AWS Native
Cluster
An object representing an Amazon EKS cluster.
Create a Cluster Resource
new Cluster(name: string, args: ClusterArgs, opts?: CustomResourceOptions);
@overload
def Cluster(resource_name: str,
opts: Optional[ResourceOptions] = None,
encryption_config: Optional[Sequence[ClusterEncryptionConfigArgs]] = None,
kubernetes_network_config: Optional[ClusterKubernetesNetworkConfigArgs] = None,
logging: Optional[ClusterLoggingArgs] = None,
name: Optional[str] = None,
resources_vpc_config: Optional[ClusterResourcesVpcConfigArgs] = None,
role_arn: Optional[str] = None,
tags: Optional[Sequence[ClusterTagArgs]] = None,
version: Optional[str] = None)
@overload
def Cluster(resource_name: str,
args: ClusterArgs,
opts: Optional[ResourceOptions] = None)
func NewCluster(ctx *Context, name string, args ClusterArgs, opts ...ResourceOption) (*Cluster, error)
public Cluster(string name, ClusterArgs args, CustomResourceOptions? opts = null)
public Cluster(String name, ClusterArgs args)
public Cluster(String name, ClusterArgs args, CustomResourceOptions options)
type: aws-native:eks:Cluster
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ClusterArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Cluster Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The Cluster resource accepts the following input properties:
- Resources
Vpc Pulumi.Config Aws Native. EKS. Inputs. Cluster Resources Vpc Config Args - Role
Arn string The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
- Encryption
Config List<Pulumi.Aws Native. EKS. Inputs. Cluster Encryption Config Args> - Kubernetes
Network Pulumi.Config Aws Native. EKS. Inputs. Cluster Kubernetes Network Config Args - Logging
Pulumi.
Aws Native. EKS. Inputs. Cluster Logging Args - Name string
The unique name to give to your cluster.
- List<Pulumi.
Aws Native. EKS. Inputs. Cluster Tag Args> An array of key-value pairs to apply to this resource.
- Version string
The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used.
- Resources
Vpc ClusterConfig Resources Vpc Config Args - Role
Arn string The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
- Encryption
Config []ClusterEncryption Config Args - Kubernetes
Network ClusterConfig Kubernetes Network Config Args - Logging
Cluster
Logging Args - Name string
The unique name to give to your cluster.
- []Cluster
Tag Args An array of key-value pairs to apply to this resource.
- Version string
The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used.
- resources
Vpc ClusterConfig Resources Vpc Config Args - role
Arn String The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
- encryption
Config List<ClusterEncryption Config Args> - kubernetes
Network ClusterConfig Kubernetes Network Config Args - logging
Cluster
Logging Args - name String
The unique name to give to your cluster.
- List<Cluster
Tag Args> An array of key-value pairs to apply to this resource.
- version String
The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used.
- resources
Vpc ClusterConfig Resources Vpc Config Args - role
Arn string The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
- encryption
Config ClusterEncryption Config Args[] - kubernetes
Network ClusterConfig Kubernetes Network Config Args - logging
Cluster
Logging Args - name string
The unique name to give to your cluster.
- Cluster
Tag Args[] An array of key-value pairs to apply to this resource.
- version string
The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used.
- resources_
vpc_ Clusterconfig Resources Vpc Config Args - role_
arn str The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
- encryption_
config Sequence[ClusterEncryption Config Args] - kubernetes_
network_ Clusterconfig Kubernetes Network Config Args - logging
Cluster
Logging Args - name str
The unique name to give to your cluster.
- Sequence[Cluster
Tag Args] An array of key-value pairs to apply to this resource.
- version str
The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used.
- resources
Vpc Property MapConfig - role
Arn String The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
- encryption
Config List<Property Map> - kubernetes
Network Property MapConfig - logging Property Map
- name String
The unique name to give to your cluster.
- List<Property Map>
An array of key-value pairs to apply to this resource.
- version String
The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used.
Outputs
All input properties are implicitly available as output properties. Additionally, the Cluster resource produces the following output properties:
- Arn string
The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod.
- string
The certificate-authority-data for your cluster.
- Cluster
Security stringGroup Id The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication.
- Encryption
Config stringKey Arn Amazon Resource Name (ARN) or alias of the customer master key (CMK).
- Endpoint string
The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com.
- Id string
The provider-assigned unique ID for this managed resource.
- Open
Id stringConnect Issuer Url The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template.
- Arn string
The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod.
- string
The certificate-authority-data for your cluster.
- Cluster
Security stringGroup Id The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication.
- Encryption
Config stringKey Arn Amazon Resource Name (ARN) or alias of the customer master key (CMK).
- Endpoint string
The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com.
- Id string
The provider-assigned unique ID for this managed resource.
- Open
Id stringConnect Issuer Url The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template.
- arn String
The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod.
- String
The certificate-authority-data for your cluster.
- cluster
Security StringGroup Id The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication.
- encryption
Config StringKey Arn Amazon Resource Name (ARN) or alias of the customer master key (CMK).
- endpoint String
The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com.
- id String
The provider-assigned unique ID for this managed resource.
- open
Id StringConnect Issuer Url The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template.
- arn string
The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod.
- string
The certificate-authority-data for your cluster.
- cluster
Security stringGroup Id The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication.
- encryption
Config stringKey Arn Amazon Resource Name (ARN) or alias of the customer master key (CMK).
- endpoint string
The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com.
- id string
The provider-assigned unique ID for this managed resource.
- open
Id stringConnect Issuer Url The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template.
- arn str
The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod.
- str
The certificate-authority-data for your cluster.
- cluster_
security_ strgroup_ id The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication.
- encryption_
config_ strkey_ arn Amazon Resource Name (ARN) or alias of the customer master key (CMK).
- endpoint str
The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com.
- id str
The provider-assigned unique ID for this managed resource.
- open_
id_ strconnect_ issuer_ url The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template.
- arn String
The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod.
- String
The certificate-authority-data for your cluster.
- cluster
Security StringGroup Id The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication.
- encryption
Config StringKey Arn Amazon Resource Name (ARN) or alias of the customer master key (CMK).
- endpoint String
The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com.
- id String
The provider-assigned unique ID for this managed resource.
- open
Id StringConnect Issuer Url The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template.
Supporting Types
ClusterEncryptionConfig
- Provider
Pulumi.
Aws Native. EKS. Inputs. Cluster Provider The encryption provider for the cluster.
- Resources List<string>
Specifies the resources to be encrypted. The only supported value is "secrets".
- Provider
Cluster
Provider The encryption provider for the cluster.
- Resources []string
Specifies the resources to be encrypted. The only supported value is "secrets".
- provider
Cluster
Provider The encryption provider for the cluster.
- resources List<String>
Specifies the resources to be encrypted. The only supported value is "secrets".
- provider
Cluster
Provider The encryption provider for the cluster.
- resources string[]
Specifies the resources to be encrypted. The only supported value is "secrets".
- provider
Cluster
Provider The encryption provider for the cluster.
- resources Sequence[str]
Specifies the resources to be encrypted. The only supported value is "secrets".
- provider Property Map
The encryption provider for the cluster.
- resources List<String>
Specifies the resources to be encrypted. The only supported value is "secrets".
ClusterKubernetesNetworkConfig
- Ip
Family Pulumi.Aws Native. EKS. Cluster Kubernetes Network Config Ip Family Ipv4 or Ipv6. You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on
- Service
Ipv4Cidr string The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC.
- Service
Ipv6Cidr string The CIDR block to assign Kubernetes service IP addresses from.
- Ip
Family ClusterKubernetes Network Config Ip Family Ipv4 or Ipv6. You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on
- Service
Ipv4Cidr string The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC.
- Service
Ipv6Cidr string The CIDR block to assign Kubernetes service IP addresses from.
- ip
Family ClusterKubernetes Network Config Ip Family Ipv4 or Ipv6. You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on
- service
Ipv4Cidr String The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC.
- service
Ipv6Cidr String The CIDR block to assign Kubernetes service IP addresses from.
- ip
Family ClusterKubernetes Network Config Ip Family Ipv4 or Ipv6. You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on
- service
Ipv4Cidr string The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC.
- service
Ipv6Cidr string The CIDR block to assign Kubernetes service IP addresses from.
- ip_
family ClusterKubernetes Network Config Ip Family Ipv4 or Ipv6. You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on
- service_
ipv4_ strcidr The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC.
- service_
ipv6_ strcidr The CIDR block to assign Kubernetes service IP addresses from.
- ip
Family "ipv4" | "ipv6" Ipv4 or Ipv6. You can only specify ipv6 for 1.21 and later clusters that use version 1.10.1 or later of the Amazon VPC CNI add-on
- service
Ipv4Cidr String The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC.
- service
Ipv6Cidr String The CIDR block to assign Kubernetes service IP addresses from.
ClusterKubernetesNetworkConfigIpFamily
- Ipv4
- ipv4
- Ipv6
- ipv6
- Cluster
Kubernetes Network Config Ip Family Ipv4 - ipv4
- Cluster
Kubernetes Network Config Ip Family Ipv6 - ipv6
- Ipv4
- ipv4
- Ipv6
- ipv6
- Ipv4
- ipv4
- Ipv6
- ipv6
- IPV4
- ipv4
- IPV6
- ipv6
- "ipv4"
- ipv4
- "ipv6"
- ipv6
ClusterLogging
- Cluster
Logging Pulumi.Value Aws Native. EKS. Inputs. Cluster Logging The cluster control plane logging configuration for your cluster.
- Cluster
Logging ClusterLogging The cluster control plane logging configuration for your cluster.
- cluster
Logging ClusterLogging The cluster control plane logging configuration for your cluster.
- cluster
Logging ClusterLogging The cluster control plane logging configuration for your cluster.
- cluster_
logging ClusterLogging The cluster control plane logging configuration for your cluster.
- cluster
Logging Property Map The cluster control plane logging configuration for your cluster.
ClusterProvider
- Key
Arn string Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key.
- Key
Arn string Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key.
- key
Arn String Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key.
- key
Arn string Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key.
- key_
arn str Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key.
- key
Arn String Amazon Resource Name (ARN) or alias of the KMS key. The KMS key must be symmetric, created in the same region as the cluster, and if the KMS key was created in a different account, the user must have access to the KMS key.
ClusterResourcesVpcConfig
- Subnet
Ids List<string> Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
- Endpoint
Private boolAccess Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods.
- Endpoint
Public boolAccess Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server.
- Public
Access List<string>Cidrs The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or AWS Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks.
- Security
Group List<string>Ids Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. If you don't specify a security group, the default security group for your VPC is used.
- Subnet
Ids []string Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
- Endpoint
Private boolAccess Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods.
- Endpoint
Public boolAccess Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server.
- Public
Access []stringCidrs The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or AWS Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks.
- Security
Group []stringIds Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. If you don't specify a security group, the default security group for your VPC is used.
- subnet
Ids List<String> Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
- endpoint
Private BooleanAccess Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods.
- endpoint
Public BooleanAccess Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server.
- public
Access List<String>Cidrs The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or AWS Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks.
- security
Group List<String>Ids Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. If you don't specify a security group, the default security group for your VPC is used.
- subnet
Ids string[] Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
- endpoint
Private booleanAccess Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods.
- endpoint
Public booleanAccess Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server.
- public
Access string[]Cidrs The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or AWS Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks.
- security
Group string[]Ids Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. If you don't specify a security group, the default security group for your VPC is used.
- subnet_
ids Sequence[str] Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
- endpoint_
private_ boolaccess Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods.
- endpoint_
public_ boolaccess Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server.
- public_
access_ Sequence[str]cidrs The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or AWS Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks.
- security_
group_ Sequence[str]ids Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. If you don't specify a security group, the default security group for your VPC is used.
- subnet
Ids List<String> Specify subnets for your Amazon EKS nodes. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane.
- endpoint
Private BooleanAccess Set this value to true to enable private access for your cluster's Kubernetes API server endpoint. If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is false, which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs includes the necessary CIDR blocks for communication with the nodes or Fargate pods.
- endpoint
Public BooleanAccess Set this value to false to disable public access to your cluster's Kubernetes API server endpoint. If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is true, which enables public access for your Kubernetes API server.
- public
Access List<String>Cidrs The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes or AWS Fargate pods in the cluster, then ensure that you specify the necessary CIDR blocks.
- security
Group List<String>Ids Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane. If you don't specify a security group, the default security group for your VPC is used.
ClusterTag
- Key string
The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- Value string
The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- Key string
The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- Value string
The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- key String
The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- value String
The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- key string
The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- value string
The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- key str
The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- value str
The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- key String
The key name of the tag. You can specify a value that is 1 to 128 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
- value String
The value for the tag. You can specify a value that is 0 to 256 Unicode characters in length and cannot be prefixed with aws:. You can use any of the following characters: the set of Unicode letters, digits, whitespace, _, ., /, =, +, and -.
Package Details
- Repository
- https://github.com/pulumi/pulumi-aws-native
- License
- Apache-2.0