1. Packages
  2. Amazon EKS
  3. API Docs
  4. ManagedNodeGroup
Amazon EKS v2.8.1 published on Tuesday, Sep 17, 2024 by Pulumi

eks.ManagedNodeGroup

Explore with Pulumi AI

eks logo
Amazon EKS v2.8.1 published on Tuesday, Sep 17, 2024 by Pulumi

    ManagedNodeGroup is a component that wraps creating an AWS managed node group.

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html

    Create ManagedNodeGroup Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new ManagedNodeGroup(name: string, args: ManagedNodeGroupArgs, opts?: CustomResourceOptions);
    @overload
    def ManagedNodeGroup(resource_name: str,
                         args: ManagedNodeGroupArgs,
                         opts: Optional[ResourceOptions] = None)
    
    @overload
    def ManagedNodeGroup(resource_name: str,
                         opts: Optional[ResourceOptions] = None,
                         cluster: Optional[Union[Cluster, CoreDataArgs]] = None,
                         labels: Optional[Mapping[str, str]] = None,
                         bootstrap_extra_args: Optional[str] = None,
                         node_group_name: Optional[str] = None,
                         cluster_name: Optional[str] = None,
                         disk_size: Optional[int] = None,
                         enable_imd_sv2: Optional[bool] = None,
                         force_update_version: Optional[bool] = None,
                         instance_types: Optional[Sequence[str]] = None,
                         node_group_name_prefix: Optional[str] = None,
                         ami_type: Optional[str] = None,
                         version: Optional[str] = None,
                         capacity_type: Optional[str] = None,
                         kubelet_extra_args: Optional[str] = None,
                         node_role: Optional[pulumi_aws.iam.Role] = None,
                         node_role_arn: Optional[str] = None,
                         release_version: Optional[str] = None,
                         remote_access: Optional[pulumi_aws.eks.NodeGroupRemoteAccessArgs] = None,
                         scaling_config: Optional[pulumi_aws.eks.NodeGroupScalingConfigArgs] = None,
                         subnet_ids: Optional[Sequence[str]] = None,
                         tags: Optional[Mapping[str, str]] = None,
                         taints: Optional[Sequence[pulumi_aws.eks.NodeGroupTaintArgs]] = None,
                         launch_template: Optional[pulumi_aws.eks.NodeGroupLaunchTemplateArgs] = None)
    func NewManagedNodeGroup(ctx *Context, name string, args ManagedNodeGroupArgs, opts ...ResourceOption) (*ManagedNodeGroup, error)
    public ManagedNodeGroup(string name, ManagedNodeGroupArgs args, CustomResourceOptions? opts = null)
    public ManagedNodeGroup(String name, ManagedNodeGroupArgs args)
    public ManagedNodeGroup(String name, ManagedNodeGroupArgs args, CustomResourceOptions options)
    
    type: eks:ManagedNodeGroup
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args ManagedNodeGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args ManagedNodeGroupArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args ManagedNodeGroupArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args ManagedNodeGroupArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args ManagedNodeGroupArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    ManagedNodeGroup Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The ManagedNodeGroup resource accepts the following input properties:

    Cluster Pulumi.Eks.Cluster | CoreData
    The target EKS cluster.
    AmiType string
    Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to AL2_x86_64. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided.
    BootstrapExtraArgs string

    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.

    Note that this field conflicts with launchTemplate.

    CapacityType string
    Type of capacity associated with the EKS Node Group. Valid values: ON_DEMAND, SPOT. This provider will only perform drift detection if a configuration value is provided.
    ClusterName string
    Name of the EKS Cluster.
    DiskSize int
    Disk size in GiB for worker nodes. Defaults to 20. This provider will only perform drift detection if a configuration value is provided.
    EnableIMDSv2 bool

    Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to false.

    Note that this field conflicts with launchTemplate. If you are providing a custom launchTemplate, you should enable this feature within the launchTemplateMetadataOptions of the supplied launchTemplate.

    ForceUpdateVersion bool
    Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
    InstanceTypes List<string>
    Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set.
    KubeletExtraArgs string
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example, kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'. Note that this field conflicts with launchTemplate.
    Labels Dictionary<string, string>
    Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
    LaunchTemplate Pulumi.Aws.Eks.Inputs.NodeGroupLaunchTemplate

    Launch Template settings.

    Note: This field is mutually exclusive with kubeletExtraArgs and bootstrapExtraArgs. This type is defined in the AWS Classic package.

    NodeGroupName string
    Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with nodeGroupNamePrefix.
    NodeGroupNamePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with nodeGroupName.
    NodeRole Pulumi.Aws.Iam.Role

    The IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRole and nodeRoleArn are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.

    NodeRoleArn string

    Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRoleArn and nodeRole are mutually exclusive, and a single option must be used.

    ReleaseVersion string
    AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
    RemoteAccess Pulumi.Aws.Eks.Inputs.NodeGroupRemoteAccess
    Remote access settings. This type is defined in the AWS Classic package.
    ScalingConfig Pulumi.Aws.Eks.Inputs.NodeGroupScalingConfig

    Scaling settings.

    Default scaling amounts of the node group autoscaling group are:

    • desiredSize: 2
    • minSize: 1
    • maxSize: 2 This type is defined in the AWS Classic package.
    SubnetIds List<string>

    Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).

    Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:

    • core.subnetIds
    • core.privateIds
    • core.publicSubnetIds

    This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11

    Tags Dictionary<string, string>
    Key-value mapping of resource tags.
    Taints List<Pulumi.Aws.Eks.Inputs.NodeGroupTaint>
    The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
    Version string
    Cluster Cluster | CoreDataArgs
    The target EKS cluster.
    AmiType string
    Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to AL2_x86_64. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided.
    BootstrapExtraArgs string

    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.

    Note that this field conflicts with launchTemplate.

    CapacityType string
    Type of capacity associated with the EKS Node Group. Valid values: ON_DEMAND, SPOT. This provider will only perform drift detection if a configuration value is provided.
    ClusterName string
    Name of the EKS Cluster.
    DiskSize int
    Disk size in GiB for worker nodes. Defaults to 20. This provider will only perform drift detection if a configuration value is provided.
    EnableIMDSv2 bool

    Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to false.

    Note that this field conflicts with launchTemplate. If you are providing a custom launchTemplate, you should enable this feature within the launchTemplateMetadataOptions of the supplied launchTemplate.

    ForceUpdateVersion bool
    Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
    InstanceTypes []string
    Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set.
    KubeletExtraArgs string
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example, kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'. Note that this field conflicts with launchTemplate.
    Labels map[string]string
    Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
    LaunchTemplate NodeGroupLaunchTemplateArgs

    Launch Template settings.

    Note: This field is mutually exclusive with kubeletExtraArgs and bootstrapExtraArgs. This type is defined in the AWS Classic package.

    NodeGroupName string
    Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with nodeGroupNamePrefix.
    NodeGroupNamePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with nodeGroupName.
    NodeRole Role

    The IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRole and nodeRoleArn are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.

    NodeRoleArn string

    Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRoleArn and nodeRole are mutually exclusive, and a single option must be used.

    ReleaseVersion string
    AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
    RemoteAccess NodeGroupRemoteAccessArgs
    Remote access settings. This type is defined in the AWS Classic package.
    ScalingConfig NodeGroupScalingConfigArgs

    Scaling settings.

    Default scaling amounts of the node group autoscaling group are:

    • desiredSize: 2
    • minSize: 1
    • maxSize: 2 This type is defined in the AWS Classic package.
    SubnetIds []string

    Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).

    Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:

    • core.subnetIds
    • core.privateIds
    • core.publicSubnetIds

    This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11

    Tags map[string]string
    Key-value mapping of resource tags.
    Taints NodeGroupTaintArgs
    The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
    Version string
    cluster Cluster | CoreData
    The target EKS cluster.
    amiType String
    Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to AL2_x86_64. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided.
    bootstrapExtraArgs String

    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.

    Note that this field conflicts with launchTemplate.

    capacityType String
    Type of capacity associated with the EKS Node Group. Valid values: ON_DEMAND, SPOT. This provider will only perform drift detection if a configuration value is provided.
    clusterName String
    Name of the EKS Cluster.
    diskSize Integer
    Disk size in GiB for worker nodes. Defaults to 20. This provider will only perform drift detection if a configuration value is provided.
    enableIMDSv2 Boolean

    Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to false.

    Note that this field conflicts with launchTemplate. If you are providing a custom launchTemplate, you should enable this feature within the launchTemplateMetadataOptions of the supplied launchTemplate.

    forceUpdateVersion Boolean
    Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
    instanceTypes List<String>
    Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set.
    kubeletExtraArgs String
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example, kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'. Note that this field conflicts with launchTemplate.
    labels Map<String,String>
    Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
    launchTemplate NodeGroupLaunchTemplate

    Launch Template settings.

    Note: This field is mutually exclusive with kubeletExtraArgs and bootstrapExtraArgs. This type is defined in the AWS Classic package.

    nodeGroupName String
    Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with nodeGroupNamePrefix.
    nodeGroupNamePrefix String
    Creates a unique name beginning with the specified prefix. Conflicts with nodeGroupName.
    nodeRole Role

    The IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRole and nodeRoleArn are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.

    nodeRoleArn String

    Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRoleArn and nodeRole are mutually exclusive, and a single option must be used.

    releaseVersion String
    AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
    remoteAccess NodeGroupRemoteAccess
    Remote access settings. This type is defined in the AWS Classic package.
    scalingConfig NodeGroupScalingConfig

    Scaling settings.

    Default scaling amounts of the node group autoscaling group are:

    • desiredSize: 2
    • minSize: 1
    • maxSize: 2 This type is defined in the AWS Classic package.
    subnetIds List<String>

    Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).

    Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:

    • core.subnetIds
    • core.privateIds
    • core.publicSubnetIds

    This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11

    tags Map<String,String>
    Key-value mapping of resource tags.
    taints List<NodeGroupTaint>
    The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
    version String
    cluster Cluster | CoreData
    The target EKS cluster.
    amiType string
    Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to AL2_x86_64. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided.
    bootstrapExtraArgs string

    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.

    Note that this field conflicts with launchTemplate.

    capacityType string
    Type of capacity associated with the EKS Node Group. Valid values: ON_DEMAND, SPOT. This provider will only perform drift detection if a configuration value is provided.
    clusterName string
    Name of the EKS Cluster.
    diskSize number
    Disk size in GiB for worker nodes. Defaults to 20. This provider will only perform drift detection if a configuration value is provided.
    enableIMDSv2 boolean

    Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to false.

    Note that this field conflicts with launchTemplate. If you are providing a custom launchTemplate, you should enable this feature within the launchTemplateMetadataOptions of the supplied launchTemplate.

    forceUpdateVersion boolean
    Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
    instanceTypes string[]
    Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set.
    kubeletExtraArgs string
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example, kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'. Note that this field conflicts with launchTemplate.
    labels {[key: string]: string}
    Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
    launchTemplate pulumiAwstypesinputeksNodeGroupLaunchTemplate

    Launch Template settings.

    Note: This field is mutually exclusive with kubeletExtraArgs and bootstrapExtraArgs. This type is defined in the AWS Classic package.

    nodeGroupName string
    Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with nodeGroupNamePrefix.
    nodeGroupNamePrefix string
    Creates a unique name beginning with the specified prefix. Conflicts with nodeGroupName.
    nodeRole pulumiAwsiamRole

    The IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRole and nodeRoleArn are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.

    nodeRoleArn string

    Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRoleArn and nodeRole are mutually exclusive, and a single option must be used.

    releaseVersion string
    AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
    remoteAccess pulumiAwstypesinputeksNodeGroupRemoteAccess
    Remote access settings. This type is defined in the AWS Classic package.
    scalingConfig pulumiAwstypesinputeksNodeGroupScalingConfig

    Scaling settings.

    Default scaling amounts of the node group autoscaling group are:

    • desiredSize: 2
    • minSize: 1
    • maxSize: 2 This type is defined in the AWS Classic package.
    subnetIds string[]

    Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).

    Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:

    • core.subnetIds
    • core.privateIds
    • core.publicSubnetIds

    This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11

    tags {[key: string]: string}
    Key-value mapping of resource tags.
    taints pulumiAwstypesinputeksNodeGroupTaint[]
    The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
    version string
    cluster Cluster | CoreDataArgs
    The target EKS cluster.
    ami_type str
    Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to AL2_x86_64. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided.
    bootstrap_extra_args str

    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.

    Note that this field conflicts with launchTemplate.

    capacity_type str
    Type of capacity associated with the EKS Node Group. Valid values: ON_DEMAND, SPOT. This provider will only perform drift detection if a configuration value is provided.
    cluster_name str
    Name of the EKS Cluster.
    disk_size int
    Disk size in GiB for worker nodes. Defaults to 20. This provider will only perform drift detection if a configuration value is provided.
    enable_imd_sv2 bool

    Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to false.

    Note that this field conflicts with launchTemplate. If you are providing a custom launchTemplate, you should enable this feature within the launchTemplateMetadataOptions of the supplied launchTemplate.

    force_update_version bool
    Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
    instance_types Sequence[str]
    Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set.
    kubelet_extra_args str
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example, kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'. Note that this field conflicts with launchTemplate.
    labels Mapping[str, str]
    Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
    launch_template pulumi_aws.eks.NodeGroupLaunchTemplateArgs

    Launch Template settings.

    Note: This field is mutually exclusive with kubeletExtraArgs and bootstrapExtraArgs. This type is defined in the AWS Classic package.

    node_group_name str
    Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with nodeGroupNamePrefix.
    node_group_name_prefix str
    Creates a unique name beginning with the specified prefix. Conflicts with nodeGroupName.
    node_role pulumi_aws.iam.Role

    The IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRole and nodeRoleArn are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.

    node_role_arn str

    Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRoleArn and nodeRole are mutually exclusive, and a single option must be used.

    release_version str
    AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
    remote_access pulumi_aws.eks.NodeGroupRemoteAccessArgs
    Remote access settings. This type is defined in the AWS Classic package.
    scaling_config pulumi_aws.eks.NodeGroupScalingConfigArgs

    Scaling settings.

    Default scaling amounts of the node group autoscaling group are:

    • desiredSize: 2
    • minSize: 1
    • maxSize: 2 This type is defined in the AWS Classic package.
    subnet_ids Sequence[str]

    Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).

    Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:

    • core.subnetIds
    • core.privateIds
    • core.publicSubnetIds

    This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11

    tags Mapping[str, str]
    Key-value mapping of resource tags.
    taints Sequence[pulumi_aws.eks.NodeGroupTaintArgs]
    The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
    version str
    cluster eks:Cluster | Property Map
    The target EKS cluster.
    amiType String
    Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to AL2_x86_64. See the AWS documentation (https://docs.aws.amazon.com/eks/latest/APIReference/API_Nodegroup.html#AmazonEKS-Type-Nodegroup-amiType) for valid AMI Types. This provider will only perform drift detection if a configuration value is provided.
    bootstrapExtraArgs String

    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.

    Note that this field conflicts with launchTemplate.

    capacityType String
    Type of capacity associated with the EKS Node Group. Valid values: ON_DEMAND, SPOT. This provider will only perform drift detection if a configuration value is provided.
    clusterName String
    Name of the EKS Cluster.
    diskSize Number
    Disk size in GiB for worker nodes. Defaults to 20. This provider will only perform drift detection if a configuration value is provided.
    enableIMDSv2 Boolean

    Enables the ability to use EC2 Instance Metadata Service v2, which provides a more secure way to access instance metadata. For more information, see: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html. Defaults to false.

    Note that this field conflicts with launchTemplate. If you are providing a custom launchTemplate, you should enable this feature within the launchTemplateMetadataOptions of the supplied launchTemplate.

    forceUpdateVersion Boolean
    Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
    instanceTypes List<String>
    Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set.
    kubeletExtraArgs String
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. To escape characters in the extra argsvalue, wrap the value in quotes. For example, kubeletExtraArgs = '--allowed-unsafe-sysctls "net.core.somaxconn"'. Note that this field conflicts with launchTemplate.
    labels Map<String>
    Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
    launchTemplate Property Map

    Launch Template settings.

    Note: This field is mutually exclusive with kubeletExtraArgs and bootstrapExtraArgs. This type is defined in the AWS Classic package.

    nodeGroupName String
    Name of the EKS Node Group. If omitted, this provider will assign a random, unique name. Conflicts with nodeGroupNamePrefix.
    nodeGroupNamePrefix String
    Creates a unique name beginning with the specified prefix. Conflicts with nodeGroupName.
    nodeRole aws:iam:Role

    The IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRole and nodeRoleArn are mutually exclusive, and a single option must be used. This type is defined in the AWS Classic package.

    nodeRoleArn String

    Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.

    Note, nodeRoleArn and nodeRole are mutually exclusive, and a single option must be used.

    releaseVersion String
    AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
    remoteAccess Property Map
    Remote access settings. This type is defined in the AWS Classic package.
    scalingConfig Property Map

    Scaling settings.

    Default scaling amounts of the node group autoscaling group are:

    • desiredSize: 2
    • minSize: 1
    • maxSize: 2 This type is defined in the AWS Classic package.
    subnetIds List<String>

    Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).

    Default subnetIds is chosen from the following list, in order, if subnetIds arg is not set:

    • core.subnetIds
    • core.privateIds
    • core.publicSubnetIds

    This default logic is based on the existing subnet IDs logic of this package: https://git.io/JeM11

    tags Map<String>
    Key-value mapping of resource tags.
    taints List<Property Map>
    The Kubernetes taints to be applied to the nodes in the node group. Maximum of 50 taints per node group.
    version String

    Outputs

    All input properties are implicitly available as output properties. Additionally, the ManagedNodeGroup resource produces the following output properties:

    NodeGroup Pulumi.Aws.Eks.NodeGroup
    The AWS managed node group. This type is defined in the AWS Classic package.
    NodeGroup NodeGroup
    The AWS managed node group. This type is defined in the AWS Classic package.
    nodeGroup NodeGroup
    The AWS managed node group. This type is defined in the AWS Classic package.
    nodeGroup pulumiAwseksNodeGroup
    The AWS managed node group. This type is defined in the AWS Classic package.
    node_group pulumi_aws.eks.NodeGroup
    The AWS managed node group. This type is defined in the AWS Classic package.
    nodeGroup aws:eks:NodeGroup
    The AWS managed node group. This type is defined in the AWS Classic package.

    Supporting Types

    AccessEntry, AccessEntryArgs

    PrincipalArn string
    The IAM Principal ARN which requires Authentication access to the EKS cluster.
    AccessPolicies Dictionary<string, AccessPolicyAssociation>
    The access policies to associate to the access entry.
    KubernetesGroups List<string>
    A list of groups within Kubernetes to which the IAM principal is mapped to.
    Tags Dictionary<string, string>
    The tags to apply to the AccessEntry.
    Type Pulumi.Eks.AccessEntryType
    The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
    Username string
    Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
    PrincipalArn string
    The IAM Principal ARN which requires Authentication access to the EKS cluster.
    AccessPolicies map[string]AccessPolicyAssociation
    The access policies to associate to the access entry.
    KubernetesGroups []string
    A list of groups within Kubernetes to which the IAM principal is mapped to.
    Tags map[string]string
    The tags to apply to the AccessEntry.
    Type AccessEntryType
    The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
    Username string
    Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
    principalArn String
    The IAM Principal ARN which requires Authentication access to the EKS cluster.
    accessPolicies Map<String,AccessPolicyAssociation>
    The access policies to associate to the access entry.
    kubernetesGroups List<String>
    A list of groups within Kubernetes to which the IAM principal is mapped to.
    tags Map<String,String>
    The tags to apply to the AccessEntry.
    type AccessEntryType
    The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
    username String
    Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
    principalArn string
    The IAM Principal ARN which requires Authentication access to the EKS cluster.
    accessPolicies {[key: string]: AccessPolicyAssociation}
    The access policies to associate to the access entry.
    kubernetesGroups string[]
    A list of groups within Kubernetes to which the IAM principal is mapped to.
    tags {[key: string]: string}
    The tags to apply to the AccessEntry.
    type AccessEntryType
    The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
    username string
    Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
    principal_arn str
    The IAM Principal ARN which requires Authentication access to the EKS cluster.
    access_policies Mapping[str, AccessPolicyAssociation]
    The access policies to associate to the access entry.
    kubernetes_groups Sequence[str]
    A list of groups within Kubernetes to which the IAM principal is mapped to.
    tags Mapping[str, str]
    The tags to apply to the AccessEntry.
    type AccessEntryType
    The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
    username str
    Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
    principalArn String
    The IAM Principal ARN which requires Authentication access to the EKS cluster.
    accessPolicies Map<Property Map>
    The access policies to associate to the access entry.
    kubernetesGroups List<String>
    A list of groups within Kubernetes to which the IAM principal is mapped to.
    tags Map<String>
    The tags to apply to the AccessEntry.
    type "STANDARD" | "FARGATE_LINUX" | "EC2_LINUX" | "EC2_WINDOWS"
    The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
    username String
    Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.

    AccessEntryType, AccessEntryTypeArgs

    Standard
    STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
    FargateLinux
    FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
    EC2Linux
    EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
    EC2Windows
    EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
    AccessEntryTypeStandard
    STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
    AccessEntryTypeFargateLinux
    FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
    AccessEntryTypeEC2Linux
    EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
    AccessEntryTypeEC2Windows
    EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
    Standard
    STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
    FargateLinux
    FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
    EC2Linux
    EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
    EC2Windows
    EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
    Standard
    STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
    FargateLinux
    FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
    EC2Linux
    EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
    EC2Windows
    EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
    STANDARD
    STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
    FARGATE_LINUX
    FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
    EC2_LINUX
    EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
    EC2_WINDOWS
    EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
    "STANDARD"
    STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
    "FARGATE_LINUX"
    FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
    "EC2_LINUX"
    EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
    "EC2_WINDOWS"
    EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.

    AccessPolicyAssociation, AccessPolicyAssociationArgs

    AccessScope Pulumi.Aws.Eks.Inputs.AccessPolicyAssociationAccessScope
    The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
    PolicyArn string
    The ARN of the access policy to associate with the principal
    AccessScope AccessPolicyAssociationAccessScope
    The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
    PolicyArn string
    The ARN of the access policy to associate with the principal
    accessScope AccessPolicyAssociationAccessScope
    The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
    policyArn String
    The ARN of the access policy to associate with the principal
    accessScope pulumiAwstypesinputeksAccessPolicyAssociationAccessScope
    The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
    policyArn string
    The ARN of the access policy to associate with the principal
    access_scope pulumi_aws.eks.AccessPolicyAssociationAccessScopeArgs
    The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
    policy_arn str
    The ARN of the access policy to associate with the principal
    accessScope Property Map
    The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
    policyArn String
    The ARN of the access policy to associate with the principal

    ClusterNodeGroupOptions, ClusterNodeGroupOptionsArgs

    AmiId string

    The AMI ID to use for the worker nodes.

    Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

    Note: amiId and gpu are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
    AmiType string

    The AMI Type to use for the worker nodes.

    Only applicable when setting an AMI ID that is of type arm64.

    Note: amiType and gpu are mutually exclusive.

    AutoScalingGroupTags Dictionary<string, string>

    The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.

    Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    BootstrapExtraArgs string
    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.
    CloudFormationTags Dictionary<string, string>

    The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    ClusterIngressRule Pulumi.Aws.Ec2.SecurityGroupRule
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    DesiredCapacity int
    The number of worker nodes that should be running in the cluster. Defaults to 2.
    EnableDetailedMonitoring bool

    Enables/disables detailed monitoring of the EC2 instances.

    With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.

    Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.

    EncryptRootBlockDevice bool
    Encrypt the root block device of the nodes in the node group.
    ExtraNodeSecurityGroups List<Pulumi.Aws.Ec2.SecurityGroup>

    Extra security groups to attach on all nodes in this worker node group.

    This additional set of security groups captures any user application rules that will be needed for the nodes.

    Gpu bool

    Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

    Defaults to false.

    Note: gpu and amiId are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
    • https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
    InstanceProfile Pulumi.Aws.Iam.InstanceProfile
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    InstanceType string
    The instance type to use for the cluster's nodes. Defaults to "t2.medium".
    KeyName string
    Name of the key pair to use for SSH access to worker nodes.
    KubeletExtraArgs string
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. Note that the labels and taints properties will be applied to this list (using --node-labels and --register-with-taints respectively) after to the explicit kubeletExtraArgs.
    Labels Dictionary<string, string>
    Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the --node-labels kubelet argument.
    MaxSize int
    The maximum number of worker nodes running in the cluster. Defaults to 2.
    MinSize int
    The minimum number of worker nodes running in the cluster. Defaults to 1.
    NodeAssociatePublicIpAddress bool
    Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
    NodePublicKey string
    Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
    NodeRootVolumeDeleteOnTermination bool
    Whether the root block device should be deleted on termination of the instance. Defaults to true.
    NodeRootVolumeEncrypted bool
    Whether to encrypt a cluster node's root volume. Defaults to false.
    NodeRootVolumeIops int
    The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
    NodeRootVolumeSize int
    The size in GiB of a cluster node's root volume. Defaults to 20.
    NodeRootVolumeThroughput int
    Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
    NodeRootVolumeType string
    Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
    NodeSecurityGroup Pulumi.Aws.Ec2.SecurityGroup

    The security group for the worker node group to communicate with the cluster.

    This security group requires specific inbound and outbound rules.

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

    Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive. This type is defined in the AWS Classic package.

    NodeSubnetIds List<string>

    The set of subnets to override and use for the worker node group.

    Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

    NodeUserData string
    Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
    NodeUserDataOverride string

    User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

    SpotPrice string
    Bidding price for spot instance. If set, only spot instances will be added as worker node.
    Taints Dictionary<string, Taint>
    Custom k8s node taints to be attached to each worker node. Adds the given taints to the --register-with-taints kubelet argument
    Version string
    Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
    AmiId string

    The AMI ID to use for the worker nodes.

    Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

    Note: amiId and gpu are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
    AmiType string

    The AMI Type to use for the worker nodes.

    Only applicable when setting an AMI ID that is of type arm64.

    Note: amiType and gpu are mutually exclusive.

    AutoScalingGroupTags map[string]string

    The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.

    Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    BootstrapExtraArgs string
    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.
    CloudFormationTags map[string]string

    The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    ClusterIngressRule SecurityGroupRule
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    DesiredCapacity int
    The number of worker nodes that should be running in the cluster. Defaults to 2.
    EnableDetailedMonitoring bool

    Enables/disables detailed monitoring of the EC2 instances.

    With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.

    Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.

    EncryptRootBlockDevice bool
    Encrypt the root block device of the nodes in the node group.
    ExtraNodeSecurityGroups SecurityGroup

    Extra security groups to attach on all nodes in this worker node group.

    This additional set of security groups captures any user application rules that will be needed for the nodes.

    Gpu bool

    Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

    Defaults to false.

    Note: gpu and amiId are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
    • https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
    InstanceProfile InstanceProfile
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    InstanceType string
    The instance type to use for the cluster's nodes. Defaults to "t2.medium".
    KeyName string
    Name of the key pair to use for SSH access to worker nodes.
    KubeletExtraArgs string
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. Note that the labels and taints properties will be applied to this list (using --node-labels and --register-with-taints respectively) after to the explicit kubeletExtraArgs.
    Labels map[string]string
    Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the --node-labels kubelet argument.
    MaxSize int
    The maximum number of worker nodes running in the cluster. Defaults to 2.
    MinSize int
    The minimum number of worker nodes running in the cluster. Defaults to 1.
    NodeAssociatePublicIpAddress bool
    Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
    NodePublicKey string
    Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
    NodeRootVolumeDeleteOnTermination bool
    Whether the root block device should be deleted on termination of the instance. Defaults to true.
    NodeRootVolumeEncrypted bool
    Whether to encrypt a cluster node's root volume. Defaults to false.
    NodeRootVolumeIops int
    The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
    NodeRootVolumeSize int
    The size in GiB of a cluster node's root volume. Defaults to 20.
    NodeRootVolumeThroughput int
    Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
    NodeRootVolumeType string
    Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
    NodeSecurityGroup SecurityGroup

    The security group for the worker node group to communicate with the cluster.

    This security group requires specific inbound and outbound rules.

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

    Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive. This type is defined in the AWS Classic package.

    NodeSubnetIds []string

    The set of subnets to override and use for the worker node group.

    Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

    NodeUserData string
    Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
    NodeUserDataOverride string

    User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

    SpotPrice string
    Bidding price for spot instance. If set, only spot instances will be added as worker node.
    Taints map[string]Taint
    Custom k8s node taints to be attached to each worker node. Adds the given taints to the --register-with-taints kubelet argument
    Version string
    Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
    amiId String

    The AMI ID to use for the worker nodes.

    Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

    Note: amiId and gpu are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
    amiType String

    The AMI Type to use for the worker nodes.

    Only applicable when setting an AMI ID that is of type arm64.

    Note: amiType and gpu are mutually exclusive.

    autoScalingGroupTags Map<String,String>

    The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.

    Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    bootstrapExtraArgs String
    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.
    cloudFormationTags Map<String,String>

    The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    clusterIngressRule SecurityGroupRule
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    desiredCapacity Integer
    The number of worker nodes that should be running in the cluster. Defaults to 2.
    enableDetailedMonitoring Boolean

    Enables/disables detailed monitoring of the EC2 instances.

    With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.

    Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.

    encryptRootBlockDevice Boolean
    Encrypt the root block device of the nodes in the node group.
    extraNodeSecurityGroups List<SecurityGroup>

    Extra security groups to attach on all nodes in this worker node group.

    This additional set of security groups captures any user application rules that will be needed for the nodes.

    gpu Boolean

    Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

    Defaults to false.

    Note: gpu and amiId are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
    • https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
    instanceProfile InstanceProfile
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    instanceType String
    The instance type to use for the cluster's nodes. Defaults to "t2.medium".
    keyName String
    Name of the key pair to use for SSH access to worker nodes.
    kubeletExtraArgs String
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. Note that the labels and taints properties will be applied to this list (using --node-labels and --register-with-taints respectively) after to the explicit kubeletExtraArgs.
    labels Map<String,String>
    Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the --node-labels kubelet argument.
    maxSize Integer
    The maximum number of worker nodes running in the cluster. Defaults to 2.
    minSize Integer
    The minimum number of worker nodes running in the cluster. Defaults to 1.
    nodeAssociatePublicIpAddress Boolean
    Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
    nodePublicKey String
    Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
    nodeRootVolumeDeleteOnTermination Boolean
    Whether the root block device should be deleted on termination of the instance. Defaults to true.
    nodeRootVolumeEncrypted Boolean
    Whether to encrypt a cluster node's root volume. Defaults to false.
    nodeRootVolumeIops Integer
    The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
    nodeRootVolumeSize Integer
    The size in GiB of a cluster node's root volume. Defaults to 20.
    nodeRootVolumeThroughput Integer
    Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
    nodeRootVolumeType String
    Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
    nodeSecurityGroup SecurityGroup

    The security group for the worker node group to communicate with the cluster.

    This security group requires specific inbound and outbound rules.

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

    Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive. This type is defined in the AWS Classic package.

    nodeSubnetIds List<String>

    The set of subnets to override and use for the worker node group.

    Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

    nodeUserData String
    Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
    nodeUserDataOverride String

    User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

    spotPrice String
    Bidding price for spot instance. If set, only spot instances will be added as worker node.
    taints Map<String,Taint>
    Custom k8s node taints to be attached to each worker node. Adds the given taints to the --register-with-taints kubelet argument
    version String
    Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
    amiId string

    The AMI ID to use for the worker nodes.

    Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

    Note: amiId and gpu are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
    amiType string

    The AMI Type to use for the worker nodes.

    Only applicable when setting an AMI ID that is of type arm64.

    Note: amiType and gpu are mutually exclusive.

    autoScalingGroupTags {[key: string]: string}

    The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.

    Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    bootstrapExtraArgs string
    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.
    cloudFormationTags {[key: string]: string}

    The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    clusterIngressRule pulumiAwsec2SecurityGroupRule
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    desiredCapacity number
    The number of worker nodes that should be running in the cluster. Defaults to 2.
    enableDetailedMonitoring boolean

    Enables/disables detailed monitoring of the EC2 instances.

    With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.

    Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.

    encryptRootBlockDevice boolean
    Encrypt the root block device of the nodes in the node group.
    extraNodeSecurityGroups pulumiAwsec2SecurityGroup[]

    Extra security groups to attach on all nodes in this worker node group.

    This additional set of security groups captures any user application rules that will be needed for the nodes.

    gpu boolean

    Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

    Defaults to false.

    Note: gpu and amiId are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
    • https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
    instanceProfile pulumiAwsiamInstanceProfile
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    instanceType string
    The instance type to use for the cluster's nodes. Defaults to "t2.medium".
    keyName string
    Name of the key pair to use for SSH access to worker nodes.
    kubeletExtraArgs string
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. Note that the labels and taints properties will be applied to this list (using --node-labels and --register-with-taints respectively) after to the explicit kubeletExtraArgs.
    labels {[key: string]: string}
    Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the --node-labels kubelet argument.
    maxSize number
    The maximum number of worker nodes running in the cluster. Defaults to 2.
    minSize number
    The minimum number of worker nodes running in the cluster. Defaults to 1.
    nodeAssociatePublicIpAddress boolean
    Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
    nodePublicKey string
    Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
    nodeRootVolumeDeleteOnTermination boolean
    Whether the root block device should be deleted on termination of the instance. Defaults to true.
    nodeRootVolumeEncrypted boolean
    Whether to encrypt a cluster node's root volume. Defaults to false.
    nodeRootVolumeIops number
    The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
    nodeRootVolumeSize number
    The size in GiB of a cluster node's root volume. Defaults to 20.
    nodeRootVolumeThroughput number
    Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
    nodeRootVolumeType string
    Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
    nodeSecurityGroup pulumiAwsec2SecurityGroup

    The security group for the worker node group to communicate with the cluster.

    This security group requires specific inbound and outbound rules.

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

    Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive. This type is defined in the AWS Classic package.

    nodeSubnetIds string[]

    The set of subnets to override and use for the worker node group.

    Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

    nodeUserData string
    Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
    nodeUserDataOverride string

    User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

    spotPrice string
    Bidding price for spot instance. If set, only spot instances will be added as worker node.
    taints {[key: string]: Taint}
    Custom k8s node taints to be attached to each worker node. Adds the given taints to the --register-with-taints kubelet argument
    version string
    Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
    ami_id str

    The AMI ID to use for the worker nodes.

    Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

    Note: amiId and gpu are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
    ami_type str

    The AMI Type to use for the worker nodes.

    Only applicable when setting an AMI ID that is of type arm64.

    Note: amiType and gpu are mutually exclusive.

    auto_scaling_group_tags Mapping[str, str]

    The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.

    Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    bootstrap_extra_args str
    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.
    cloud_formation_tags Mapping[str, str]

    The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    cluster_ingress_rule pulumi_aws.ec2.SecurityGroupRule
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    desired_capacity int
    The number of worker nodes that should be running in the cluster. Defaults to 2.
    enable_detailed_monitoring bool

    Enables/disables detailed monitoring of the EC2 instances.

    With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.

    Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.

    encrypt_root_block_device bool
    Encrypt the root block device of the nodes in the node group.
    extra_node_security_groups Sequence[pulumi_aws.ec2.SecurityGroup]

    Extra security groups to attach on all nodes in this worker node group.

    This additional set of security groups captures any user application rules that will be needed for the nodes.

    gpu bool

    Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

    Defaults to false.

    Note: gpu and amiId are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
    • https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
    instance_profile pulumi_aws.iam.InstanceProfile
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    instance_type str
    The instance type to use for the cluster's nodes. Defaults to "t2.medium".
    key_name str
    Name of the key pair to use for SSH access to worker nodes.
    kubelet_extra_args str
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. Note that the labels and taints properties will be applied to this list (using --node-labels and --register-with-taints respectively) after to the explicit kubeletExtraArgs.
    labels Mapping[str, str]
    Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the --node-labels kubelet argument.
    max_size int
    The maximum number of worker nodes running in the cluster. Defaults to 2.
    min_size int
    The minimum number of worker nodes running in the cluster. Defaults to 1.
    node_associate_public_ip_address bool
    Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
    node_public_key str
    Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
    node_root_volume_delete_on_termination bool
    Whether the root block device should be deleted on termination of the instance. Defaults to true.
    node_root_volume_encrypted bool
    Whether to encrypt a cluster node's root volume. Defaults to false.
    node_root_volume_iops int
    The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
    node_root_volume_size int
    The size in GiB of a cluster node's root volume. Defaults to 20.
    node_root_volume_throughput int
    Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
    node_root_volume_type str
    Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
    node_security_group pulumi_aws.ec2.SecurityGroup

    The security group for the worker node group to communicate with the cluster.

    This security group requires specific inbound and outbound rules.

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

    Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive. This type is defined in the AWS Classic package.

    node_subnet_ids Sequence[str]

    The set of subnets to override and use for the worker node group.

    Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

    node_user_data str
    Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
    node_user_data_override str

    User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

    spot_price str
    Bidding price for spot instance. If set, only spot instances will be added as worker node.
    taints Mapping[str, Taint]
    Custom k8s node taints to be attached to each worker node. Adds the given taints to the --register-with-taints kubelet argument
    version str
    Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
    amiId String

    The AMI ID to use for the worker nodes.

    Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

    Note: amiId and gpu are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
    amiType String

    The AMI Type to use for the worker nodes.

    Only applicable when setting an AMI ID that is of type arm64.

    Note: amiType and gpu are mutually exclusive.

    autoScalingGroupTags Map<String>

    The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.

    Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    bootstrapExtraArgs String
    Additional args to pass directly to /etc/eks/bootstrap.sh. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the --apiserver-endpoint, --b64-cluster-ca and --kubelet-extra-args flags are included automatically based on other configuration parameters.
    cloudFormationTags Map<String>

    The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

    Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

    clusterIngressRule aws:ec2:SecurityGroupRule
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    desiredCapacity Number
    The number of worker nodes that should be running in the cluster. Defaults to 2.
    enableDetailedMonitoring Boolean

    Enables/disables detailed monitoring of the EC2 instances.

    With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.

    Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.

    encryptRootBlockDevice Boolean
    Encrypt the root block device of the nodes in the node group.
    extraNodeSecurityGroups List<aws:ec2:SecurityGroup>

    Extra security groups to attach on all nodes in this worker node group.

    This additional set of security groups captures any user application rules that will be needed for the nodes.

    gpu Boolean

    Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

    Defaults to false.

    Note: gpu and amiId are mutually exclusive.

    See for more details:

    • https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
    • https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
    instanceProfile aws:iam:InstanceProfile
    The ingress rule that gives node group access. This type is defined in the AWS Classic package.
    instanceType String
    The instance type to use for the cluster's nodes. Defaults to "t2.medium".
    keyName String
    Name of the key pair to use for SSH access to worker nodes.
    kubeletExtraArgs String
    Extra args to pass to the Kubelet. Corresponds to the options passed in the --kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, '--port=10251 --address=0.0.0.0'. Note that the labels and taints properties will be applied to this list (using --node-labels and --register-with-taints respectively) after to the explicit kubeletExtraArgs.
    labels Map<String>
    Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the --node-labels kubelet argument.
    maxSize Number
    The maximum number of worker nodes running in the cluster. Defaults to 2.
    minSize Number
    The minimum number of worker nodes running in the cluster. Defaults to 1.
    nodeAssociatePublicIpAddress Boolean
    Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
    nodePublicKey String
    Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
    nodeRootVolumeDeleteOnTermination Boolean
    Whether the root block device should be deleted on termination of the instance. Defaults to true.
    nodeRootVolumeEncrypted Boolean
    Whether to encrypt a cluster node's root volume. Defaults to false.
    nodeRootVolumeIops Number
    The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
    nodeRootVolumeSize Number
    The size in GiB of a cluster node's root volume. Defaults to 20.
    nodeRootVolumeThroughput Number
    Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
    nodeRootVolumeType String
    Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
    nodeSecurityGroup aws:ec2:SecurityGroup

    The security group for the worker node group to communicate with the cluster.

    This security group requires specific inbound and outbound rules.

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

    Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive. This type is defined in the AWS Classic package.

    nodeSubnetIds List<String>

    The set of subnets to override and use for the worker node group.

    Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

    nodeUserData String
    Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
    nodeUserDataOverride String

    User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

    See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

    spotPrice String
    Bidding price for spot instance. If set, only spot instances will be added as worker node.
    taints Map<Property Map>
    Custom k8s node taints to be attached to each worker node. Adds the given taints to the --register-with-taints kubelet argument
    version String
    Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.

    CoreData, CoreDataArgs

    Cluster Pulumi.Aws.Eks.Cluster
    This type is defined in the AWS Classic package.
    ClusterIamRole Pulumi.Aws.Iam.Role
    The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
    ClusterSecurityGroup Pulumi.Aws.Ec2.SecurityGroup
    This type is defined in the AWS Classic package.
    Endpoint string
    The EKS cluster's Kubernetes API server endpoint.
    InstanceRoles List<Pulumi.Aws.Iam.Role>
    The IAM instance roles for the cluster's nodes.
    NodeGroupOptions ClusterNodeGroupOptions
    The cluster's node group options.
    Provider Pulumi.Kubernetes.Provider
    This type is defined in the pulumi package.
    SubnetIds List<string>
    List of subnet IDs for the EKS cluster.
    VpcId string
    ID of the cluster's VPC.
    AccessEntries List<AccessEntry>
    The access entries added to the cluster.
    AwsProvider Pulumi.Aws.Provider
    This type is defined in the pulumi package.
    EksNodeAccess Pulumi.Kubernetes.Core.V1.ConfigMap
    This type is defined in the Kubernetes package.
    EncryptionConfig Pulumi.Aws.Eks.Inputs.ClusterEncryptionConfig
    This type is defined in the AWS Classic package.
    FargateProfile Pulumi.Aws.Eks.FargateProfile
    The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
    Kubeconfig object
    The kubeconfig file for the cluster.
    NodeSecurityGroupTags Dictionary<string, string>
    Tags attached to the security groups associated with the cluster's worker nodes.
    OidcProvider Pulumi.Aws.Iam.OpenIdConnectProvider
    This type is defined in the AWS Classic package.
    PrivateSubnetIds List<string>
    List of subnet IDs for the private subnets.
    PublicSubnetIds List<string>
    List of subnet IDs for the public subnets.
    StorageClasses Dictionary<string, Pulumi.Kubernetes.Storage.V1.StorageClass>
    The storage class used for persistent storage by the cluster.
    Tags Dictionary<string, string>
    A map of tags assigned to the EKS cluster.
    VpcCni Pulumi.Eks.VpcCni
    The VPC CNI for the cluster.
    Cluster Cluster
    This type is defined in the AWS Classic package.
    ClusterIamRole Role
    The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
    ClusterSecurityGroup SecurityGroup
    This type is defined in the AWS Classic package.
    Endpoint string
    The EKS cluster's Kubernetes API server endpoint.
    InstanceRoles Role
    The IAM instance roles for the cluster's nodes.
    NodeGroupOptions ClusterNodeGroupOptions
    The cluster's node group options.
    Provider Provider
    This type is defined in the pulumi package.
    SubnetIds []string
    List of subnet IDs for the EKS cluster.
    VpcId string
    ID of the cluster's VPC.
    AccessEntries []AccessEntry
    The access entries added to the cluster.
    AwsProvider Provider
    This type is defined in the pulumi package.
    EksNodeAccess ConfigMap
    This type is defined in the Kubernetes package.
    EncryptionConfig ClusterEncryptionConfig
    This type is defined in the AWS Classic package.
    FargateProfile FargateProfile
    The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
    Kubeconfig interface{}
    The kubeconfig file for the cluster.
    NodeSecurityGroupTags map[string]string
    Tags attached to the security groups associated with the cluster's worker nodes.
    OidcProvider OpenIdConnectProvider
    This type is defined in the AWS Classic package.
    PrivateSubnetIds []string
    List of subnet IDs for the private subnets.
    PublicSubnetIds []string
    List of subnet IDs for the public subnets.
    StorageClasses StorageClass
    The storage class used for persistent storage by the cluster.
    Tags map[string]string
    A map of tags assigned to the EKS cluster.
    VpcCni VpcCni
    The VPC CNI for the cluster.
    cluster Cluster
    This type is defined in the AWS Classic package.
    clusterIamRole Role
    The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
    clusterSecurityGroup SecurityGroup
    This type is defined in the AWS Classic package.
    endpoint String
    The EKS cluster's Kubernetes API server endpoint.
    instanceRoles List<Role>
    The IAM instance roles for the cluster's nodes.
    nodeGroupOptions ClusterNodeGroupOptions
    The cluster's node group options.
    provider Provider
    This type is defined in the pulumi package.
    subnetIds List<String>
    List of subnet IDs for the EKS cluster.
    vpcId String
    ID of the cluster's VPC.
    accessEntries List<AccessEntry>
    The access entries added to the cluster.
    awsProvider Provider
    This type is defined in the pulumi package.
    eksNodeAccess ConfigMap
    This type is defined in the Kubernetes package.
    encryptionConfig ClusterEncryptionConfig
    This type is defined in the AWS Classic package.
    fargateProfile FargateProfile
    The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
    kubeconfig Object
    The kubeconfig file for the cluster.
    nodeSecurityGroupTags Map<String,String>
    Tags attached to the security groups associated with the cluster's worker nodes.
    oidcProvider OpenIdConnectProvider
    This type is defined in the AWS Classic package.
    privateSubnetIds List<String>
    List of subnet IDs for the private subnets.
    publicSubnetIds List<String>
    List of subnet IDs for the public subnets.
    storageClasses Map<String,StorageClass>
    The storage class used for persistent storage by the cluster.
    tags Map<String,String>
    A map of tags assigned to the EKS cluster.
    vpcCni VpcCni
    The VPC CNI for the cluster.
    cluster pulumiAwseksCluster
    This type is defined in the AWS Classic package.
    clusterIamRole pulumiAwsiamRole
    The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
    clusterSecurityGroup pulumiAwsec2SecurityGroup
    This type is defined in the AWS Classic package.
    endpoint string
    The EKS cluster's Kubernetes API server endpoint.
    instanceRoles pulumiAwsiamRole[]
    The IAM instance roles for the cluster's nodes.
    nodeGroupOptions ClusterNodeGroupOptions
    The cluster's node group options.
    provider pulumiKubernetesProvider
    This type is defined in the pulumi package.
    subnetIds string[]
    List of subnet IDs for the EKS cluster.
    vpcId string
    ID of the cluster's VPC.
    accessEntries AccessEntry[]
    The access entries added to the cluster.
    awsProvider pulumiAwsProvider
    This type is defined in the pulumi package.
    eksNodeAccess pulumiKubernetescorev1ConfigMap
    This type is defined in the Kubernetes package.
    encryptionConfig pulumiAwstypesinputeksClusterEncryptionConfig
    This type is defined in the AWS Classic package.
    fargateProfile pulumiAwseksFargateProfile
    The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
    kubeconfig any
    The kubeconfig file for the cluster.
    nodeSecurityGroupTags {[key: string]: string}
    Tags attached to the security groups associated with the cluster's worker nodes.
    oidcProvider pulumiAwsiamOpenIdConnectProvider
    This type is defined in the AWS Classic package.
    privateSubnetIds string[]
    List of subnet IDs for the private subnets.
    publicSubnetIds string[]
    List of subnet IDs for the public subnets.
    storageClasses {[key: string]: pulumiKubernetesstoragev1StorageClass}
    The storage class used for persistent storage by the cluster.
    tags {[key: string]: string}
    A map of tags assigned to the EKS cluster.
    vpcCni VpcCni
    The VPC CNI for the cluster.
    cluster pulumi_aws.eks.Cluster
    This type is defined in the AWS Classic package.
    cluster_iam_role pulumi_aws.iam.Role
    The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
    cluster_security_group pulumi_aws.ec2.SecurityGroup
    This type is defined in the AWS Classic package.
    endpoint str
    The EKS cluster's Kubernetes API server endpoint.
    instance_roles Sequence[pulumi_aws.iam.Role]
    The IAM instance roles for the cluster's nodes.
    node_group_options ClusterNodeGroupOptions
    The cluster's node group options.
    provider pulumi_kubernetes.Provider
    This type is defined in the pulumi package.
    subnet_ids Sequence[str]
    List of subnet IDs for the EKS cluster.
    vpc_id str
    ID of the cluster's VPC.
    access_entries Sequence[AccessEntry]
    The access entries added to the cluster.
    aws_provider pulumi_aws.Provider
    This type is defined in the pulumi package.
    eks_node_access pulumi_kubernetes.core.v1.ConfigMap
    This type is defined in the Kubernetes package.
    encryption_config pulumi_aws.eks.ClusterEncryptionConfigArgs
    This type is defined in the AWS Classic package.
    fargate_profile pulumi_aws.eks.FargateProfile
    The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
    kubeconfig Any
    The kubeconfig file for the cluster.
    node_security_group_tags Mapping[str, str]
    Tags attached to the security groups associated with the cluster's worker nodes.
    oidc_provider pulumi_aws.iam.OpenIdConnectProvider
    This type is defined in the AWS Classic package.
    private_subnet_ids Sequence[str]
    List of subnet IDs for the private subnets.
    public_subnet_ids Sequence[str]
    List of subnet IDs for the public subnets.
    storage_classes Mapping[str, pulumi_kubernetes.storage.v1.StorageClass]
    The storage class used for persistent storage by the cluster.
    tags Mapping[str, str]
    A map of tags assigned to the EKS cluster.
    vpc_cni VpcCni
    The VPC CNI for the cluster.
    cluster aws:eks:Cluster
    This type is defined in the AWS Classic package.
    clusterIamRole aws:iam:Role
    The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
    clusterSecurityGroup aws:ec2:SecurityGroup
    This type is defined in the AWS Classic package.
    endpoint String
    The EKS cluster's Kubernetes API server endpoint.
    instanceRoles List<aws:iam:Role>
    The IAM instance roles for the cluster's nodes.
    nodeGroupOptions Property Map
    The cluster's node group options.
    provider pulumi:providers:kubernetes
    This type is defined in the pulumi package.
    subnetIds List<String>
    List of subnet IDs for the EKS cluster.
    vpcId String
    ID of the cluster's VPC.
    accessEntries List<Property Map>
    The access entries added to the cluster.
    awsProvider pulumi:providers:aws
    This type is defined in the pulumi package.
    eksNodeAccess kubernetes:core/v1:ConfigMap
    This type is defined in the Kubernetes package.
    encryptionConfig Property Map
    This type is defined in the AWS Classic package.
    fargateProfile aws:eks:FargateProfile
    The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
    kubeconfig Any
    The kubeconfig file for the cluster.
    nodeSecurityGroupTags Map<String>
    Tags attached to the security groups associated with the cluster's worker nodes.
    oidcProvider aws:iam:OpenIdConnectProvider
    This type is defined in the AWS Classic package.
    privateSubnetIds List<String>
    List of subnet IDs for the private subnets.
    publicSubnetIds List<String>
    List of subnet IDs for the public subnets.
    storageClasses Map<kubernetes:storage.k8s.io/v1:StorageClass>
    The storage class used for persistent storage by the cluster.
    tags Map<String>
    A map of tags assigned to the EKS cluster.
    vpcCni eks:VpcCni
    The VPC CNI for the cluster.

    Taint, TaintArgs

    Effect string
    The effect of the taint.
    Value string
    The value of the taint.
    Effect string
    The effect of the taint.
    Value string
    The value of the taint.
    effect String
    The effect of the taint.
    value String
    The value of the taint.
    effect string
    The effect of the taint.
    value string
    The value of the taint.
    effect str
    The effect of the taint.
    value str
    The value of the taint.
    effect String
    The effect of the taint.
    value String
    The value of the taint.

    Package Details

    Repository
    Amazon EKS pulumi/pulumi-eks
    License
    Apache-2.0
    eks logo
    Amazon EKS v2.8.1 published on Tuesday, Sep 17, 2024 by Pulumi