluster.
- Remote
Network ClusterConfig Remote Network Config Args - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- Role
Arn string - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - Status string
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - Storage
Config ClusterStorage Config Args - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- map[string]string
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - map[string]string
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - Upgrade
Policy ClusterUpgrade Policy Args - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- Version string
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- Vpc
Config ClusterVpc Config Args Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- Zonal
Shift ClusterConfig Zonal Shift Config Args - Configuration block with zonal shift configuration for the cluster. Detailed below.
- access
Config ClusterAccess Config - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- arn String
- ARN of the cluster.
- bootstrap
Self BooleanManaged Addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. -
List<Cluster
Certificate Authority> -
Cluster
Certificate Authority - Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - cluster
Id String - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- compute
Config ClusterCompute Config - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- created
At String - Unix epoch timestamp in seconds for when the cluster was created.
- default
Addons List<String>To Removes - enabled
Cluster List<String>Log Types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- encryption
Config ClusterEncryption Config - Configuration block with encryption configuration for the cluster. Detailed below.
- endpoint String
- Endpoint for your Kubernetes API server.
- identities
List<Cluster
Identity> - Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- kubernetes
Network ClusterConfig Kubernetes Network Config - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- name String
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - outpost
Config ClusterOutpost Config - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- platform
Version String - Platform version for the cluster.
- remote
Network ClusterConfig Remote Network Config - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- role
Arn String - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - status String
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - storage
Config ClusterStorage Config - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- Map<String,String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String,String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - upgrade
Policy ClusterUpgrade Policy - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- version String
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- vpc
Config ClusterVpc Config Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- zonal
Shift ClusterConfig Zonal Shift Config - Configuration block with zonal shift configuration for the cluster. Detailed below.
- access
Config ClusterAccess Config - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- arn string
- ARN of the cluster.
- bootstrap
Self booleanManaged Addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. -
Cluster
Certificate Authority[] -
Cluster
Certificate Authority - Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - cluster
Id string - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- compute
Config ClusterCompute Config - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- created
At string - Unix epoch timestamp in seconds for when the cluster was created.
- default
Addons string[]To Removes - enabled
Cluster string[]Log Types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- encryption
Config ClusterEncryption Config - Configuration block with encryption configuration for the cluster. Detailed below.
- endpoint string
- Endpoint for your Kubernetes API server.
- identities
Cluster
Identity[] - Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- kubernetes
Network ClusterConfig Kubernetes Network Config - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- name string
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - outpost
Config ClusterOutpost Config - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- platform
Version string - Platform version for the cluster.
- remote
Network ClusterConfig Remote Network Config - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- role
Arn string - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - status string
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - storage
Config ClusterStorage Config - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- {[key: string]: string}
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - {[key: string]: string}
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - upgrade
Policy ClusterUpgrade Policy - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- version string
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- vpc
Config ClusterVpc Config Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- zonal
Shift ClusterConfig Zonal Shift Config - Configuration block with zonal shift configuration for the cluster. Detailed below.
- access_
config ClusterAccess Config Args - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- arn str
- ARN of the cluster.
- bootstrap_
self_ boolmanaged_ addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. -
Sequence[Cluster
Certificate Authority Args] -
Cluster
Certificate Authority Args - Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - cluster_
id str - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- compute_
config ClusterCompute Config Args - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- created_
at str - Unix epoch timestamp in seconds for when the cluster was created.
- default_
addons_ Sequence[str]to_ removes - enabled_
cluster_ Sequence[str]log_ types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- encryption_
config ClusterEncryption Config Args - Configuration block with encryption configuration for the cluster. Detailed below.
- endpoint str
- Endpoint for your Kubernetes API server.
- identities
Sequence[Cluster
Identity Args] - Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- kubernetes_
network_ Clusterconfig Kubernetes Network Config Args - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- name str
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - outpost_
config ClusterOutpost Config Args - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- platform_
version str - Platform version for the cluster.
- remote_
network_ Clusterconfig Remote Network Config Args - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- role_
arn str - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - status str
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - storage_
config ClusterStorage Config Args - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- Mapping[str, str]
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Mapping[str, str]
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - upgrade_
policy ClusterUpgrade Policy Args - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- version str
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- vpc_
config ClusterVpc Config Args Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- zonal_
shift_ Clusterconfig Zonal Shift Config Args - Configuration block with zonal shift configuration for the cluster. Detailed below.
- access
Config Property Map - Configuration block for the access config associated with your cluster, see Amazon EKS Access Entries. Detailed below.
- arn String
- ARN of the cluster.
- bootstrap
Self BooleanManaged Addons - Install default unmanaged add-ons, such as
aws-cni,kube-proxy, and CoreDNS during cluster creation. Iffalse, you must manually install desired add-ons. Changing this value will force a new cluster to be created. Defaults totrue. - List<Property Map>
- Property Map
- Attribute block containing
certificate-authority-datafor your cluster. Detailed below. - cluster
Id String - The ID of your local Amazon EKS cluster on the AWS Outpost. This attribute isn't available for an AWS EKS cluster on AWS cloud.
- compute
Config Property Map - Configuration block with compute configuration for EKS Auto Mode. Detailed below.
- created
At String - Unix epoch timestamp in seconds for when the cluster was created.
- default
Addons List<String>To Removes - enabled
Cluster List<String>Log Types - List of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging.
- encryption
Config Property Map - Configuration block with encryption configuration for the cluster. Detailed below.
- endpoint String
- Endpoint for your Kubernetes API server.
- identities List<Property Map>
- Attribute block containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. Detailed below.
- kubernetes
Network Property MapConfig - Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
- name String
- Name of the cluster. Must be between 1-100 characters in length. Must begin with an alphanumeric character, and must only contain alphanumeric characters, dashes and underscores (
^[0-9A-Za-z][A-Za-z0-9\-_]*$). - outpost
Config Property Map - Configuration block representing the configuration of your local Amazon EKS cluster on an AWS Outpost. This block isn't available for creating Amazon EKS clusters on the AWS cloud.
- platform
Version String - Platform version for the cluster.
- remote
Network Property MapConfig - Configuration block with remote network configuration for EKS Hybrid Nodes. Detailed below.
- role
Arn String - ARN of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
depends_onif using theaws.iam.RolePolicyresource oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion. - status String
- Status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED. - storage
Config Property Map - Configuration block with storage configuration for EKS Auto Mode. Detailed below.
- Map<String>
- Key-value map of resource tags. If configured with a provider
default_tagsconfiguration block present, tags with matching keys will overwrite those defined at the provider-level. - Map<String>
- Map of tags assigned to the resource, including those inherited from the provider
default_tagsconfiguration block. - upgrade
Policy Property Map - Configuration block for the support policy to use for the cluster. See upgrade_policy for details.
- version String
- Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- vpc
Config Property Map Configuration block for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Detailed below. Also contains attributes detailed in the Attributes section.
The following arguments are optional:
- zonal
Shift Property MapConfig - Configuration block with zonal shift configuration for the cluster. Detailed below.
Supporting Types
ClusterAccessConfig, ClusterAccessConfigArgs
- Authentication
Mode string - The authentication mode for the cluster. Valid values are
CONFIG_MAP,APIorAPI_AND_CONFIG_MAP - Bootstrap
Cluster boolCreator Admin Permissions - Whether or not to bootstrap the access config values to the cluster. Default is
false.
- Authentication
Mode string - The authentication mode for the cluster. Valid values are
CONFIG_MAP,APIorAPI_AND_CONFIG_MAP - Bootstrap
Cluster boolCreator Admin Permissions - Whether or not to bootstrap the access config values to the cluster. Default is
false.
- authentication
Mode String - The authentication mode for the cluster. Valid values are
CONFIG_MAP,APIorAPI_AND_CONFIG_MAP - bootstrap
Cluster BooleanCreator Admin Permissions - Whether or not to bootstrap the access config values to the cluster. Default is
false.
- authentication
Mode string - The authentication mode for the cluster. Valid values are
CONFIG_MAP,APIorAPI_AND_CONFIG_MAP - bootstrap
Cluster booleanCreator Admin Permissions - Whether or not to bootstrap the access config values to the cluster. Default is
false.
- authentication_
mode str - The authentication mode for the cluster. Valid values are
CONFIG_MAP,APIorAPI_AND_CONFIG_MAP - bootstrap_
cluster_ boolcreator_ admin_ permissions - Whether or not to bootstrap the access config values to the cluster. Default is
false.
- authentication
Mode String - The authentication mode for the cluster. Valid values are
CONFIG_MAP,APIorAPI_AND_CONFIG_MAP - bootstrap
Cluster BooleanCreator Admin Permissions - Whether or not to bootstrap the access config values to the cluster. Default is
false.
ClusterCertificateAuthority, ClusterCertificateAuthorityArgs
- Data string
- Base64 encoded certificate data required to communicate with your cluster. Add this to the
certificate-authority-datasection of thekubeconfigfile for your cluster.
- Data string
- Base64 encoded certificate data required to communicate with your cluster. Add this to the
certificate-authority-datasection of thekubeconfigfile for your cluster.
- data String
- Base64 encoded certificate data required to communicate with your cluster. Add this to the
certificate-authority-datasection of thekubeconfigfile for your cluster.
- data string
- Base64 encoded certificate data required to communicate with your cluster. Add this to the
certificate-authority-datasection of thekubeconfigfile for your cluster.
- data str
- Base64 encoded certificate data required to communicate with your cluster. Add this to the
certificate-authority-datasection of thekubeconfigfile for your cluster.
- data String
- Base64 encoded certificate data required to communicate with your cluster. Add this to the
certificate-authority-datasection of thekubeconfigfile for your cluster.
ClusterComputeConfig, ClusterComputeConfigArgs
- Enabled bool
- Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
- Node
Pools List<string> - Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are
general-purposeandsystem. - Node
Role stringArn - The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled..
- Enabled bool
- Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
- Node
Pools []string - Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are
general-purposeandsystem. - Node
Role stringArn - The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled..
- enabled Boolean
- Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
- node
Pools List<String> - Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are
general-purposeandsystem. - node
Role StringArn - The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled..
- enabled boolean
- Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
- node
Pools string[] - Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are
general-purposeandsystem. - node
Role stringArn - The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled..
- enabled bool
- Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
- node_
pools Sequence[str] - Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are
general-purposeandsystem. - node_
role_ strarn - The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled..
- enabled Boolean
- Request to enable or disable the compute capability on your EKS Auto Mode cluster. If the compute capability is enabled, EKS Auto Mode will create and delete EC2 Managed Instances in your Amazon Web Services account.
- node
Pools List<String> - Configuration for node pools that defines the compute resources for your EKS Auto Mode cluster. Valid options are
general-purposeandsystem. - node
Role StringArn - The ARN of the IAM Role EKS will assign to EC2 Managed Instances in your EKS Auto Mode cluster. This value cannot be changed after the compute capability of EKS Auto Mode is enabled..
ClusterEncryptionConfig, ClusterEncryptionConfigArgs
- Provider
Cluster
Encryption Config Provider - Configuration block with provider for encryption. Detailed below.
- Resources List<string>
- List of strings with resources to be encrypted. Valid values:
secrets.
- Provider
Cluster
Encryption Config Provider - Configuration block with provider for encryption. Detailed below.
- Resources []string
- List of strings with resources to be encrypted. Valid values:
secrets.
- provider
Cluster
Encryption Config Provider - Configuration block with provider for encryption. Detailed below.
- resources List<String>
- List of strings with resources to be encrypted. Valid values:
secrets.
- provider
Cluster
Encryption Config Provider - Configuration block with provider for encryption. Detailed below.
- resources string[]
- List of strings with resources to be encrypted. Valid values:
secrets.
- provider
Cluster
Encryption Config Provider - Configuration block with provider for encryption. Detailed below.
- resources Sequence[str]
- List of strings with resources to be encrypted. Valid values:
secrets.
- provider Property Map
- Configuration block with provider for encryption. Detailed below.
- resources List<String>
- List of strings with resources to be encrypted. Valid values:
secrets.
ClusterEncryptionConfigProvider, ClusterEncryptionConfigProviderArgs
- Key
Arn string - ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
- Key
Arn string - ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
- key
Arn String - ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
- key
Arn string - ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
- key_
arn str - ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
- key
Arn String - ARN of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
ClusterIdentity, ClusterIdentityArgs
- Oidcs
List<Cluster
Identity Oidc> - Nested block containing OpenID Connect identity provider information for the cluster. Detailed below.
- Oidcs
[]Cluster
Identity Oidc - Nested block containing OpenID Connect identity provider information for the cluster. Detailed below.
- oidcs
List<Cluster
Identity Oidc> - Nested block containing OpenID Connect identity provider information for the cluster. Detailed below.
- oidcs
Cluster
Identity Oidc[] - Nested block containing OpenID Connect identity provider information for the cluster. Detailed below.
- oidcs
Sequence[Cluster
Identity Oidc] - Nested block containing OpenID Connect identity provider information for the cluster. Detailed below.
- oidcs List<Property Map>
- Nested block containing OpenID Connect identity provider information for the cluster. Detailed below.
ClusterIdentityOidc, ClusterIdentityOidcArgs
- Issuer string
- Issuer URL for the OpenID Connect identity provider.
- Issuer string
- Issuer URL for the OpenID Connect identity provider.
- issuer String
- Issuer URL for the OpenID Connect identity provider.
- issuer string
- Issuer URL for the OpenID Connect identity provider.
- issuer str
- Issuer URL for the OpenID Connect identity provider.
- issuer String
- Issuer URL for the OpenID Connect identity provider.
ClusterKubernetesNetworkConfig, ClusterKubernetesNetworkConfigArgs
- Elastic
Load ClusterBalancing Kubernetes Network Config Elastic Load Balancing - Configuration block with elastic load balancing configuration for the cluster. Detailed below.
- Ip
Family string - The IP family used to assign Kubernetes pod and service addresses. Valid values are
ipv4(default) andipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created. - Service
Ipv4Cidr string The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:
Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.
Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
Between /24 and /12.
- Service
Ipv6Cidr string - The CIDR block that Kubernetes pod and service IP addresses are assigned from if you specify
ipv6forip_familywhen you create the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster.
- Elastic
Load ClusterBalancing Kubernetes Network Config Elastic Load Balancing - Configuration block with elastic load balancing configuration for the cluster. Detailed below.
- Ip
Family string - The IP family used to assign Kubernetes pod and service addresses. Valid values are
ipv4(default) andipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created. - Service
Ipv4Cidr string The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:
Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.
Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
Between /24 and /12.
- Service
Ipv6Cidr string - The CIDR block that Kubernetes pod and service IP addresses are assigned from if you specify
ipv6forip_familywhen you create the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster.
- elastic
Load ClusterBalancing Kubernetes Network Config Elastic Load Balancing - Configuration block with elastic load balancing configuration for the cluster. Detailed below.
- ip
Family String - The IP family used to assign Kubernetes pod and service addresses. Valid values are
ipv4(default) andipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created. - service
Ipv4Cidr String The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:
Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.
Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
Between /24 and /12.
- service
Ipv6Cidr String - The CIDR block that Kubernetes pod and service IP addresses are assigned from if you specify
ipv6forip_familywhen you create the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster.
- elastic
Load ClusterBalancing Kubernetes Network Config Elastic Load Balancing - Configuration block with elastic load balancing configuration for the cluster. Detailed below.
- ip
Family string - The IP family used to assign Kubernetes pod and service addresses. Valid values are
ipv4(default) andipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created. - service
Ipv4Cidr string The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:
Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.
Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
Between /24 and /12.
- service
Ipv6Cidr string - The CIDR block that Kubernetes pod and service IP addresses are assigned from if you specify
ipv6forip_familywhen you create the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster.
- elastic_
load_ Clusterbalancing Kubernetes Network Config Elastic Load Balancing - Configuration block with elastic load balancing configuration for the cluster. Detailed below.
- ip_
family str - The IP family used to assign Kubernetes pod and service addresses. Valid values are
ipv4(default) andipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created. - service_
ipv4_ strcidr The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:
Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.
Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
Between /24 and /12.
- service_
ipv6_ strcidr - The CIDR block that Kubernetes pod and service IP addresses are assigned from if you specify
ipv6forip_familywhen you create the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster.
- elastic
Load Property MapBalancing - Configuration block with elastic load balancing configuration for the cluster. Detailed below.
- ip
Family String - The IP family used to assign Kubernetes pod and service addresses. Valid values are
ipv4(default) andipv6. You can only specify an IP family when you create a cluster, changing this value will force a new cluster to be created. - service
Ipv4Cidr String The CIDR block to assign Kubernetes pod and service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:
Within one of the following private IP address blocks: 10.0.0.0/8, 172.16.0.0/12, or 192.168.0.0/16.
Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC.
Between /24 and /12.
- service
Ipv6Cidr String - The CIDR block that Kubernetes pod and service IP addresses are assigned from if you specify
ipv6forip_familywhen you create the cluster. Kubernetes assigns service addresses from the unique local address range (fc00::/7) because you can't specify a custom IPv6 CIDR block when you create the cluster.
ClusterKubernetesNetworkConfigElasticLoadBalancing, ClusterKubernetesNetworkConfigElasticLoadBalancingArgs
- Enabled bool
- Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your Amazon Web Services account.
- Enabled bool
- Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your Amazon Web Services account.
- enabled Boolean
- Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your Amazon Web Services account.
- enabled boolean
- Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your Amazon Web Services account.
- enabled bool
- Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your Amazon Web Services account.
- enabled Boolean
- Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your Amazon Web Services account.
ClusterOutpostConfig, ClusterOutpostConfigArgs
- Control
Plane stringInstance Type The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have:
1–20 nodes, then we recommend specifying a large instance type.
21–100 nodes, then we recommend specifying an xlarge instance type.
101–250 nodes, then we recommend specifying a 2xlarge instance type.
For a list of the available Amazon EC2 instance types, see Compute and storage in AWS Outposts rack features The control plane is not automatically scaled by Amazon EKS.
- Outpost
Arns List<string> - The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently.
- Control
Plane ClusterPlacement Outpost Config Control Plane Placement - An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost.
The
control_plane_placementconfiguration block supports the following arguments:
- Control
Plane stringInstance Type The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have:
1–20 nodes, then we recommend specifying a large instance type.
21–100 nodes, then we recommend specifying an xlarge instance type.
101–250 nodes, then we recommend specifying a 2xlarge instance type.
For a list of the available Amazon EC2 instance types, see Compute and storage in AWS Outposts rack features The control plane is not automatically scaled by Amazon EKS.
- Outpost
Arns []string - The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently.
- Control
Plane ClusterPlacement Outpost Config Control Plane Placement - An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost.
The
control_plane_placementconfiguration block supports the following arguments:
- control
Plane StringInstance Type The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have:
1–20 nodes, then we recommend specifying a large instance type.
21–100 nodes, then we recommend specifying an xlarge instance type.
101–250 nodes, then we recommend specifying a 2xlarge instance type.
For a list of the available Amazon EC2 instance types, see Compute and storage in AWS Outposts rack features The control plane is not automatically scaled by Amazon EKS.
- outpost
Arns List<String> - The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently.
- control
Plane ClusterPlacement Outpost Config Control Plane Placement - An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost.
The
control_plane_placementconfiguration block supports the following arguments:
- control
Plane stringInstance Type The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have:
1–20 nodes, then we recommend specifying a large instance type.
21–100 nodes, then we recommend specifying an xlarge instance type.
101–250 nodes, then we recommend specifying a 2xlarge instance type.
For a list of the available Amazon EC2 instance types, see Compute and storage in AWS Outposts rack features The control plane is not automatically scaled by Amazon EKS.
- outpost
Arns string[] - The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently.
- control
Plane ClusterPlacement Outpost Config Control Plane Placement - An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost.
The
control_plane_placementconfiguration block supports the following arguments:
- control_
plane_ strinstance_ type The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have:
1–20 nodes, then we recommend specifying a large instance type.
21–100 nodes, then we recommend specifying an xlarge instance type.
101–250 nodes, then we recommend specifying a 2xlarge instance type.
For a list of the available Amazon EC2 instance types, see Compute and storage in AWS Outposts rack features The control plane is not automatically scaled by Amazon EKS.
- outpost_
arns Sequence[str] - The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently.
- control_
plane_ Clusterplacement Outpost Config Control Plane Placement - An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost.
The
control_plane_placementconfiguration block supports the following arguments:
- control
Plane StringInstance Type The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. Choose an instance type based on the number of nodes that your cluster will have. If your cluster will have:
1–20 nodes, then we recommend specifying a large instance type.
21–100 nodes, then we recommend specifying an xlarge instance type.
101–250 nodes, then we recommend specifying a 2xlarge instance type.
For a list of the available Amazon EC2 instance types, see Compute and storage in AWS Outposts rack features The control plane is not automatically scaled by Amazon EKS.
- outpost
Arns List<String> - The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. This argument is a list of arns, but only a single Outpost ARN is supported currently.
- control
Plane Property MapPlacement - An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on AWS Outpost.
The
control_plane_placementconfiguration block supports the following arguments:
ClusterOutpostConfigControlPlanePlacement, ClusterOutpostConfigControlPlanePlacementArgs
- Group
Name string - The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation.
- Group
Name string - The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation.
- group
Name String - The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation.
- group
Name string - The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation.
- group_
name str - The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation.
- group
Name String - The name of the placement group for the Kubernetes control plane instances. This setting can't be changed after cluster creation.
ClusterRemoteNetworkConfig, ClusterRemoteNetworkConfigArgs
- Remote
Node ClusterNetworks Remote Network Config Remote Node Networks - Configuration block with remote node network configuration for EKS Hybrid Nodes. Detailed below.
- Remote
Pod ClusterNetworks Remote Network Config Remote Pod Networks - Configuration block with remote pod network configuration for EKS Hybrid Nodes. Detailed below.
- Remote
Node ClusterNetworks Remote Network Config Remote Node Networks - Configuration block with remote node network configuration for EKS Hybrid Nodes. Detailed below.
- Remote
Pod ClusterNetworks Remote Network Config Remote Pod Networks - Configuration block with remote pod network configuration for EKS Hybrid Nodes. Detailed below.
- remote
Node ClusterNetworks Remote Network Config Remote Node Networks - Configuration block with remote node network configuration for EKS Hybrid Nodes. Detailed below.
- remote
Pod ClusterNetworks Remote Network Config Remote Pod Networks - Configuration block with remote pod network configuration for EKS Hybrid Nodes. Detailed below.
- remote
Node ClusterNetworks Remote Network Config Remote Node Networks - Configuration block with remote node network configuration for EKS Hybrid Nodes. Detailed below.
- remote
Pod ClusterNetworks Remote Network Config Remote Pod Networks - Configuration block with remote pod network configuration for EKS Hybrid Nodes. Detailed below.
- remote_
node_ Clusternetworks Remote Network Config Remote Node Networks - Configuration block with remote node network configuration for EKS Hybrid Nodes. Detailed below.
- remote_
pod_ Clusternetworks Remote Network Config Remote Pod Networks - Configuration block with remote pod network configuration for EKS Hybrid Nodes. Detailed below.
- remote
Node Property MapNetworks - Configuration block with remote node network configuration for EKS Hybrid Nodes. Detailed below.
- remote
Pod Property MapNetworks - Configuration block with remote pod network configuration for EKS Hybrid Nodes. Detailed below.
ClusterRemoteNetworkConfigRemoteNodeNetworks, ClusterRemoteNetworkConfigRemoteNodeNetworksArgs
- Cidrs List<string>
- List of network CIDRs that can contain hybrid nodes.
- Cidrs []string
- List of network CIDRs that can contain hybrid nodes.
- cidrs List<String>
- List of network CIDRs that can contain hybrid nodes.
- cidrs string[]
- List of network CIDRs that can contain hybrid nodes.
- cidrs Sequence[str]
- List of network CIDRs that can contain hybrid nodes.
- cidrs List<String>
- List of network CIDRs that can contain hybrid nodes.
ClusterRemoteNetworkConfigRemotePodNetworks, ClusterRemoteNetworkConfigRemotePodNetworksArgs
- Cidrs List<string>
- List of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.
- Cidrs []string
- List of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.
- cidrs List<String>
- List of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.
- cidrs string[]
- List of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.
- cidrs Sequence[str]
- List of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.
- cidrs List<String>
- List of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes.
ClusterStorageConfig, ClusterStorageConfigArgs
- Block
Storage ClusterStorage Config Block Storage - Configuration block with block storage configuration for the cluster. Detailed below.
- Block
Storage ClusterStorage Config Block Storage - Configuration block with block storage configuration for the cluster. Detailed below.
- block
Storage ClusterStorage Config Block Storage - Configuration block with block storage configuration for the cluster. Detailed below.
- block
Storage ClusterStorage Config Block Storage - Configuration block with block storage configuration for the cluster. Detailed below.
- block_
storage ClusterStorage Config Block Storage - Configuration block with block storage configuration for the cluster. Detailed below.
- block
Storage Property Map - Configuration block with block storage configuration for the cluster. Detailed below.
ClusterStorageConfigBlockStorage, ClusterStorageConfigBlockStorageArgs
- Enabled bool
- Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete block storage volumes in your Amazon Web Services account.
- Enabled bool
- Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete block storage volumes in your Amazon Web Services account.
- enabled Boolean
- Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete block storage volumes in your Amazon Web Services account.
- enabled boolean
- Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete block storage volumes in your Amazon Web Services account.
- enabled bool
- Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete block storage volumes in your Amazon Web Services account.
- enabled Boolean
- Indicates if the block storage capability is enabled on your EKS Auto Mode cluster. If the block storage capability is enabled, EKS Auto Mode will create and delete block storage volumes in your Amazon Web Services account.
ClusterUpgradePolicy, ClusterUpgradePolicyArgs
- Support
Type string - Support type to use for the cluster. If the cluster is set to
EXTENDED, it will enter extended support at the end of standard support. If the cluster is set toSTANDARD, it will be automatically upgraded at the end of standard support. Valid values areEXTENDED,STANDARD
- Support
Type string - Support type to use for the cluster. If the cluster is set to
EXTENDED, it will enter extended support at the end of standard support. If the cluster is set toSTANDARD, it will be automatically upgraded at the end of standard support. Valid values areEXTENDED,STANDARD
- support
Type String - Support type to use for the cluster. If the cluster is set to
EXTENDED, it will enter extended support at the end of standard support. If the cluster is set toSTANDARD, it will be automatically upgraded at the end of standard support. Valid values areEXTENDED,STANDARD
- support
Type string - Support type to use for the cluster. If the cluster is set to
EXTENDED, it will enter extended support at the end of standard support. If the cluster is set toSTANDARD, it will be automatically upgraded at the end of standard support. Valid values areEXTENDED,STANDARD
- support_
type str - Support type to use for the cluster. If the cluster is set to
EXTENDED, it will enter extended support at the end of standard support. If the cluster is set toSTANDARD, it will be automatically upgraded at the end of standard support. Valid values areEXTENDED,STANDARD
- support
Type String - Support type to use for the cluster. If the cluster is set to
EXTENDED, it will enter extended support at the end of standard support. If the cluster is set toSTANDARD, it will be automatically upgraded at the end of standard support. Valid values areEXTENDED,STANDARD
ClusterVpcConfig, ClusterVpcConfigArgs
- Subnet
Ids List<string> - List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
- Cluster
Security stringGroup Id - Cluster security group that is created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.
- Endpoint
Private boolAccess - Whether the Amazon EKS private API server endpoint is enabled. Default is
false. - Endpoint
Public boolAccess - Whether the Amazon EKS public API server endpoint is enabled. Default is
true. - Public
Access List<string>Cidrs - List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with
0.0.0.0/0. The provider will only perform drift detection of its value when present in a configuration. - Security
Group List<string>Ids - List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
- Vpc
Id string - ID of the VPC associated with your cluster.
- Subnet
Ids []string - List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
- Cluster
Security stringGroup Id - Cluster security group that is created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.
- Endpoint
Private boolAccess - Whether the Amazon EKS private API server endpoint is enabled. Default is
false. - Endpoint
Public boolAccess - Whether the Amazon EKS public API server endpoint is enabled. Default is
true. - Public
Access []stringCidrs - List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with
0.0.0.0/0. The provider will only perform drift detection of its value when present in a configuration. - Security
Group []stringIds - List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
- Vpc
Id string - ID of the VPC associated with your cluster.
- subnet
Ids List<String> - List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
- cluster
Security StringGroup Id - Cluster security group that is created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.
- endpoint
Private BooleanAccess - Whether the Amazon EKS private API server endpoint is enabled. Default is
false. - endpoint
Public BooleanAccess - Whether the Amazon EKS public API server endpoint is enabled. Default is
true. - public
Access List<String>Cidrs - List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with
0.0.0.0/0. The provider will only perform drift detection of its value when present in a configuration. - security
Group List<String>Ids - List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
- vpc
Id String - ID of the VPC associated with your cluster.
- subnet
Ids string[] - List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
- cluster
Security stringGroup Id - Cluster security group that is created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.
- endpoint
Private booleanAccess - Whether the Amazon EKS private API server endpoint is enabled. Default is
false. - endpoint
Public booleanAccess - Whether the Amazon EKS public API server endpoint is enabled. Default is
true. - public
Access string[]Cidrs - List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with
0.0.0.0/0. The provider will only perform drift detection of its value when present in a configuration. - security
Group string[]Ids - List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
- vpc
Id string - ID of the VPC associated with your cluster.
- subnet_
ids Sequence[str] - List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
- cluster_
security_ strgroup_ id - Cluster security group that is created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.
- endpoint_
private_ boolaccess - Whether the Amazon EKS private API server endpoint is enabled. Default is
false. - endpoint_
public_ boolaccess - Whether the Amazon EKS public API server endpoint is enabled. Default is
true. - public_
access_ Sequence[str]cidrs - List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with
0.0.0.0/0. The provider will only perform drift detection of its value when present in a configuration. - security_
group_ Sequence[str]ids - List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
- vpc_
id str - ID of the VPC associated with your cluster.
- subnet
Ids List<String> - List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
- cluster
Security StringGroup Id - Cluster security group that is created by Amazon EKS for the cluster. Managed node groups use this security group for control-plane-to-data-plane communication.
- endpoint
Private BooleanAccess - Whether the Amazon EKS private API server endpoint is enabled. Default is
false. - endpoint
Public BooleanAccess - Whether the Amazon EKS public API server endpoint is enabled. Default is
true. - public
Access List<String>Cidrs - List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with
0.0.0.0/0. The provider will only perform drift detection of its value when present in a configuration. - security
Group List<String>Ids - List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
- vpc
Id String - ID of the VPC associated with your cluster.
ClusterZonalShiftConfig, ClusterZonalShiftConfigArgs
- Enabled bool
- Whether zonal shift is enabled for the cluster.
- Enabled bool
- Whether zonal shift is enabled for the cluster.
- enabled Boolean
- Whether zonal shift is enabled for the cluster.
- enabled boolean
- Whether zonal shift is enabled for the cluster.
- enabled bool
- Whether zonal shift is enabled for the cluster.
- enabled Boolean
- Whether zonal shift is enabled for the cluster.
Import
Using pulumi import, import EKS Clusters using the name. For example:
$ pulumi import aws:eks/cluster:Cluster my_cluster my_cluster
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.