Amazon EKS

v0.35.0 published on Wednesday, Nov 10, 2021 by Pulumi

NodeGroup

NodeGroup is a component that wraps the AWS EC2 instances that provide compute capacity for an EKS cluster.

Create a NodeGroup Resource

new NodeGroup(name: string, args: NodeGroupArgs, opts?: CustomResourceOptions);
@overload
def NodeGroup(resource_name: str,
              opts: Optional[ResourceOptions] = None,
              ami_id: Optional[str] = None,
              auto_scaling_group_tags: Optional[Mapping[str, str]] = None,
              bootstrap_extra_args: Optional[str] = None,
              cloud_formation_tags: Optional[Mapping[str, str]] = None,
              cluster: Optional[CoreDataArgs] = None,
              cluster_ingress_rule: Optional[pulumi_aws.ec2.SecurityGroupRule] = None,
              desired_capacity: Optional[int] = None,
              encrypt_root_block_device: Optional[bool] = None,
              extra_node_security_groups: Optional[Sequence[pulumi_aws.ec2.SecurityGroup]] = None,
              gpu: Optional[bool] = None,
              instance_profile: Optional[pulumi_aws.iam.InstanceProfile] = None,
              instance_type: Optional[str] = None,
              key_name: Optional[str] = None,
              kubelet_extra_args: Optional[str] = None,
              labels: Optional[Mapping[str, str]] = None,
              max_size: Optional[int] = None,
              min_size: Optional[int] = None,
              node_associate_public_ip_address: Optional[bool] = None,
              node_public_key: Optional[str] = None,
              node_root_volume_size: Optional[int] = None,
              node_security_group: Optional[pulumi_aws.ec2.SecurityGroup] = None,
              node_subnet_ids: Optional[Sequence[str]] = None,
              node_user_data: Optional[str] = None,
              node_user_data_override: Optional[str] = None,
              spot_price: Optional[str] = None,
              taints: Optional[Mapping[str, TaintArgs]] = None,
              version: Optional[str] = None)
@overload
def NodeGroup(resource_name: str,
              args: NodeGroupArgs,
              opts: Optional[ResourceOptions] = None)
func NewNodeGroup(ctx *Context, name string, args NodeGroupArgs, opts ...ResourceOption) (*NodeGroup, error)
public NodeGroup(string name, NodeGroupArgs args, CustomResourceOptions? opts = null)
name string
The unique name of the resource.
args NodeGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args NodeGroupArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args NodeGroupArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args NodeGroupArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.

NodeGroup Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The NodeGroup resource accepts the following input properties:

Cluster CoreDataArgs
The target EKS cluster.
AmiId string

The AMI ID to use for the worker nodes.

Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

Note: amiId and gpu are mutually exclusive.

See for more details:

AutoScalingGroupTags Dictionary<string, string>

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

BootstrapExtraArgs string
Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the –apiserver-endpoint, –b64-cluster-ca and –kubelet-extra-args flags are included automatically based on other configuration parameters.
CloudFormationTags Dictionary<string, string>

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

ClusterIngressRule Pulumi.Aws.Ec2.SecurityGroupRule
The ingress rule that gives node group access.
DesiredCapacity int
The number of worker nodes that should be running in the cluster. Defaults to 2.
EncryptRootBlockDevice bool
Encrypt the root block device of the nodes in the node group.
ExtraNodeSecurityGroups List<Pulumi.Aws.Ec2.SecurityGroup>

Extra security groups to attach on all nodes in this worker node group.

This additional set of security groups captures any user application rules that will be needed for the nodes.

Gpu bool

Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

Defaults to false.

Note: gpu and amiId are mutually exclusive.

See for more details:

InstanceProfile Pulumi.Aws.Iam.InstanceProfile
The ingress rule that gives node group access.
InstanceType string
The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.
KeyName string
Name of the key pair to use for SSH access to worker nodes.
KubeletExtraArgs string
Extra args to pass to the Kubelet. Corresponds to the options passed in the –kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using –node-labels and –register-with-taints respectively) after to the expicit kubeletExtraArgs.
Labels Dictionary<string, string>
Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the –node-labels kubelet argument.
MaxSize int
The maximum number of worker nodes running in the cluster. Defaults to 2.
MinSize int
The minimum number of worker nodes running in the cluster. Defaults to 1.
NodeAssociatePublicIpAddress bool
Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
NodePublicKey string
Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
NodeRootVolumeSize int
The size in GiB of a cluster node’s root volume. Defaults to 20.
NodeSecurityGroup Pulumi.Aws.Ec2.SecurityGroup

The security group for the worker node group to communicate with the cluster.

This security group requires specific inbound and outbound rules.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive.

NodeSubnetIds List<string>

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

NodeUserData string
Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
NodeUserDataOverride string

User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

SpotPrice string
Bidding price for spot instance. If set, only spot instances will be added as worker node.
Taints Dictionary<string, TaintArgs>
Custom k8s node taints to be attached to each worker node. Adds the given taints to the –register-with-taints kubelet argument
Version string
Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
Cluster CoreDataArgs
The target EKS cluster.
AmiId string

The AMI ID to use for the worker nodes.

Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

Note: amiId and gpu are mutually exclusive.

See for more details:

AutoScalingGroupTags map[string]string

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

BootstrapExtraArgs string
Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the –apiserver-endpoint, –b64-cluster-ca and –kubelet-extra-args flags are included automatically based on other configuration parameters.
CloudFormationTags map[string]string

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

ClusterIngressRule SecurityGroupRule
The ingress rule that gives node group access.
DesiredCapacity int
The number of worker nodes that should be running in the cluster. Defaults to 2.
EncryptRootBlockDevice bool
Encrypt the root block device of the nodes in the node group.
ExtraNodeSecurityGroups SecurityGroup

Extra security groups to attach on all nodes in this worker node group.

This additional set of security groups captures any user application rules that will be needed for the nodes.

Gpu bool

Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

Defaults to false.

Note: gpu and amiId are mutually exclusive.

See for more details:

InstanceProfile InstanceProfile
The ingress rule that gives node group access.
InstanceType string
The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.
KeyName string
Name of the key pair to use for SSH access to worker nodes.
KubeletExtraArgs string
Extra args to pass to the Kubelet. Corresponds to the options passed in the –kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using –node-labels and –register-with-taints respectively) after to the expicit kubeletExtraArgs.
Labels map[string]string
Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the –node-labels kubelet argument.
MaxSize int
The maximum number of worker nodes running in the cluster. Defaults to 2.
MinSize int
The minimum number of worker nodes running in the cluster. Defaults to 1.
NodeAssociatePublicIpAddress bool
Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
NodePublicKey string
Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
NodeRootVolumeSize int
The size in GiB of a cluster node’s root volume. Defaults to 20.
NodeSecurityGroup SecurityGroup

The security group for the worker node group to communicate with the cluster.

This security group requires specific inbound and outbound rules.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive.

NodeSubnetIds []string

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

NodeUserData string
Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
NodeUserDataOverride string

User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

SpotPrice string
Bidding price for spot instance. If set, only spot instances will be added as worker node.
Taints map[string]TaintArgs
Custom k8s node taints to be attached to each worker node. Adds the given taints to the –register-with-taints kubelet argument
Version string
Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
cluster CoreDataArgs
The target EKS cluster.
amiId string

The AMI ID to use for the worker nodes.

Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

Note: amiId and gpu are mutually exclusive.

See for more details:

autoScalingGroupTags {[key: string]: string}

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

bootstrapExtraArgs string
Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the –apiserver-endpoint, –b64-cluster-ca and –kubelet-extra-args flags are included automatically based on other configuration parameters.
cloudFormationTags {[key: string]: string}

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

clusterIngressRule pulumiAwsec2SecurityGroupRule
The ingress rule that gives node group access.
desiredCapacity number
The number of worker nodes that should be running in the cluster. Defaults to 2.
encryptRootBlockDevice boolean
Encrypt the root block device of the nodes in the node group.
extraNodeSecurityGroups pulumiAwsec2SecurityGroup[]

Extra security groups to attach on all nodes in this worker node group.

This additional set of security groups captures any user application rules that will be needed for the nodes.

gpu boolean

Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

Defaults to false.

Note: gpu and amiId are mutually exclusive.

See for more details:

instanceProfile pulumiAwsiamInstanceProfile
The ingress rule that gives node group access.
instanceType string
The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.
keyName string
Name of the key pair to use for SSH access to worker nodes.
kubeletExtraArgs string
Extra args to pass to the Kubelet. Corresponds to the options passed in the –kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using –node-labels and –register-with-taints respectively) after to the expicit kubeletExtraArgs.
labels {[key: string]: string}
Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the –node-labels kubelet argument.
maxSize number
The maximum number of worker nodes running in the cluster. Defaults to 2.
minSize number
The minimum number of worker nodes running in the cluster. Defaults to 1.
nodeAssociatePublicIpAddress boolean
Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
nodePublicKey string
Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
nodeRootVolumeSize number
The size in GiB of a cluster node’s root volume. Defaults to 20.
nodeSecurityGroup pulumiAwsec2SecurityGroup

The security group for the worker node group to communicate with the cluster.

This security group requires specific inbound and outbound rules.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive.

nodeSubnetIds string[]

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

nodeUserData string
Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
nodeUserDataOverride string

User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

spotPrice string
Bidding price for spot instance. If set, only spot instances will be added as worker node.
taints {[key: string]: TaintArgs}
Custom k8s node taints to be attached to each worker node. Adds the given taints to the –register-with-taints kubelet argument
version string
Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
cluster CoreDataArgs
The target EKS cluster.
ami_id str

The AMI ID to use for the worker nodes.

Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

Note: amiId and gpu are mutually exclusive.

See for more details:

auto_scaling_group_tags Mapping[str, str]

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

bootstrap_extra_args str
Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the –apiserver-endpoint, –b64-cluster-ca and –kubelet-extra-args flags are included automatically based on other configuration parameters.
cloud_formation_tags Mapping[str, str]

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

cluster_ingress_rule SecurityGroupRule
The ingress rule that gives node group access.
desired_capacity int
The number of worker nodes that should be running in the cluster. Defaults to 2.
encrypt_root_block_device bool
Encrypt the root block device of the nodes in the node group.
extra_node_security_groups SecurityGroup]

Extra security groups to attach on all nodes in this worker node group.

This additional set of security groups captures any user application rules that will be needed for the nodes.

gpu bool

Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

Defaults to false.

Note: gpu and amiId are mutually exclusive.

See for more details:

instance_profile InstanceProfile
The ingress rule that gives node group access.
instance_type str
The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.
key_name str
Name of the key pair to use for SSH access to worker nodes.
kubelet_extra_args str
Extra args to pass to the Kubelet. Corresponds to the options passed in the –kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using –node-labels and –register-with-taints respectively) after to the expicit kubeletExtraArgs.
labels Mapping[str, str]
Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the –node-labels kubelet argument.
max_size int
The maximum number of worker nodes running in the cluster. Defaults to 2.
min_size int
The minimum number of worker nodes running in the cluster. Defaults to 1.
node_associate_public_ip_address bool
Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
node_public_key str
Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
node_root_volume_size int
The size in GiB of a cluster node’s root volume. Defaults to 20.
node_security_group SecurityGroup

The security group for the worker node group to communicate with the cluster.

This security group requires specific inbound and outbound rules.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive.

node_subnet_ids Sequence[str]

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

node_user_data str
Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
node_user_data_override str

User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

spot_price str
Bidding price for spot instance. If set, only spot instances will be added as worker node.
taints Mapping[str, TaintArgs]
Custom k8s node taints to be attached to each worker node. Adds the given taints to the –register-with-taints kubelet argument
version str
Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.

Outputs

All input properties are implicitly available as output properties. Additionally, the NodeGroup resource produces the following output properties:

AutoScalingGroupName string
The AutoScalingGroup name for the Node group.
CfnStack Pulumi.Aws.CloudFormation.Stack
The CloudFormation Stack which defines the Node AutoScalingGroup.
Id string
The provider-assigned unique ID for this managed resource.
AutoScalingGroupName string
The AutoScalingGroup name for the Node group.
CfnStack Stack
The CloudFormation Stack which defines the Node AutoScalingGroup.
Id string
The provider-assigned unique ID for this managed resource.
autoScalingGroupName string
The AutoScalingGroup name for the Node group.
cfnStack pulumiAwscloudformationStack
The CloudFormation Stack which defines the Node AutoScalingGroup.
id string
The provider-assigned unique ID for this managed resource.
auto_scaling_group_name str
The AutoScalingGroup name for the Node group.
cfn_stack Stack
The CloudFormation Stack which defines the Node AutoScalingGroup.
id str
The provider-assigned unique ID for this managed resource.

Supporting Types

ClusterNodeGroupOptions

AmiId string

The AMI ID to use for the worker nodes.

Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

Note: amiId and gpu are mutually exclusive.

See for more details:

AutoScalingGroupTags Dictionary<string, string>

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

BootstrapExtraArgs string
Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the –apiserver-endpoint, –b64-cluster-ca and –kubelet-extra-args flags are included automatically based on other configuration parameters.
CloudFormationTags Dictionary<string, string>

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

ClusterIngressRule Pulumi.Aws.Ec2.SecurityGroupRule
The ingress rule that gives node group access.
DesiredCapacity int
The number of worker nodes that should be running in the cluster. Defaults to 2.
EncryptRootBlockDevice bool
Encrypt the root block device of the nodes in the node group.
ExtraNodeSecurityGroups List<Pulumi.Aws.Ec2.SecurityGroup>

Extra security groups to attach on all nodes in this worker node group.

This additional set of security groups captures any user application rules that will be needed for the nodes.

Gpu bool

Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

Defaults to false.

Note: gpu and amiId are mutually exclusive.

See for more details:

InstanceProfile Pulumi.Aws.Iam.InstanceProfile
The ingress rule that gives node group access.
InstanceType string
The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.
KeyName string
Name of the key pair to use for SSH access to worker nodes.
KubeletExtraArgs string
Extra args to pass to the Kubelet. Corresponds to the options passed in the –kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using –node-labels and –register-with-taints respectively) after to the expicit kubeletExtraArgs.
Labels Dictionary<string, string>
Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the –node-labels kubelet argument.
MaxSize int
The maximum number of worker nodes running in the cluster. Defaults to 2.
MinSize int
The minimum number of worker nodes running in the cluster. Defaults to 1.
NodeAssociatePublicIpAddress bool
Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
NodePublicKey string
Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
NodeRootVolumeSize int
The size in GiB of a cluster node’s root volume. Defaults to 20.
NodeSecurityGroup Pulumi.Aws.Ec2.SecurityGroup

The security group for the worker node group to communicate with the cluster.

This security group requires specific inbound and outbound rules.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive.

NodeSubnetIds List<string>

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

NodeUserData string
Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
NodeUserDataOverride string

User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

SpotPrice string
Bidding price for spot instance. If set, only spot instances will be added as worker node.
Taints Dictionary<string, Taint>
Custom k8s node taints to be attached to each worker node. Adds the given taints to the –register-with-taints kubelet argument
Version string
Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
AmiId string

The AMI ID to use for the worker nodes.

Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

Note: amiId and gpu are mutually exclusive.

See for more details:

AutoScalingGroupTags map[string]string

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

BootstrapExtraArgs string
Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the –apiserver-endpoint, –b64-cluster-ca and –kubelet-extra-args flags are included automatically based on other configuration parameters.
CloudFormationTags map[string]string

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

ClusterIngressRule SecurityGroupRule
The ingress rule that gives node group access.
DesiredCapacity int
The number of worker nodes that should be running in the cluster. Defaults to 2.
EncryptRootBlockDevice bool
Encrypt the root block device of the nodes in the node group.
ExtraNodeSecurityGroups SecurityGroup

Extra security groups to attach on all nodes in this worker node group.

This additional set of security groups captures any user application rules that will be needed for the nodes.

Gpu bool

Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

Defaults to false.

Note: gpu and amiId are mutually exclusive.

See for more details:

InstanceProfile InstanceProfile
The ingress rule that gives node group access.
InstanceType string
The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.
KeyName string
Name of the key pair to use for SSH access to worker nodes.
KubeletExtraArgs string
Extra args to pass to the Kubelet. Corresponds to the options passed in the –kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using –node-labels and –register-with-taints respectively) after to the expicit kubeletExtraArgs.
Labels map[string]string
Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the –node-labels kubelet argument.
MaxSize int
The maximum number of worker nodes running in the cluster. Defaults to 2.
MinSize int
The minimum number of worker nodes running in the cluster. Defaults to 1.
NodeAssociatePublicIpAddress bool
Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
NodePublicKey string
Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
NodeRootVolumeSize int
The size in GiB of a cluster node’s root volume. Defaults to 20.
NodeSecurityGroup SecurityGroup

The security group for the worker node group to communicate with the cluster.

This security group requires specific inbound and outbound rules.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive.

NodeSubnetIds []string

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

NodeUserData string
Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
NodeUserDataOverride string

User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

SpotPrice string
Bidding price for spot instance. If set, only spot instances will be added as worker node.
Taints map[string]Taint
Custom k8s node taints to be attached to each worker node. Adds the given taints to the –register-with-taints kubelet argument
Version string
Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
amiId string

The AMI ID to use for the worker nodes.

Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

Note: amiId and gpu are mutually exclusive.

See for more details:

autoScalingGroupTags {[key: string]: string}

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

bootstrapExtraArgs string
Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the –apiserver-endpoint, –b64-cluster-ca and –kubelet-extra-args flags are included automatically based on other configuration parameters.
cloudFormationTags {[key: string]: string}

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

clusterIngressRule pulumiAwsec2SecurityGroupRule
The ingress rule that gives node group access.
desiredCapacity number
The number of worker nodes that should be running in the cluster. Defaults to 2.
encryptRootBlockDevice boolean
Encrypt the root block device of the nodes in the node group.
extraNodeSecurityGroups pulumiAwsec2SecurityGroup[]

Extra security groups to attach on all nodes in this worker node group.

This additional set of security groups captures any user application rules that will be needed for the nodes.

gpu boolean

Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

Defaults to false.

Note: gpu and amiId are mutually exclusive.

See for more details:

instanceProfile pulumiAwsiamInstanceProfile
The ingress rule that gives node group access.
instanceType string
The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.
keyName string
Name of the key pair to use for SSH access to worker nodes.
kubeletExtraArgs string
Extra args to pass to the Kubelet. Corresponds to the options passed in the –kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using –node-labels and –register-with-taints respectively) after to the expicit kubeletExtraArgs.
labels {[key: string]: string}
Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the –node-labels kubelet argument.
maxSize number
The maximum number of worker nodes running in the cluster. Defaults to 2.
minSize number
The minimum number of worker nodes running in the cluster. Defaults to 1.
nodeAssociatePublicIpAddress boolean
Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
nodePublicKey string
Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
nodeRootVolumeSize number
The size in GiB of a cluster node’s root volume. Defaults to 20.
nodeSecurityGroup pulumiAwsec2SecurityGroup

The security group for the worker node group to communicate with the cluster.

This security group requires specific inbound and outbound rules.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive.

nodeSubnetIds string[]

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

nodeUserData string
Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
nodeUserDataOverride string

User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

spotPrice string
Bidding price for spot instance. If set, only spot instances will be added as worker node.
taints {[key: string]: Taint}
Custom k8s node taints to be attached to each worker node. Adds the given taints to the –register-with-taints kubelet argument
version string
Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
ami_id str

The AMI ID to use for the worker nodes.

Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.

Note: amiId and gpu are mutually exclusive.

See for more details:

auto_scaling_group_tags Mapping[str, str]

The tags to apply to the NodeGroup’s AutoScalingGroup in the CloudFormation Stack.

Per AWS, all stack-level tags, including automatically created tags, and the cloudFormationTags option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.html

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

bootstrap_extra_args str
Additional args to pass directly to /etc/eks/bootstrap.sh. Fror details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the –apiserver-endpoint, –b64-cluster-ca and –kubelet-extra-args flags are included automatically based on other configuration parameters.
cloud_formation_tags Mapping[str, str]

The tags to apply to the CloudFormation Stack of the Worker NodeGroup.

Note: Given the inheritance of auto-generated CF tags and cloudFormationTags, you should either supply the tag in autoScalingGroupTags or cloudFormationTags, but not both.

cluster_ingress_rule SecurityGroupRule
The ingress rule that gives node group access.
desired_capacity int
The number of worker nodes that should be running in the cluster. Defaults to 2.
encrypt_root_block_device bool
Encrypt the root block device of the nodes in the node group.
extra_node_security_groups SecurityGroup]

Extra security groups to attach on all nodes in this worker node group.

This additional set of security groups captures any user application rules that will be needed for the nodes.

gpu bool

Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.

Defaults to false.

Note: gpu and amiId are mutually exclusive.

See for more details:

instance_profile InstanceProfile
The ingress rule that gives node group access.
instance_type str
The instance type to use for the cluster’s nodes. Defaults to “t2.medium”.
key_name str
Name of the key pair to use for SSH access to worker nodes.
kubelet_extra_args str
Extra args to pass to the Kubelet. Corresponds to the options passed in the –kubeletExtraArgs flag to /etc/eks/bootstrap.sh. For example, ‘–port=10251 –address=0.0.0.0’. Note that the labels and taints properties will be applied to this list (using –node-labels and –register-with-taints respectively) after to the expicit kubeletExtraArgs.
labels Mapping[str, str]
Custom k8s node labels to be attached to each woker node. Adds the given key/value pairs to the –node-labels kubelet argument.
max_size int
The maximum number of worker nodes running in the cluster. Defaults to 2.
min_size int
The minimum number of worker nodes running in the cluster. Defaults to 1.
node_associate_public_ip_address bool
Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
node_public_key str
Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
node_root_volume_size int
The size in GiB of a cluster node’s root volume. Defaults to 20.
node_security_group SecurityGroup

The security group for the worker node group to communicate with the cluster.

This security group requires specific inbound and outbound rules.

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html

Note: The nodeSecurityGroup option and the cluster optionnodeSecurityGroupTags are mutually exclusive.

node_subnet_ids Sequence[str]

The set of subnets to override and use for the worker node group.

Setting this option overrides which subnets to use for the worker node group, regardless if the cluster’s subnetIds is set, or if publicSubnetIds and/or privateSubnetIds were set.

node_user_data str
Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a #!).
node_user_data_override str

User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).

See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html

spot_price str
Bidding price for spot instance. If set, only spot instances will be added as worker node.
taints Mapping[str, Taint]
Custom k8s node taints to be attached to each worker node. Adds the given taints to the –register-with-taints kubelet argument
version str
Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.

CoreData

Cluster Pulumi.Aws.Eks.Cluster
ClusterSecurityGroup Pulumi.Aws.Ec2.SecurityGroup
Endpoint string
InstanceRoles List<Pulumi.Aws.Iam.Role>
NodeGroupOptions ClusterNodeGroupOptions
Provider Pulumi.Kubernetes.Provider
SubnetIds List<string>
VpcId string
AwsProvider Pulumi.Aws.Provider
EksNodeAccess Pulumi.Kubernetes.Core.V1.ConfigMap
EncryptionConfig Pulumi.Aws.Eks.Inputs.ClusterEncryptionConfig
FargateProfile Pulumi.Aws.Eks.FargateProfile
Kubeconfig object
NodeSecurityGroupTags Dictionary<string, string>
OidcProvider Pulumi.Aws.Iam.OpenIdConnectProvider
PrivateSubnetIds List<string>
PublicSubnetIds List<string>
StorageClasses Dictionary<string, Pulumi.Kubernetes.Storage.V1.StorageClass>
Tags Dictionary<string, string>
VpcCni Pulumi.Eks.VpcCni
Cluster Cluster
ClusterSecurityGroup SecurityGroup
Endpoint string
InstanceRoles Role
NodeGroupOptions ClusterNodeGroupOptions
Provider Provider
SubnetIds []string
VpcId string
AwsProvider Provider
EksNodeAccess ConfigMap
EncryptionConfig ClusterEncryptionConfig
FargateProfile FargateProfile
Kubeconfig interface{}
NodeSecurityGroupTags map[string]string
OidcProvider OpenIdConnectProvider
PrivateSubnetIds []string
PublicSubnetIds []string
StorageClasses StorageClass
Tags map[string]string
VpcCni VpcCni
cluster pulumiAwseksCluster
clusterSecurityGroup pulumiAwsec2SecurityGroup
endpoint string
instanceRoles pulumiAwsiamRole[]
nodeGroupOptions ClusterNodeGroupOptions
provider pulumiKubernetesProvider
subnetIds string[]
vpcId string
awsProvider pulumiAwsProvider
eksNodeAccess pulumiKubernetescorev1ConfigMap
encryptionConfig pulumiAwstypesinputeksClusterEncryptionConfig
fargateProfile pulumiAwseksFargateProfile
kubeconfig any
nodeSecurityGroupTags {[key: string]: string}
oidcProvider pulumiAwsiamOpenIdConnectProvider
privateSubnetIds string[]
publicSubnetIds string[]
storageClasses {[key: string]: pulumiKubernetesstoragev1StorageClass}
tags {[key: string]: string}
vpcCni VpcCni

Taint

Effect string
The effect of the taint.
Value string
The value of the taint.
Effect string
The effect of the taint.
Value string
The value of the taint.
effect string
The effect of the taint.
value string
The value of the taint.
effect str
The effect of the taint.
value str
The value of the taint.

Package Details

Repository
https://github.com/pulumi/pulumi-eks
License
Apache-2.0