PulumiUP: Hear from technical leaders as they present the vision for the future of cloud engineering. Save Your Spot

Cluster

Manages an EKS Cluster.

Example Usage

Example IAM Role for EKS Cluster

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var example = new Aws.Iam.Role("example", new Aws.Iam.RoleArgs
        {
            AssumeRolePolicy = @"{
  ""Version"": ""2012-10-17"",
  ""Statement"": [
    {
      ""Effect"": ""Allow"",
      ""Principal"": {
        ""Service"": ""eks.amazonaws.com""
      },
      ""Action"": ""sts:AssumeRole""
    }
  ]
}
",
        });
        var example_AmazonEKSClusterPolicy = new Aws.Iam.RolePolicyAttachment("example-AmazonEKSClusterPolicy", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
            Role = example.Name,
        });
        // Optionally, enable Security Groups for Pods
        // Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
        var example_AmazonEKSVPCResourceController = new Aws.Iam.RolePolicyAttachment("example-AmazonEKSVPCResourceController", new Aws.Iam.RolePolicyAttachmentArgs
        {
            PolicyArn = "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController",
            Role = example.Name,
        });
    }

}
package main

import (
	"fmt"

	"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
	"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		example, err := iam.NewRole(ctx, "example", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Effect\": \"Allow\",\n", "      \"Principal\": {\n", "        \"Service\": \"eks.amazonaws.com\"\n", "      },\n", "      \"Action\": \"sts:AssumeRole\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicyAttachment(ctx, "example_AmazonEKSClusterPolicy", &iam.RolePolicyAttachmentArgs{
			PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"),
			Role:      example.Name,
		})
		if err != nil {
			return err
		}
		_, err = iam.NewRolePolicyAttachment(ctx, "example_AmazonEKSVPCResourceController", &iam.RolePolicyAttachmentArgs{
			PolicyArn: pulumi.String("arn:aws:iam::aws:policy/AmazonEKSVPCResourceController"),
			Role:      example.Name,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

example = aws.iam.Role("example", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
""")
example__amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment("example-AmazonEKSClusterPolicy",
    policy_arn="arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
    role=example.name)
# Optionally, enable Security Groups for Pods
# Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
example__amazon_eksvpc_resource_controller = aws.iam.RolePolicyAttachment("example-AmazonEKSVPCResourceController",
    policy_arn="arn:aws:iam::aws:policy/AmazonEKSVPCResourceController",
    role=example.name)
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const example = new aws.iam.Role("example", {assumeRolePolicy: `{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
`});
const example_AmazonEKSClusterPolicy = new aws.iam.RolePolicyAttachment("example-AmazonEKSClusterPolicy", {
    policyArn: "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
    role: example.name,
});
// Optionally, enable Security Groups for Pods
// Reference: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html
const example_AmazonEKSVPCResourceController = new aws.iam.RolePolicyAttachment("example-AmazonEKSVPCResourceController", {
    policyArn: "arn:aws:iam::aws:policy/AmazonEKSVPCResourceController",
    role: example.name,
});

Enabling Control Plane Logging

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
    public MyStack()
    {
        var config = new Config();
        var clusterName = config.Get("clusterName") ?? "example";
        var exampleLogGroup = new Aws.CloudWatch.LogGroup("exampleLogGroup", new Aws.CloudWatch.LogGroupArgs
        {
            RetentionInDays = 7,
        });
        // ... potentially other configuration ...
        var exampleCluster = new Aws.Eks.Cluster("exampleCluster", new Aws.Eks.ClusterArgs
        {
            EnabledClusterLogTypes = 
            {
                "api",
                "audit",
            },
        }, new CustomResourceOptions
        {
            DependsOn = 
            {
                exampleLogGroup,
            },
        });
        // ... other configuration ...
    }

}
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/cloudwatch"
	"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/eks"
	"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
	"github.com/pulumi/pulumi/sdk/v2/go/pulumi/config"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		cfg := config.New(ctx, "")
		clusterName := "example"
		if param := cfg.Get("clusterName"); param != "" {
			clusterName = param
		}
		exampleLogGroup, err := cloudwatch.NewLogGroup(ctx, "exampleLogGroup", &cloudwatch.LogGroupArgs{
			RetentionInDays: pulumi.Int(7),
		})
		if err != nil {
			return err
		}
		_, err = eks.NewCluster(ctx, "exampleCluster", &eks.ClusterArgs{
			EnabledClusterLogTypes: pulumi.StringArray{
				pulumi.String("api"),
				pulumi.String("audit"),
			},
		}, pulumi.DependsOn([]pulumi.Resource{
			exampleLogGroup,
		}))
		if err != nil {
			return err
		}
		return nil
	})
}
import pulumi
import pulumi_aws as aws

config = pulumi.Config()
cluster_name = config.get("clusterName")
if cluster_name is None:
    cluster_name = "example"
example_log_group = aws.cloudwatch.LogGroup("exampleLogGroup", retention_in_days=7)
# ... potentially other configuration ...
example_cluster = aws.eks.Cluster("exampleCluster", enabled_cluster_log_types=[
    "api",
    "audit",
],
opts=pulumi.ResourceOptions(depends_on=[example_log_group]))
# ... other configuration ...
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const config = new pulumi.Config();
const clusterName = config.get("clusterName") || "example";
const exampleLogGroup = new aws.cloudwatch.LogGroup("exampleLogGroup", {retentionInDays: 7});
// ... potentially other configuration ...
const exampleCluster = new aws.eks.Cluster("exampleCluster", {enabledClusterLogTypes: [
    "api",
    "audit",
]}, {
    dependsOn: [exampleLogGroup],
});
// ... other configuration ...

Create a Cluster Resource

new Cluster(name: string, args: ClusterArgs, opts?: CustomResourceOptions);
def Cluster(resource_name: str, opts: Optional[ResourceOptions] = None, enabled_cluster_log_types: Optional[Sequence[str]] = None, encryption_config: Optional[ClusterEncryptionConfigArgs] = None, kubernetes_network_config: Optional[ClusterKubernetesNetworkConfigArgs] = None, name: Optional[str] = None, role_arn: Optional[str] = None, tags: Optional[Mapping[str, str]] = None, version: Optional[str] = None, vpc_config: Optional[ClusterVpcConfigArgs] = None)
func NewCluster(ctx *Context, name string, args ClusterArgs, opts ...ResourceOption) (*Cluster, error)
public Cluster(string name, ClusterArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args ClusterArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
opts ResourceOptions
A bag of options that control this resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args ClusterArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args ClusterArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

Cluster Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Cluster resource accepts the following input properties:

RoleArn string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding dependsOn if using the aws.iam.RolePolicy resource) or aws.iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
VpcConfig ClusterVpcConfigArgs
Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
EnabledClusterLogTypes List<string>
A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
EncryptionConfig ClusterEncryptionConfigArgs
Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below. Please note that encryption_config can be added to the configuration but cannot be removed.
KubernetesNetworkConfig ClusterKubernetesNetworkConfigArgs
Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
Name string
Name of the cluster.
Tags Dictionary<string, string>
Key-value map of resource tags.
Version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
RoleArn string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding dependsOn if using the aws.iam.RolePolicy resource) or aws.iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
VpcConfig ClusterVpcConfig
Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
EnabledClusterLogTypes []string
A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
EncryptionConfig ClusterEncryptionConfig
Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below. Please note that encryption_config can be added to the configuration but cannot be removed.
KubernetesNetworkConfig ClusterKubernetesNetworkConfig
Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
Name string
Name of the cluster.
Tags map[string]string
Key-value map of resource tags.
Version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
roleArn string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding dependsOn if using the aws.iam.RolePolicy resource) or aws.iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
vpcConfig ClusterVpcConfig
Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
enabledClusterLogTypes string[]
A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
encryptionConfig ClusterEncryptionConfig
Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below. Please note that encryption_config can be added to the configuration but cannot be removed.
kubernetesNetworkConfig ClusterKubernetesNetworkConfig
Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
name string
Name of the cluster.
tags {[key: string]: string}
Key-value map of resource tags.
version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
role_arn str
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding dependsOn if using the aws.iam.RolePolicy resource) or aws.iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
vpc_config ClusterVpcConfigArgs
Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
enabled_cluster_log_types Sequence[str]
A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
encryption_config ClusterEncryptionConfigArgs
Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below. Please note that encryption_config can be added to the configuration but cannot be removed.
kubernetes_network_config ClusterKubernetesNetworkConfigArgs
Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
name str
Name of the cluster.
tags Mapping[str, str]
Key-value map of resource tags.
version str
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.

Outputs

All input properties are implicitly available as output properties. Additionally, the Cluster resource produces the following output properties:

Arn string
The Amazon Resource Name (ARN) of the cluster.
CertificateAuthority ClusterCertificateAuthority
Nested attribute containing certificate-authority-data for your cluster.
CreatedAt string
Endpoint string
The endpoint for your Kubernetes API server.
Id string
The provider-assigned unique ID for this managed resource.
Identities List<ClusterIdentity>
Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
PlatformVersion string
The platform version for the cluster.
Status string
The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.
Arn string
The Amazon Resource Name (ARN) of the cluster.
CertificateAuthority ClusterCertificateAuthority
Nested attribute containing certificate-authority-data for your cluster.
CreatedAt string
Endpoint string
The endpoint for your Kubernetes API server.
Id string
The provider-assigned unique ID for this managed resource.
Identities []ClusterIdentity
Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
PlatformVersion string
The platform version for the cluster.
Status string
The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.
arn string
The Amazon Resource Name (ARN) of the cluster.
certificateAuthority ClusterCertificateAuthority
Nested attribute containing certificate-authority-data for your cluster.
createdAt string
endpoint string
The endpoint for your Kubernetes API server.
id string
The provider-assigned unique ID for this managed resource.
identities ClusterIdentity[]
Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
platformVersion string
The platform version for the cluster.
status string
The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.
arn str
The Amazon Resource Name (ARN) of the cluster.
certificate_authority ClusterCertificateAuthority
Nested attribute containing certificate-authority-data for your cluster.
created_at str
endpoint str
The endpoint for your Kubernetes API server.
id str
The provider-assigned unique ID for this managed resource.
identities Sequence[ClusterIdentity]
Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
platform_version str
The platform version for the cluster.
status str
The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.

Look up an Existing Cluster Resource

Get an existing Cluster resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: ClusterState, opts?: CustomResourceOptions): Cluster
@staticmethod
def get(resource_name: str, id: str, opts: Optional[ResourceOptions] = None, arn: Optional[str] = None, certificate_authority: Optional[ClusterCertificateAuthorityArgs] = None, created_at: Optional[str] = None, enabled_cluster_log_types: Optional[Sequence[str]] = None, encryption_config: Optional[ClusterEncryptionConfigArgs] = None, endpoint: Optional[str] = None, identities: Optional[Sequence[ClusterIdentityArgs]] = None, kubernetes_network_config: Optional[ClusterKubernetesNetworkConfigArgs] = None, name: Optional[str] = None, platform_version: Optional[str] = None, role_arn: Optional[str] = None, status: Optional[str] = None, tags: Optional[Mapping[str, str]] = None, version: Optional[str] = None, vpc_config: Optional[ClusterVpcConfigArgs] = None) -> Cluster
func GetCluster(ctx *Context, name string, id IDInput, state *ClusterState, opts ...ResourceOption) (*Cluster, error)
public static Cluster Get(string name, Input<string> id, ClusterState? state, CustomResourceOptions? opts = null)
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.

The following state arguments are supported:

Arn string
The Amazon Resource Name (ARN) of the cluster.
CertificateAuthority ClusterCertificateAuthorityArgs
Nested attribute containing certificate-authority-data for your cluster.
CreatedAt string
EnabledClusterLogTypes List<string>
A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
EncryptionConfig ClusterEncryptionConfigArgs
Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below. Please note that encryption_config can be added to the configuration but cannot be removed.
Endpoint string
The endpoint for your Kubernetes API server.
Identities List<ClusterIdentityArgs>
Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
KubernetesNetworkConfig ClusterKubernetesNetworkConfigArgs
Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
Name string
Name of the cluster.
PlatformVersion string
The platform version for the cluster.
RoleArn string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding dependsOn if using the aws.iam.RolePolicy resource) or aws.iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
Status string
The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.
Tags Dictionary<string, string>
Key-value map of resource tags.
Version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
VpcConfig ClusterVpcConfigArgs
Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
Arn string
The Amazon Resource Name (ARN) of the cluster.
CertificateAuthority ClusterCertificateAuthority
Nested attribute containing certificate-authority-data for your cluster.
CreatedAt string
EnabledClusterLogTypes []string
A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
EncryptionConfig ClusterEncryptionConfig
Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below. Please note that encryption_config can be added to the configuration but cannot be removed.
Endpoint string
The endpoint for your Kubernetes API server.
Identities []ClusterIdentity
Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
KubernetesNetworkConfig ClusterKubernetesNetworkConfig
Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
Name string
Name of the cluster.
PlatformVersion string
The platform version for the cluster.
RoleArn string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding dependsOn if using the aws.iam.RolePolicy resource) or aws.iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
Status string
The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.
Tags map[string]string
Key-value map of resource tags.
Version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
VpcConfig ClusterVpcConfig
Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
arn string
The Amazon Resource Name (ARN) of the cluster.
certificateAuthority ClusterCertificateAuthority
Nested attribute containing certificate-authority-data for your cluster.
createdAt string
enabledClusterLogTypes string[]
A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
encryptionConfig ClusterEncryptionConfig
Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below. Please note that encryption_config can be added to the configuration but cannot be removed.
endpoint string
The endpoint for your Kubernetes API server.
identities ClusterIdentity[]
Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
kubernetesNetworkConfig ClusterKubernetesNetworkConfig
Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
name string
Name of the cluster.
platformVersion string
The platform version for the cluster.
roleArn string
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding dependsOn if using the aws.iam.RolePolicy resource) or aws.iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
status string
The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.
tags {[key: string]: string}
Key-value map of resource tags.
version string
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
vpcConfig ClusterVpcConfig
Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.
arn str
The Amazon Resource Name (ARN) of the cluster.
certificate_authority ClusterCertificateAuthorityArgs
Nested attribute containing certificate-authority-data for your cluster.
created_at str
enabled_cluster_log_types Sequence[str]
A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
encryption_config ClusterEncryptionConfigArgs
Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below. Please note that encryption_config can be added to the configuration but cannot be removed.
endpoint str
The endpoint for your Kubernetes API server.
identities Sequence[ClusterIdentityArgs]
Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
kubernetes_network_config ClusterKubernetesNetworkConfigArgs
Configuration block with kubernetes network configuration for the cluster. Detailed below. If removed, the provider will only perform drift detection if a configuration value is provided.
name str
Name of the cluster.
platform_version str
The platform version for the cluster.
role_arn str
The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding dependsOn if using the aws.iam.RolePolicy resource) or aws.iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
status str
The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.
tags Mapping[str, str]
Key-value map of resource tags.
version str
Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
vpc_config ClusterVpcConfigArgs
Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.

Supporting Types

ClusterCertificateAuthority

Data string
The base64 encoded certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.
Data string
The base64 encoded certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.
data string
The base64 encoded certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.
data str
The base64 encoded certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.

ClusterEncryptionConfig

Provider ClusterEncryptionConfigProviderArgs
Configuration block with provider for encryption. Detailed below.
Resources List<string>
List of strings with resources to be encrypted. Valid values: secrets
Provider ClusterEncryptionConfigProvider
Configuration block with provider for encryption. Detailed below.
Resources []string
List of strings with resources to be encrypted. Valid values: secrets
provider ClusterEncryptionConfigProvider
Configuration block with provider for encryption. Detailed below.
resources string[]
List of strings with resources to be encrypted. Valid values: secrets
provider ClusterEncryptionConfigProviderArgs
Configuration block with provider for encryption. Detailed below.
resources Sequence[str]
List of strings with resources to be encrypted. Valid values: secrets

ClusterEncryptionConfigProvider

KeyArn string
Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
KeyArn string
Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
keyArn string
Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
key_arn str
Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.

ClusterIdentity

Oidcs List<ClusterIdentityOidcArgs>
Nested attribute containing OpenID Connect identity provider information for the cluster.
Oidcs []ClusterIdentityOidc
Nested attribute containing OpenID Connect identity provider information for the cluster.
oidcs ClusterIdentityOidc[]
Nested attribute containing OpenID Connect identity provider information for the cluster.
oidcs Sequence[ClusterIdentityOidcArgs]
Nested attribute containing OpenID Connect identity provider information for the cluster.

ClusterIdentityOidc

Issuer string
Issuer URL for the OpenID Connect identity provider.
Issuer string
Issuer URL for the OpenID Connect identity provider.
issuer string
Issuer URL for the OpenID Connect identity provider.
issuer str
Issuer URL for the OpenID Connect identity provider.

ClusterKubernetesNetworkConfig

ServiceIpv4Cidr string
The CIDR block to assign Kubernetes service IP addresses from. If you don’t specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:
ServiceIpv4Cidr string
The CIDR block to assign Kubernetes service IP addresses from. If you don’t specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:
serviceIpv4Cidr string
The CIDR block to assign Kubernetes service IP addresses from. If you don’t specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:
service_ipv4_cidr str
The CIDR block to assign Kubernetes service IP addresses from. If you don’t specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. You can only specify a custom CIDR block when you create a cluster, changing this value will force a new cluster to be created. The block must meet the following requirements:

ClusterVpcConfig

SubnetIds List<string>
List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
ClusterSecurityGroupId string
The cluster security group that was created by Amazon EKS for the cluster.
EndpointPrivateAccess bool
Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is false.
EndpointPublicAccess bool
Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is true.
PublicAccessCidrs List<string>
List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.
SecurityGroupIds List<string>
List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
VpcId string
The VPC associated with your cluster.
SubnetIds []string
List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
ClusterSecurityGroupId string
The cluster security group that was created by Amazon EKS for the cluster.
EndpointPrivateAccess bool
Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is false.
EndpointPublicAccess bool
Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is true.
PublicAccessCidrs []string
List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.
SecurityGroupIds []string
List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
VpcId string
The VPC associated with your cluster.
subnetIds string[]
List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
clusterSecurityGroupId string
The cluster security group that was created by Amazon EKS for the cluster.
endpointPrivateAccess boolean
Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is false.
endpointPublicAccess boolean
Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is true.
publicAccessCidrs string[]
List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.
securityGroupIds string[]
List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
vpcId string
The VPC associated with your cluster.
subnet_ids Sequence[str]
List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
cluster_security_group_id str
The cluster security group that was created by Amazon EKS for the cluster.
endpoint_private_access bool
Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is false.
endpoint_public_access bool
Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is true.
public_access_cidrs Sequence[str]
List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.
security_group_ids Sequence[str]
List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
vpc_id str
The VPC associated with your cluster.

Import

EKS Clusters can be imported using the name, e.g.

 $ pulumi import aws:eks/cluster:Cluster my_cluster my_cluster

Package Details

Repository
https://github.com/pulumi/pulumi-aws
License
Apache-2.0
Notes
This Pulumi package is based on the aws Terraform Provider.