Cluster
Manages an EKS Cluster.
Example Usage
Example IAM Role for EKS Cluster
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var example = new Aws.Iam.Role("example", new Aws.Iam.RoleArgs
{
AssumeRolePolicy = @"{
""Version"": ""2012-10-17"",
""Statement"": [
{
""Effect"": ""Allow"",
""Principal"": {
""Service"": ""eks.amazonaws.com""
},
""Action"": ""sts:AssumeRole""
}
]
}
",
});
var example_AmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment("example-AmazonEKSClusterPolicy", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
Role = example.Name,
});
// Optionally, enable Security Groups for Pods
// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
var example_AmazonEKSVPCResourceController = new Aws.Iam.RolePolicyAttachment("example-AmazonEKSVPCResourceController", new Aws.Iam.RolePolicyAttachmentArgs
{
PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController",
Role = example.Name,
});
}
}
package main
import (
"fmt"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Effect\": \"Allow\",\n", " \"Principal\": {\n", " \"Service\": \"eks.amazonaws.com\"\n", " },\n", " \"Action\": \"sts:AssumeRole\"\n", " }\n", " ]\n", "}\n")),
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "example_AmazonEKSClusterPolicy", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"),
Role: example.Name,
})
if err != nil {
return err
}
_, err = iam.NewRolePolicyAttachment(ctx, "example_AmazonEKSVPCResourceController", &iam.RolePolicyAttachmentArgs{
PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"),
Role: example.Name,
})
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
example = aws.iam.Role("example", assume_role_policy="""{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
""")
example__amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment("example-AmazonEKSClusterPolicy",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
role=example.name)
# Optionally, enable Security Groups for Pods
# Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
example__amazon_eksvpc_resource_controller = aws.iam.RolePolicyAttachment("example-AmazonEKSVPCResourceController",
policy_arn="arn:aws:iam::aws:policy/AmazonEKSVPCResourceController",
role=example.name)import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const example = new aws.iam.Role("example", {assumeRolePolicy: `{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "eks.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
`});
const example_AmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment("example-AmazonEKSClusterPolicy", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
role: example.name,
});
// Optionally, enable Security Groups for Pods
// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
const example_AmazonEKSVPCResourceController = new aws.iam.RolePolicyAttachment("example-AmazonEKSVPCResourceController", {
policyArn: "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController",
role: example.name,
});Enabling Control Plane Logging
using Pulumi;
using Aws = Pulumi.Aws;
class MyStack : Stack
{
public MyStack()
{
var config = new Config();
var clusterName = config.Get("clusterName") ?? "example";
var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
{
RetentionInDays = 7,
});
// ... potentially other configuration ...
var exampleCluster = new Aws.Eks.Cluster("exampleCluster", new Aws.Eks.ClusterArgs
{
EnabledClusterLogTypes =
{
"api",
"audit",
},
}, new CustomResourceOptions
{
DependsOn =
{
exampleLogGroup,
},
});
// ... other configuration ...
}
}
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudwatch"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/eks"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
cfg := config.New(ctx, "")
clusterName := "example"
if param := cfg.Get("clusterName"); param != "" {
clusterName = param
}
exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "exampleLogGroup", &cloudwatch.LogGroupArgs{
RetentionInDays: pulumi.Int(7),
})
if err != nil {
return err
}
_, err = eks.NewCluster(ctx, "exampleCluster", &eks.ClusterArgs{
EnabledClusterLogTypes: pulumi.StringArray{
pulumi.String("api"),
pulumi.String("audit"),
},
}, pulumi.DependsOn([]pulumi.Resource{
exampleLogGroup,
}))
if err != nil {
return err
}
return nil
})
}import pulumi
import pulumi_aws as aws
config = pulumi.Config()
cluster_name = config.get("clusterName")
if cluster_name is None:
cluster_name = "example"
example_log_group = aws.cloudwatch.LogGroup("exampleLogGroup", retention_in_days=7)
# ... potentially other configuration ...
example_cluster = aws.eks.Cluster("exampleCluster", enabled_cluster_log_types=[
"api",
"audit",
],
opts=ResourceOptions(depends_on=[example_log_group]))
# ... other configuration ...import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const config = new pulumi.Config();
const clusterName = config.get("clusterName") || "example";
const exampleLogGroup = new aws.cloudwatch.LogGroup("exampleLogGroup", {retentionInDays: 7});
// ... potentially other configuration ...
const exampleCluster = new aws.eks.Cluster("exampleCluster", {enabledClusterLogTypes: [
"api",
"audit",
]}, {
dependsOn: [exampleLogGroup],
});
// ... other configuration ...Create a Cluster Resource
new Cluster(name: string, args: ClusterArgs, opts?: CustomResourceOptions);def Cluster(resource_name: str, opts: Optional[ResourceOptions] = None, enabled_cluster_log_types: Optional[Sequence[str]] = None, encryption_config: Optional[ClusterEncryptionConfigArgs] = None, name: Optional[str] = None, role_arn: Optional[str] = None, tags: Optional[Mapping[str, str]] = None, version: Optional[str] = None, vpc_config: Optional[ClusterVpcConfigArgs] = None)func NewCluster(ctx *Context, name string, args ClusterArgs, opts ...ResourceOption) (*Cluster, error)public Cluster(string name, ClusterArgs args, CustomResourceOptions? opts = null)- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- opts ResourceOptions
- A bag of options that control this resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
Cluster Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.
Inputs
The Cluster resource accepts the following input properties:
- Role
Arn string The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
dependsOnif using theaws.iam.RolePolicyresource) oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.- Vpc
Config ClusterVpc Config Args Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
- Enabled
Cluster List<string>Log Types A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
- Encryption
Config ClusterEncryption Config Args Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
- Name string
Name of the cluster.
- Dictionary<string, string>
Key-value map of resource tags.
- Version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- Role
Arn string The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
dependsOnif using theaws.iam.RolePolicyresource) oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.- Vpc
Config ClusterVpc Config Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
- Enabled
Cluster []stringLog Types A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
- Encryption
Config ClusterEncryption Config Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
- Name string
Name of the cluster.
- map[string]string
Key-value map of resource tags.
- Version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- role
Arn string The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
dependsOnif using theaws.iam.RolePolicyresource) oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.- vpc
Config ClusterVpc Config Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
- enabled
Cluster string[]Log Types A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
- encryption
Config ClusterEncryption Config Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
- name string
Name of the cluster.
- {[key: string]: string}
Key-value map of resource tags.
- version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- role_
arn str The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
dependsOnif using theaws.iam.RolePolicyresource) oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.- vpc_
config ClusterVpc Config Args Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
- enabled_
cluster_ Sequence[str]log_ types A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
- encryption_
config ClusterEncryption Config Args Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
- name str
Name of the cluster.
- Mapping[str, str]
Key-value map of resource tags.
- version str
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
Outputs
All input properties are implicitly available as output properties. Additionally, the Cluster resource produces the following output properties:
- Arn string
The Amazon Resource Name (ARN) of the cluster.
-
Cluster
Certificate Authority Nested attribute containing
certificate-authority-datafor your cluster.- Created
At string - Endpoint string
The endpoint for your Kubernetes API server.
- Id string
- The provider-assigned unique ID for this managed resource.
- Identities
List<Cluster
Identity> Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
- Platform
Version string The platform version for the cluster.
- Status string
The status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED.
- Arn string
The Amazon Resource Name (ARN) of the cluster.
-
Cluster
Certificate Authority Nested attribute containing
certificate-authority-datafor your cluster.- Created
At string - Endpoint string
The endpoint for your Kubernetes API server.
- Id string
- The provider-assigned unique ID for this managed resource.
- Identities
[]Cluster
Identity Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
- Platform
Version string The platform version for the cluster.
- Status string
The status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED.
- arn string
The Amazon Resource Name (ARN) of the cluster.
-
Cluster
Certificate Authority Nested attribute containing
certificate-authority-datafor your cluster.- created
At string - endpoint string
The endpoint for your Kubernetes API server.
- id string
- The provider-assigned unique ID for this managed resource.
- identities
Cluster
Identity[] Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
- platform
Version string The platform version for the cluster.
- status string
The status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED.
- arn str
The Amazon Resource Name (ARN) of the cluster.
-
Cluster
Certificate Authority Nested attribute containing
certificate-authority-datafor your cluster.- created_
at str - endpoint str
The endpoint for your Kubernetes API server.
- id str
- The provider-assigned unique ID for this managed resource.
- identities
Sequence[Cluster
Identity] Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
- platform_
version str The platform version for the cluster.
- status str
The status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED.
Look up an Existing Cluster Resource
Get an existing Cluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ClusterState, opts?: CustomResourceOptions): Cluster@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, arn: Optional[str] = None, certificate_authority: Optional[ClusterCertificateAuthorityArgs] = None, created_at: Optional[str] = None, enabled_cluster_log_types: Optional[Sequence[str]] = None, encryption_config: Optional[ClusterEncryptionConfigArgs] = None, endpoint: Optional[str] = None, identities: Optional[Sequence[ClusterIdentityArgs]] = None, name: Optional[str] = None, platform_version: Optional[str] = None, role_arn: Optional[str] = None, status: Optional[str] = None, tags: Optional[Mapping[str, str]] = None, version: Optional[str] = None, vpc_config: Optional[ClusterVpcConfigArgs] = None) -> Clusterfunc GetCluster(ctx *Context, name string, id IDInput, state *ClusterState, opts ...ResourceOption) (*Cluster, error)public static Cluster Get(string name, Input<string> id, ClusterState? state, CustomResourceOptions? opts = null)- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
The following state arguments are supported:
- Arn string
The Amazon Resource Name (ARN) of the cluster.
-
Cluster
Certificate Authority Args Nested attribute containing
certificate-authority-datafor your cluster.- Created
At string - Enabled
Cluster List<string>Log Types A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
- Encryption
Config ClusterEncryption Config Args Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
- Endpoint string
The endpoint for your Kubernetes API server.
- Identities
List<Cluster
Identity Args> Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
- Name string
Name of the cluster.
- Platform
Version string The platform version for the cluster.
- Role
Arn string The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
dependsOnif using theaws.iam.RolePolicyresource) oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.- Status string
The status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED.- Dictionary<string, string>
Key-value map of resource tags.
- Version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- Vpc
Config ClusterVpc Config Args Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
- Arn string
The Amazon Resource Name (ARN) of the cluster.
-
Cluster
Certificate Authority Nested attribute containing
certificate-authority-datafor your cluster.- Created
At string - Enabled
Cluster []stringLog Types A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
- Encryption
Config ClusterEncryption Config Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
- Endpoint string
The endpoint for your Kubernetes API server.
- Identities
[]Cluster
Identity Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
- Name string
Name of the cluster.
- Platform
Version string The platform version for the cluster.
- Role
Arn string The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
dependsOnif using theaws.iam.RolePolicyresource) oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.- Status string
The status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED.- map[string]string
Key-value map of resource tags.
- Version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- Vpc
Config ClusterVpc Config Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
- arn string
The Amazon Resource Name (ARN) of the cluster.
-
Cluster
Certificate Authority Nested attribute containing
certificate-authority-datafor your cluster.- created
At string - enabled
Cluster string[]Log Types A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
- encryption
Config ClusterEncryption Config Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
- endpoint string
The endpoint for your Kubernetes API server.
- identities
Cluster
Identity[] Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
- name string
Name of the cluster.
- platform
Version string The platform version for the cluster.
- role
Arn string The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
dependsOnif using theaws.iam.RolePolicyresource) oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.- status string
The status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED.- {[key: string]: string}
Key-value map of resource tags.
- version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- vpc
Config ClusterVpc Config Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
- arn str
The Amazon Resource Name (ARN) of the cluster.
-
Cluster
Certificate Authority Args Nested attribute containing
certificate-authority-datafor your cluster.- created_
at str - enabled_
cluster_ Sequence[str]log_ types A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
- encryption_
config ClusterEncryption Config Args Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
- endpoint str
The endpoint for your Kubernetes API server.
- identities
Sequence[Cluster
Identity Args] Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
- name str
Name of the cluster.
- platform_
version str The platform version for the cluster.
- role_
arn str The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding
dependsOnif using theaws.iam.RolePolicyresource) oraws.iam.RolePolicyAttachmentresource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.- status str
The status of the EKS cluster. One of
CREATING,ACTIVE,DELETING,FAILED.- Mapping[str, str]
Key-value map of resource tags.
- version str
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
- vpc_
config ClusterVpc Config Args Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
Supporting Types
ClusterCertificateAuthority
See the output API doc for this type.
See the output API doc for this type.
See the output API doc for this type.
ClusterEncryptionConfig
- Provider
Cluster
Encryption Config Provider Args Configuration block with provider for encryption. Detailed below.
- Resources List<string>
List of strings with resources to be encrypted. Valid values:
secrets
- Provider
Cluster
Encryption Config Provider Configuration block with provider for encryption. Detailed below.
- Resources []string
List of strings with resources to be encrypted. Valid values:
secrets
- provider
Cluster
Encryption Config Provider Configuration block with provider for encryption. Detailed below.
- resources string[]
List of strings with resources to be encrypted. Valid values:
secrets
- provider
Cluster
Encryption Config Provider Args Configuration block with provider for encryption. Detailed below.
- resources Sequence[str]
List of strings with resources to be encrypted. Valid values:
secrets
ClusterEncryptionConfigProvider
- Key
Arn string Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
- Key
Arn string Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
- key
Arn string Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
- key_
arn str Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
ClusterIdentity
See the output API doc for this type.
See the output API doc for this type.
See the output API doc for this type.
- Oidcs
List<Cluster
Identity Oidc Args> Nested attribute containing OpenID Connect identity provider information for the cluster.
- Oidcs
[]Cluster
Identity Oidc Nested attribute containing OpenID Connect identity provider information for the cluster.
- oidcs
Cluster
Identity Oidc[] Nested attribute containing OpenID Connect identity provider information for the cluster.
- oidcs
Sequence[Cluster
Identity Oidc Args] Nested attribute containing OpenID Connect identity provider information for the cluster.
ClusterIdentityOidc
See the output API doc for this type.
See the output API doc for this type.
See the output API doc for this type.
ClusterVpcConfig
- Subnet
Ids List<string> List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
- Cluster
Security stringGroup Id The cluster security group that was created by Amazon EKS for the cluster.
- Endpoint
Private boolAccess Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is
false.- Endpoint
Public boolAccess Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is
true.- Public
Access List<string>Cidrs List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with
0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.- Security
Group List<string>Ids List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
- Vpc
Id string The VPC associated with your cluster.
- Subnet
Ids []string List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
- Cluster
Security stringGroup Id The cluster security group that was created by Amazon EKS for the cluster.
- Endpoint
Private boolAccess Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is
false.- Endpoint
Public boolAccess Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is
true.- Public
Access []stringCidrs List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with
0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.- Security
Group []stringIds List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
- Vpc
Id string The VPC associated with your cluster.
- subnet
Ids string[] List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
- cluster
Security stringGroup Id The cluster security group that was created by Amazon EKS for the cluster.
- endpoint
Private booleanAccess Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is
false.- endpoint
Public booleanAccess Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is
true.- public
Access string[]Cidrs List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with
0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.- security
Group string[]Ids List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
- vpc
Id string The VPC associated with your cluster.
- subnet_
ids Sequence[str] List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
- cluster_
security_ strgroup_ id The cluster security group that was created by Amazon EKS for the cluster.
- endpoint_
private_ boolaccess Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is
false.- endpoint_
public_ boolaccess Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is
true.- public_
access_ Sequence[str]cidrs List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with
0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.- security_
group_ Sequence[str]ids List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
- vpc_
id str The VPC associated with your cluster.
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.