We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.40.0 published on Thursday, Dec 11, 2025 by Pulumi
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.40.0 published on Thursday, Dec 11, 2025 by Pulumi
Resource Type definition for EKS Capability.
Using getCapability
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getCapability(args: GetCapabilityArgs, opts?: InvokeOptions): Promise<GetCapabilityResult>
function getCapabilityOutput(args: GetCapabilityOutputArgs, opts?: InvokeOptions): Output<GetCapabilityResult>def get_capability(arn: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetCapabilityResult
def get_capability_output(arn: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetCapabilityResult]func LookupCapability(ctx *Context, args *LookupCapabilityArgs, opts ...InvokeOption) (*LookupCapabilityResult, error)
func LookupCapabilityOutput(ctx *Context, args *LookupCapabilityOutputArgs, opts ...InvokeOption) LookupCapabilityResultOutput> Note: This function is named LookupCapability in the Go SDK.
public static class GetCapability
{
public static Task<GetCapabilityResult> InvokeAsync(GetCapabilityArgs args, InvokeOptions? opts = null)
public static Output<GetCapabilityResult> Invoke(GetCapabilityInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetCapabilityResult> getCapability(GetCapabilityArgs args, InvokeOptions options)
public static Output<GetCapabilityResult> getCapability(GetCapabilityArgs args, InvokeOptions options)
fn::invoke:
function: aws-native:eks:getCapability
arguments:
# arguments dictionaryThe following arguments are supported:
- Arn string
- The Amazon Resource Name (ARN) of the capability.
- Arn string
- The Amazon Resource Name (ARN) of the capability.
- arn String
- The Amazon Resource Name (ARN) of the capability.
- arn string
- The Amazon Resource Name (ARN) of the capability.
- arn str
- The Amazon Resource Name (ARN) of the capability.
- arn String
- The Amazon Resource Name (ARN) of the capability.
getCapability Result
The following output properties are available:
- Arn string
- The Amazon Resource Name (ARN) of the capability.
- Configuration
Pulumi.
Aws Native. Eks. Outputs. Capability Configuration - The configuration settings for the capability. The structure of this object varies depending on the capability type. For Argo CD capabilities, you can configure IAM Identity Center integration, RBAC role mappings, and network access settings.
- Created
At string - The Unix epoch timestamp in seconds for when the capability was created.
- Delete
Propagation Pulumi.Policy Aws Native. Eks. Capability Delete Propagation Policy - Specifies how Kubernetes resources managed by the capability should be handled when the capability is deleted. Currently, the only supported value is RETAIN which retains all Kubernetes resources managed by the capability when the capability is deleted.
- Modified
At string - The Unix epoch timestamp in seconds for when the capability was last modified.
- Role
Arn string - The Amazon Resource Name (ARN) of the IAM role that the capability uses to interact with AWS services. This role must have a trust policy that allows the EKS service principal to assume it, and it must have the necessary permissions for the capability type you're creating.
- Status string
- The current status of the capability. Valid values include: CREATING (the capability is being created), ACTIVE (the capability is running and available), UPDATING (the capability is being updated), DELETING (the capability is being deleted), CREATE_FAILED (the capability creation failed), UPDATE_FAILED (the capability update failed), or DELETE_FAILED (the capability deletion failed).
-
List<Pulumi.
Aws Native. Outputs. Tag> - An array of key-value pairs to apply to this resource.
- Version string
- The version of the capability software that is currently running.
- Arn string
- The Amazon Resource Name (ARN) of the capability.
- Configuration
Capability
Configuration - The configuration settings for the capability. The structure of this object varies depending on the capability type. For Argo CD capabilities, you can configure IAM Identity Center integration, RBAC role mappings, and network access settings.
- Created
At string - The Unix epoch timestamp in seconds for when the capability was created.
- Delete
Propagation CapabilityPolicy Delete Propagation Policy - Specifies how Kubernetes resources managed by the capability should be handled when the capability is deleted. Currently, the only supported value is RETAIN which retains all Kubernetes resources managed by the capability when the capability is deleted.
- Modified
At string - The Unix epoch timestamp in seconds for when the capability was last modified.
- Role
Arn string - The Amazon Resource Name (ARN) of the IAM role that the capability uses to interact with AWS services. This role must have a trust policy that allows the EKS service principal to assume it, and it must have the necessary permissions for the capability type you're creating.
- Status string
- The current status of the capability. Valid values include: CREATING (the capability is being created), ACTIVE (the capability is running and available), UPDATING (the capability is being updated), DELETING (the capability is being deleted), CREATE_FAILED (the capability creation failed), UPDATE_FAILED (the capability update failed), or DELETE_FAILED (the capability deletion failed).
- Tag
- An array of key-value pairs to apply to this resource.
- Version string
- The version of the capability software that is currently running.
- arn String
- The Amazon Resource Name (ARN) of the capability.
- configuration
Capability
Configuration - The configuration settings for the capability. The structure of this object varies depending on the capability type. For Argo CD capabilities, you can configure IAM Identity Center integration, RBAC role mappings, and network access settings.
- created
At String - The Unix epoch timestamp in seconds for when the capability was created.
- delete
Propagation CapabilityPolicy Delete Propagation Policy - Specifies how Kubernetes resources managed by the capability should be handled when the capability is deleted. Currently, the only supported value is RETAIN which retains all Kubernetes resources managed by the capability when the capability is deleted.
- modified
At String - The Unix epoch timestamp in seconds for when the capability was last modified.
- role
Arn String - The Amazon Resource Name (ARN) of the IAM role that the capability uses to interact with AWS services. This role must have a trust policy that allows the EKS service principal to assume it, and it must have the necessary permissions for the capability type you're creating.
- status String
- The current status of the capability. Valid values include: CREATING (the capability is being created), ACTIVE (the capability is running and available), UPDATING (the capability is being updated), DELETING (the capability is being deleted), CREATE_FAILED (the capability creation failed), UPDATE_FAILED (the capability update failed), or DELETE_FAILED (the capability deletion failed).
- List<Tag>
- An array of key-value pairs to apply to this resource.
- version String
- The version of the capability software that is currently running.
- arn string
- The Amazon Resource Name (ARN) of the capability.
- configuration
Capability
Configuration - The configuration settings for the capability. The structure of this object varies depending on the capability type. For Argo CD capabilities, you can configure IAM Identity Center integration, RBAC role mappings, and network access settings.
- created
At string - The Unix epoch timestamp in seconds for when the capability was created.
- delete
Propagation CapabilityPolicy Delete Propagation Policy - Specifies how Kubernetes resources managed by the capability should be handled when the capability is deleted. Currently, the only supported value is RETAIN which retains all Kubernetes resources managed by the capability when the capability is deleted.
- modified
At string - The Unix epoch timestamp in seconds for when the capability was last modified.
- role
Arn string - The Amazon Resource Name (ARN) of the IAM role that the capability uses to interact with AWS services. This role must have a trust policy that allows the EKS service principal to assume it, and it must have the necessary permissions for the capability type you're creating.
- status string
- The current status of the capability. Valid values include: CREATING (the capability is being created), ACTIVE (the capability is running and available), UPDATING (the capability is being updated), DELETING (the capability is being deleted), CREATE_FAILED (the capability creation failed), UPDATE_FAILED (the capability update failed), or DELETE_FAILED (the capability deletion failed).
- Tag[]
- An array of key-value pairs to apply to this resource.
- version string
- The version of the capability software that is currently running.
- arn str
- The Amazon Resource Name (ARN) of the capability.
- configuration
Capability
Configuration - The configuration settings for the capability. The structure of this object varies depending on the capability type. For Argo CD capabilities, you can configure IAM Identity Center integration, RBAC role mappings, and network access settings.
- created_
at str - The Unix epoch timestamp in seconds for when the capability was created.
- delete_
propagation_ Capabilitypolicy Delete Propagation Policy - Specifies how Kubernetes resources managed by the capability should be handled when the capability is deleted. Currently, the only supported value is RETAIN which retains all Kubernetes resources managed by the capability when the capability is deleted.
- modified_
at str - The Unix epoch timestamp in seconds for when the capability was last modified.
- role_
arn str - The Amazon Resource Name (ARN) of the IAM role that the capability uses to interact with AWS services. This role must have a trust policy that allows the EKS service principal to assume it, and it must have the necessary permissions for the capability type you're creating.
- status str
- The current status of the capability. Valid values include: CREATING (the capability is being created), ACTIVE (the capability is running and available), UPDATING (the capability is being updated), DELETING (the capability is being deleted), CREATE_FAILED (the capability creation failed), UPDATE_FAILED (the capability update failed), or DELETE_FAILED (the capability deletion failed).
- Sequence[root_Tag]
- An array of key-value pairs to apply to this resource.
- version str
- The version of the capability software that is currently running.
- arn String
- The Amazon Resource Name (ARN) of the capability.
- configuration Property Map
- The configuration settings for the capability. The structure of this object varies depending on the capability type. For Argo CD capabilities, you can configure IAM Identity Center integration, RBAC role mappings, and network access settings.
- created
At String - The Unix epoch timestamp in seconds for when the capability was created.
- delete
Propagation "RETAIN"Policy - Specifies how Kubernetes resources managed by the capability should be handled when the capability is deleted. Currently, the only supported value is RETAIN which retains all Kubernetes resources managed by the capability when the capability is deleted.
- modified
At String - The Unix epoch timestamp in seconds for when the capability was last modified.
- role
Arn String - The Amazon Resource Name (ARN) of the IAM role that the capability uses to interact with AWS services. This role must have a trust policy that allows the EKS service principal to assume it, and it must have the necessary permissions for the capability type you're creating.
- status String
- The current status of the capability. Valid values include: CREATING (the capability is being created), ACTIVE (the capability is running and available), UPDATING (the capability is being updated), DELETING (the capability is being deleted), CREATE_FAILED (the capability creation failed), UPDATE_FAILED (the capability update failed), or DELETE_FAILED (the capability deletion failed).
- List<Property Map>
- An array of key-value pairs to apply to this resource.
- version String
- The version of the capability software that is currently running.
Supporting Types
CapabilityArgoCd
- Aws
Idc Pulumi.Aws Native. Eks. Inputs. Capability Aws Idc - Namespace string
- The Kubernetes namespace where Argo CD resources will be created. If not specified, the default namespace is used.
- Network
Access Pulumi.Aws Native. Eks. Inputs. Capability Network Access - Rbac
Role List<Pulumi.Mappings Aws Native. Eks. Inputs. Capability Argo Cd Role Mapping> - A list of role mappings that define which IAM Identity Center users or groups have which Argo CD roles. Each mapping associates an Argo CD role (ADMIN, EDITOR, or VIEWER) with one or more IAM Identity Center identities.
- Server
Url string - The URL of the Argo CD server. Use this URL to access the Argo CD web interface and API.
- Aws
Idc CapabilityAws Idc - Namespace string
- The Kubernetes namespace where Argo CD resources will be created. If not specified, the default namespace is used.
- Network
Access CapabilityNetwork Access - Rbac
Role []CapabilityMappings Argo Cd Role Mapping - A list of role mappings that define which IAM Identity Center users or groups have which Argo CD roles. Each mapping associates an Argo CD role (ADMIN, EDITOR, or VIEWER) with one or more IAM Identity Center identities.
- Server
Url string - The URL of the Argo CD server. Use this URL to access the Argo CD web interface and API.
- aws
Idc CapabilityAws Idc - namespace String
- The Kubernetes namespace where Argo CD resources will be created. If not specified, the default namespace is used.
- network
Access CapabilityNetwork Access - rbac
Role List<CapabilityMappings Argo Cd Role Mapping> - A list of role mappings that define which IAM Identity Center users or groups have which Argo CD roles. Each mapping associates an Argo CD role (ADMIN, EDITOR, or VIEWER) with one or more IAM Identity Center identities.
- server
Url String - The URL of the Argo CD server. Use this URL to access the Argo CD web interface and API.
- aws
Idc CapabilityAws Idc - namespace string
- The Kubernetes namespace where Argo CD resources will be created. If not specified, the default namespace is used.
- network
Access CapabilityNetwork Access - rbac
Role CapabilityMappings Argo Cd Role Mapping[] - A list of role mappings that define which IAM Identity Center users or groups have which Argo CD roles. Each mapping associates an Argo CD role (ADMIN, EDITOR, or VIEWER) with one or more IAM Identity Center identities.
- server
Url string - The URL of the Argo CD server. Use this URL to access the Argo CD web interface and API.
- aws_
idc CapabilityAws Idc - namespace str
- The Kubernetes namespace where Argo CD resources will be created. If not specified, the default namespace is used.
- network_
access CapabilityNetwork Access - rbac_
role_ Sequence[Capabilitymappings Argo Cd Role Mapping] - A list of role mappings that define which IAM Identity Center users or groups have which Argo CD roles. Each mapping associates an Argo CD role (ADMIN, EDITOR, or VIEWER) with one or more IAM Identity Center identities.
- server_
url str - The URL of the Argo CD server. Use this URL to access the Argo CD web interface and API.
- aws
Idc Property Map - namespace String
- The Kubernetes namespace where Argo CD resources will be created. If not specified, the default namespace is used.
- network
Access Property Map - rbac
Role List<Property Map>Mappings - A list of role mappings that define which IAM Identity Center users or groups have which Argo CD roles. Each mapping associates an Argo CD role (ADMIN, EDITOR, or VIEWER) with one or more IAM Identity Center identities.
- server
Url String - The URL of the Argo CD server. Use this URL to access the Argo CD web interface and API.
CapabilityArgoCdRoleMapping
- Identities
List<Pulumi.
Aws Native. Eks. Inputs. Capability Sso Identity> - A list of IAM Identity Center identities (users or groups) that should be assigned this Argo CD role.
- Role
Pulumi.
Aws Native. Eks. Capability Argo Cd Role Mapping Role - The Argo CD role to assign. Valid values are: ADMIN (full administrative access to Argo CD), EDITOR (edit access to Argo CD resources), or VIEWER (read-only access to Argo CD resources).
- Identities
[]Capability
Sso Identity - A list of IAM Identity Center identities (users or groups) that should be assigned this Argo CD role.
- Role
Capability
Argo Cd Role Mapping Role - The Argo CD role to assign. Valid values are: ADMIN (full administrative access to Argo CD), EDITOR (edit access to Argo CD resources), or VIEWER (read-only access to Argo CD resources).
- identities
List<Capability
Sso Identity> - A list of IAM Identity Center identities (users or groups) that should be assigned this Argo CD role.
- role
Capability
Argo Cd Role Mapping Role - The Argo CD role to assign. Valid values are: ADMIN (full administrative access to Argo CD), EDITOR (edit access to Argo CD resources), or VIEWER (read-only access to Argo CD resources).
- identities
Capability
Sso Identity[] - A list of IAM Identity Center identities (users or groups) that should be assigned this Argo CD role.
- role
Capability
Argo Cd Role Mapping Role - The Argo CD role to assign. Valid values are: ADMIN (full administrative access to Argo CD), EDITOR (edit access to Argo CD resources), or VIEWER (read-only access to Argo CD resources).
- identities
Sequence[Capability
Sso Identity] - A list of IAM Identity Center identities (users or groups) that should be assigned this Argo CD role.
- role
Capability
Argo Cd Role Mapping Role - The Argo CD role to assign. Valid values are: ADMIN (full administrative access to Argo CD), EDITOR (edit access to Argo CD resources), or VIEWER (read-only access to Argo CD resources).
- identities List<Property Map>
- A list of IAM Identity Center identities (users or groups) that should be assigned this Argo CD role.
- role "ADMIN" | "EDITOR" | "VIEWER"
- The Argo CD role to assign. Valid values are: ADMIN (full administrative access to Argo CD), EDITOR (edit access to Argo CD resources), or VIEWER (read-only access to Argo CD resources).
CapabilityArgoCdRoleMappingRole
CapabilityAwsIdc
- Idc
Instance stringArn - The ARN of the IAM Identity Center instance to use for authentication.
- Idc
Managed stringApplication Arn - The ARN of the managed application created in IAM Identity Center for this Argo CD capability. This application is automatically created and managed by EKS.
- Idc
Region string - The Region where your IAM Identity Center instance is located.
- Idc
Instance stringArn - The ARN of the IAM Identity Center instance to use for authentication.
- Idc
Managed stringApplication Arn - The ARN of the managed application created in IAM Identity Center for this Argo CD capability. This application is automatically created and managed by EKS.
- Idc
Region string - The Region where your IAM Identity Center instance is located.
- idc
Instance StringArn - The ARN of the IAM Identity Center instance to use for authentication.
- idc
Managed StringApplication Arn - The ARN of the managed application created in IAM Identity Center for this Argo CD capability. This application is automatically created and managed by EKS.
- idc
Region String - The Region where your IAM Identity Center instance is located.
- idc
Instance stringArn - The ARN of the IAM Identity Center instance to use for authentication.
- idc
Managed stringApplication Arn - The ARN of the managed application created in IAM Identity Center for this Argo CD capability. This application is automatically created and managed by EKS.
- idc
Region string - The Region where your IAM Identity Center instance is located.
- idc_
instance_ strarn - The ARN of the IAM Identity Center instance to use for authentication.
- idc_
managed_ strapplication_ arn - The ARN of the managed application created in IAM Identity Center for this Argo CD capability. This application is automatically created and managed by EKS.
- idc_
region str - The Region where your IAM Identity Center instance is located.
- idc
Instance StringArn - The ARN of the IAM Identity Center instance to use for authentication.
- idc
Managed StringApplication Arn - The ARN of the managed application created in IAM Identity Center for this Argo CD capability. This application is automatically created and managed by EKS.
- idc
Region String - The Region where your IAM Identity Center instance is located.
CapabilityConfiguration
CapabilityDeletePropagationPolicy
CapabilityNetworkAccess
- Vpce
Ids List<string> - A list of VPC endpoint IDs to associate with the managed Argo CD API server endpoint. Each VPC endpoint provides private connectivity from a specific VPC to the Argo CD server. You can specify multiple VPC endpoint IDs to enable access from multiple VPCs.
- Vpce
Ids []string - A list of VPC endpoint IDs to associate with the managed Argo CD API server endpoint. Each VPC endpoint provides private connectivity from a specific VPC to the Argo CD server. You can specify multiple VPC endpoint IDs to enable access from multiple VPCs.
- vpce
Ids List<String> - A list of VPC endpoint IDs to associate with the managed Argo CD API server endpoint. Each VPC endpoint provides private connectivity from a specific VPC to the Argo CD server. You can specify multiple VPC endpoint IDs to enable access from multiple VPCs.
- vpce
Ids string[] - A list of VPC endpoint IDs to associate with the managed Argo CD API server endpoint. Each VPC endpoint provides private connectivity from a specific VPC to the Argo CD server. You can specify multiple VPC endpoint IDs to enable access from multiple VPCs.
- vpce_
ids Sequence[str] - A list of VPC endpoint IDs to associate with the managed Argo CD API server endpoint. Each VPC endpoint provides private connectivity from a specific VPC to the Argo CD server. You can specify multiple VPC endpoint IDs to enable access from multiple VPCs.
- vpce
Ids List<String> - A list of VPC endpoint IDs to associate with the managed Argo CD API server endpoint. Each VPC endpoint provides private connectivity from a specific VPC to the Argo CD server. You can specify multiple VPC endpoint IDs to enable access from multiple VPCs.
CapabilitySsoIdentity
- Id string
- The unique identifier of the IAM Identity Center user or group.
- Type
Pulumi.
Aws Native. Eks. Capability Sso Identity Type - The type of identity. Valid values are SSO_USER or SSO_GROUP.
- Id string
- The unique identifier of the IAM Identity Center user or group.
- Type
Capability
Sso Identity Type - The type of identity. Valid values are SSO_USER or SSO_GROUP.
- id String
- The unique identifier of the IAM Identity Center user or group.
- type
Capability
Sso Identity Type - The type of identity. Valid values are SSO_USER or SSO_GROUP.
- id string
- The unique identifier of the IAM Identity Center user or group.
- type
Capability
Sso Identity Type - The type of identity. Valid values are SSO_USER or SSO_GROUP.
- id str
- The unique identifier of the IAM Identity Center user or group.
- type
Capability
Sso Identity Type - The type of identity. Valid values are SSO_USER or SSO_GROUP.
- id String
- The unique identifier of the IAM Identity Center user or group.
- type "SSO_USER" | "SSO_GROUP"
- The type of identity. Valid values are SSO_USER or SSO_GROUP.
CapabilitySsoIdentityType
Tag
Package Details
- Repository
- AWS Native pulumi/pulumi-aws-native
- License
- Apache-2.0
We recommend new projects start with resources from the AWS provider.
AWS Cloud Control v1.40.0 published on Thursday, Dec 11, 2025 by Pulumi
