eks.NodeGroup
Explore with Pulumi AI
NodeGroup is a component that wraps the AWS EC2 instances that provide compute capacity for an EKS cluster.
Create NodeGroup Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NodeGroup(name: string, args: NodeGroupArgs, opts?: ComponentResourceOptions);
@overload
def NodeGroup(resource_name: str,
args: NodeGroupArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NodeGroup(resource_name: str,
opts: Optional[ResourceOptions] = None,
ami_id: Optional[str] = None,
ami_type: Optional[str] = None,
auto_scaling_group_tags: Optional[Mapping[str, str]] = None,
bootstrap_extra_args: Optional[str] = None,
bottlerocket_settings: Optional[Mapping[str, Any]] = None,
cloud_formation_tags: Optional[Mapping[str, str]] = None,
cluster: Optional[Union[Cluster, CoreDataArgs]] = None,
cluster_ingress_rule: Optional[pulumi_aws.ec2.SecurityGroupRule] = None,
cluster_ingress_rule_id: Optional[str] = None,
desired_capacity: Optional[int] = None,
enable_detailed_monitoring: Optional[bool] = None,
encrypt_root_block_device: Optional[bool] = None,
extra_node_security_groups: Optional[Sequence[pulumi_aws.ec2.SecurityGroup]] = None,
gpu: Optional[bool] = None,
instance_profile: Optional[pulumi_aws.iam.InstanceProfile] = None,
instance_profile_name: Optional[str] = None,
instance_type: Optional[str] = None,
key_name: Optional[str] = None,
kubelet_extra_args: Optional[str] = None,
labels: Optional[Mapping[str, str]] = None,
max_size: Optional[int] = None,
min_size: Optional[int] = None,
node_associate_public_ip_address: Optional[bool] = None,
node_public_key: Optional[str] = None,
node_root_volume_delete_on_termination: Optional[bool] = None,
node_root_volume_encrypted: Optional[bool] = None,
node_root_volume_iops: Optional[int] = None,
node_root_volume_size: Optional[int] = None,
node_root_volume_throughput: Optional[int] = None,
node_root_volume_type: Optional[str] = None,
node_security_group: Optional[pulumi_aws.ec2.SecurityGroup] = None,
node_security_group_id: Optional[str] = None,
node_subnet_ids: Optional[Sequence[str]] = None,
node_user_data: Optional[str] = None,
node_user_data_override: Optional[str] = None,
nodeadm_extra_options: Optional[Sequence[NodeadmOptionsArgs]] = None,
operating_system: Optional[OperatingSystem] = None,
spot_price: Optional[str] = None,
taints: Optional[Mapping[str, TaintArgs]] = None,
version: Optional[str] = None)
func NewNodeGroup(ctx *Context, name string, args NodeGroupArgs, opts ...ResourceOption) (*NodeGroup, error)
public NodeGroup(string name, NodeGroupArgs args, ComponentResourceOptions? opts = null)
public NodeGroup(String name, NodeGroupArgs args)
public NodeGroup(String name, NodeGroupArgs args, ComponentResourceOptions options)
type: eks:NodeGroup
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NodeGroupArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NodeGroupArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NodeGroupArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NodeGroupArgs
- The arguments to resource properties.
- opts ComponentResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NodeGroupArgs
- The arguments to resource properties.
- options ComponentResourceOptions
- Bag of options to control resource's behavior.
NodeGroup Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The NodeGroup resource accepts the following input properties:
- Cluster
Pulumi.
Eks. Cluster | Core Data - The target EKS cluster.
- Ami
Id string The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- Ami
Type string The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Dictionary<string, string>
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Bootstrap
Extra stringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - Bottlerocket
Settings Dictionary<string, object> The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- Dictionary<string, string>
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Cluster
Ingress Pulumi.Rule Aws. Ec2. Security Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- Cluster
Ingress stringRule Id - The ID of the ingress rule that gives node group access.
- Desired
Capacity int - The number of worker nodes that should be running in the cluster. Defaults to 2.
- Enable
Detailed boolMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- Encrypt
Root boolBlock Device - Encrypt the root block device of the nodes in the node group.
- Extra
Node List<Pulumi.Security Groups Aws. Ec2. Security Group> Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- Gpu bool
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- Instance
Profile Pulumi.Aws. Iam. Instance Profile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- Instance
Profile stringName - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- Instance
Type string - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- Key
Name string - Name of the key pair to use for SSH access to worker nodes.
- Kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - Labels Dictionary<string, string>
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - Max
Size int - The maximum number of worker nodes running in the cluster. Defaults to 2.
- Min
Size int - The minimum number of worker nodes running in the cluster. Defaults to 1.
- Node
Associate boolPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- Node
Public stringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- Node
Root boolVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- Node
Root boolVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- Node
Root intVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- Node
Root intVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- Node
Root intVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- Node
Root stringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- Node
Security Pulumi.Group Aws. Ec2. Security Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- Node
Security stringGroup Id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- Node
Subnet List<string>Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- Node
User stringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - Node
User stringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- Nodeadm
Extra List<NodeadmOptions Options> Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- Operating
System Pulumi.Eks. Operating System The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- Spot
Price string - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- Taints
Dictionary<string, Taint
Args> - Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - Version string
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- Cluster
Cluster | Core
Data Args - The target EKS cluster.
- Ami
Id string The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- Ami
Type string The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- map[string]string
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Bootstrap
Extra stringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - Bottlerocket
Settings map[string]interface{} The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- map[string]string
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Cluster
Ingress SecurityRule Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- Cluster
Ingress stringRule Id - The ID of the ingress rule that gives node group access.
- Desired
Capacity int - The number of worker nodes that should be running in the cluster. Defaults to 2.
- Enable
Detailed boolMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- Encrypt
Root boolBlock Device - Encrypt the root block device of the nodes in the node group.
- Extra
Node SecuritySecurity Groups Group Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- Gpu bool
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- Instance
Profile InstanceProfile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- Instance
Profile stringName - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- Instance
Type string - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- Key
Name string - Name of the key pair to use for SSH access to worker nodes.
- Kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - Labels map[string]string
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - Max
Size int - The maximum number of worker nodes running in the cluster. Defaults to 2.
- Min
Size int - The minimum number of worker nodes running in the cluster. Defaults to 1.
- Node
Associate boolPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- Node
Public stringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- Node
Root boolVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- Node
Root boolVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- Node
Root intVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- Node
Root intVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- Node
Root intVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- Node
Root stringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- Node
Security SecurityGroup Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- Node
Security stringGroup Id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- Node
Subnet []stringIds The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- Node
User stringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - Node
User stringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- Nodeadm
Extra []NodeadmOptions Options Args Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- Operating
System OperatingSystem The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- Spot
Price string - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- Taints
map[string]Taint
Args - Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - Version string
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- cluster
Cluster | Core
Data - The target EKS cluster.
- ami
Id String The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami
Type String The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Map<String,String>
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap
Extra StringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - bottlerocket
Settings Map<String,Object> The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- Map<String,String>
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster
Ingress SecurityRule Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- cluster
Ingress StringRule Id - The ID of the ingress rule that gives node group access.
- desired
Capacity Integer - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable
Detailed BooleanMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt
Root BooleanBlock Device - Encrypt the root block device of the nodes in the node group.
- extra
Node List<SecuritySecurity Groups Group> Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu Boolean
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- instance
Profile InstanceProfile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- instance
Profile StringName - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- instance
Type String - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- key
Name String - Name of the key pair to use for SSH access to worker nodes.
- kubelet
Extra StringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels Map<String,String>
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - max
Size Integer - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min
Size Integer - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node
Associate BooleanPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node
Public StringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node
Root BooleanVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node
Root BooleanVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node
Root IntegerVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node
Root IntegerVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node
Root IntegerVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node
Root StringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node
Security SecurityGroup Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node
Security StringGroup Id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- node
Subnet List<String>Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node
User StringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node
User StringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- nodeadm
Extra List<NodeadmOptions Options> Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- operating
System OperatingSystem The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- spot
Price String - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints
Map<String,Taint
Args> - Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version String
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- cluster
Cluster | Core
Data - The target EKS cluster.
- ami
Id string The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami
Type string The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- {[key: string]: string}
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap
Extra stringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - bottlerocket
Settings {[key: string]: any} The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- {[key: string]: string}
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster
Ingress pulumiRule Awsec2Security Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- cluster
Ingress stringRule Id - The ID of the ingress rule that gives node group access.
- desired
Capacity number - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable
Detailed booleanMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt
Root booleanBlock Device - Encrypt the root block device of the nodes in the node group.
- extra
Node pulumiSecurity Groups Awsec2Security Group[] Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu boolean
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- instance
Profile pulumiAwsiam Instance Profile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- instance
Profile stringName - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- instance
Type string - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- key
Name string - Name of the key pair to use for SSH access to worker nodes.
- kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels {[key: string]: string}
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - max
Size number - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min
Size number - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node
Associate booleanPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node
Public stringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node
Root booleanVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node
Root booleanVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node
Root numberVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node
Root numberVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node
Root numberVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node
Root stringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node
Security pulumiGroup Awsec2Security Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node
Security stringGroup Id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- node
Subnet string[]Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node
User stringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node
User stringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- nodeadm
Extra NodeadmOptions Options[] Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- operating
System OperatingSystem The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- spot
Price string - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints
{[key: string]: Taint
Args} - Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version string
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- cluster
Cluster | Core
Data Args - The target EKS cluster.
- ami_
id str The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami_
type str The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Mapping[str, str]
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap_
extra_ strargs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - bottlerocket_
settings Mapping[str, Any] The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- Mapping[str, str]
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster_
ingress_ pulumi_rule aws.ec2. Security Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- cluster_
ingress_ strrule_ id - The ID of the ingress rule that gives node group access.
- desired_
capacity int - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable_
detailed_ boolmonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt_
root_ boolblock_ device - Encrypt the root block device of the nodes in the node group.
- extra_
node_ Sequence[pulumi_security_ groups aws.ec2. Security Group] Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu bool
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- instance_
profile pulumi_aws.iam. Instance Profile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- instance_
profile_ strname - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- instance_
type str - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- key_
name str - Name of the key pair to use for SSH access to worker nodes.
- kubelet_
extra_ strargs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels Mapping[str, str]
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - max_
size int - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min_
size int - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node_
associate_ boolpublic_ ip_ address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node_
public_ strkey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node_
root_ boolvolume_ delete_ on_ termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node_
root_ boolvolume_ encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node_
root_ intvolume_ iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node_
root_ intvolume_ size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node_
root_ intvolume_ throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node_
root_ strvolume_ type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node_
security_ pulumi_group aws.ec2. Security Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node_
security_ strgroup_ id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- node_
subnet_ Sequence[str]ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node_
user_ strdata - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node_
user_ strdata_ override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- nodeadm_
extra_ Sequence[Nodeadmoptions Options Args] Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- operating_
system OperatingSystem The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- spot_
price str - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints
Mapping[str, Taint
Args] - Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version str
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- cluster eks:Cluster | Property Map
- The target EKS cluster.
- ami
Id String The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami
Type String The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Map<String>
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap
Extra StringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - bottlerocket
Settings Map<Any> The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- Map<String>
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster
Ingress aws:ec2:SecurityRule Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- cluster
Ingress StringRule Id - The ID of the ingress rule that gives node group access.
- desired
Capacity Number - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable
Detailed BooleanMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt
Root BooleanBlock Device - Encrypt the root block device of the nodes in the node group.
- extra
Node List<aws:ec2:SecuritySecurity Groups Group> Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu Boolean
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- instance
Profile aws:iam:InstanceProfile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- instance
Profile StringName - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- instance
Type String - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- key
Name String - Name of the key pair to use for SSH access to worker nodes.
- kubelet
Extra StringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels Map<String>
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - max
Size Number - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min
Size Number - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node
Associate BooleanPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node
Public StringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node
Root BooleanVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node
Root BooleanVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node
Root NumberVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node
Root NumberVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node
Root NumberVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node
Root StringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node
Security aws:ec2:SecurityGroup Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node
Security StringGroup Id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- node
Subnet List<String>Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node
User StringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node
User StringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- nodeadm
Extra List<Property Map>Options Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- operating
System "AL2" | "AL2023" | "Bottlerocket" | "AL2023" The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- spot
Price String - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints Map<Property Map>
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version String
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
Outputs
All input properties are implicitly available as output properties. Additionally, the NodeGroup resource produces the following output properties:
- Auto
Scaling stringGroup Name - The AutoScalingGroup name for the Node group.
- Cfn
Stack Pulumi.Aws. Cloud Formation. Stack - The CloudFormation Stack which defines the Node AutoScalingGroup. This type is defined in the AWS Classic package.
- Auto
Scaling stringGroup Name - The AutoScalingGroup name for the Node group.
- Cfn
Stack Stack - The CloudFormation Stack which defines the Node AutoScalingGroup. This type is defined in the AWS Classic package.
- auto
Scaling StringGroup Name - The AutoScalingGroup name for the Node group.
- cfn
Stack Stack - The CloudFormation Stack which defines the Node AutoScalingGroup. This type is defined in the AWS Classic package.
- auto
Scaling stringGroup Name - The AutoScalingGroup name for the Node group.
- cfn
Stack pulumiAwscloudformation Stack - The CloudFormation Stack which defines the Node AutoScalingGroup. This type is defined in the AWS Classic package.
- auto_
scaling_ strgroup_ name - The AutoScalingGroup name for the Node group.
- cfn_
stack pulumi_aws.cloudformation. Stack - The CloudFormation Stack which defines the Node AutoScalingGroup. This type is defined in the AWS Classic package.
- auto
Scaling StringGroup Name - The AutoScalingGroup name for the Node group.
- cfn
Stack aws:cloudformation:Stack - The CloudFormation Stack which defines the Node AutoScalingGroup. This type is defined in the AWS Classic package.
Supporting Types
AccessEntry, AccessEntryArgs
- Principal
Arn string - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- Access
Policies Dictionary<string, AccessPolicy Association> - The access policies to associate to the access entry.
- Kubernetes
Groups List<string> - A list of groups within Kubernetes to which the IAM principal is mapped to.
- Dictionary<string, string>
- The tags to apply to the AccessEntry.
- Type
Pulumi.
Eks. Access Entry Type - The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- Username string
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
- Principal
Arn string - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- Access
Policies map[string]AccessPolicy Association - The access policies to associate to the access entry.
- Kubernetes
Groups []string - A list of groups within Kubernetes to which the IAM principal is mapped to.
- map[string]string
- The tags to apply to the AccessEntry.
- Type
Access
Entry Type - The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- Username string
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
- principal
Arn String - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- access
Policies Map<String,AccessPolicy Association> - The access policies to associate to the access entry.
- kubernetes
Groups List<String> - A list of groups within Kubernetes to which the IAM principal is mapped to.
- Map<String,String>
- The tags to apply to the AccessEntry.
- type
Access
Entry Type - The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- username String
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
- principal
Arn string - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- access
Policies {[key: string]: AccessPolicy Association} - The access policies to associate to the access entry.
- kubernetes
Groups string[] - A list of groups within Kubernetes to which the IAM principal is mapped to.
- {[key: string]: string}
- The tags to apply to the AccessEntry.
- type
Access
Entry Type - The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- username string
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
- principal_
arn str - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- access_
policies Mapping[str, AccessPolicy Association] - The access policies to associate to the access entry.
- kubernetes_
groups Sequence[str] - A list of groups within Kubernetes to which the IAM principal is mapped to.
- Mapping[str, str]
- The tags to apply to the AccessEntry.
- type
Access
Entry Type - The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- username str
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
- principal
Arn String - The IAM Principal ARN which requires Authentication access to the EKS cluster.
- access
Policies Map<Property Map> - The access policies to associate to the access entry.
- kubernetes
Groups List<String> - A list of groups within Kubernetes to which the IAM principal is mapped to.
- Map<String>
- The tags to apply to the AccessEntry.
- type "STANDARD" | "FARGATE_LINUX" | "EC2_LINUX" | "EC2_WINDOWS"
- The type of the new access entry. Valid values are STANDARD, FARGATE_LINUX, EC2_LINUX, and EC2_WINDOWS. Defaults to STANDARD which provides the standard workflow. EC2_LINUX, EC2_WINDOWS, FARGATE_LINUX types disallow users to input a username or kubernetesGroup, and prevent associating access policies.
- username String
- Defaults to the principalArn if the principal is a user, else defaults to assume-role/session-name.
AccessEntryType, AccessEntryTypeArgs
- Standard
- STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- Fargate
Linux - FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- EC2Linux
- EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- EC2Windows
- EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
- Access
Entry Type Standard - STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- Access
Entry Type Fargate Linux - FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- Access
Entry Type EC2Linux - EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- Access
Entry Type EC2Windows - EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
- Standard
- STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- Fargate
Linux - FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- EC2Linux
- EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- EC2Windows
- EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
- Standard
- STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- Fargate
Linux - FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- EC2Linux
- EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- EC2Windows
- EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
- STANDARD
- STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- FARGATE_LINUX
- FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- EC2_LINUX
- EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- EC2_WINDOWS
- EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
- "STANDARD"
- STANDARDStandard Access Entry Workflow. Allows users to input a username and kubernetesGroup, and to associate access policies.
- "FARGATE_LINUX"
- FARGATE_LINUXFor IAM roles used with AWS Fargate profiles.
- "EC2_LINUX"
- EC2_LINUXFor IAM roles associated with self-managed Linux node groups. Allows the nodes to join the cluster.
- "EC2_WINDOWS"
- EC2_WINDOWSFor IAM roles associated with self-managed Windows node groups. Allows the nodes to join the cluster.
AccessPolicyAssociation, AccessPolicyAssociationArgs
- Access
Scope Pulumi.Aws. Eks. Inputs. Access Policy Association Access Scope - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- Policy
Arn string - The ARN of the access policy to associate with the principal
- Access
Scope AccessPolicy Association Access Scope - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- Policy
Arn string - The ARN of the access policy to associate with the principal
- access
Scope AccessPolicy Association Access Scope - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- policy
Arn String - The ARN of the access policy to associate with the principal
- access
Scope pulumiAwstypesinputeks Access Policy Association Access Scope - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- policy
Arn string - The ARN of the access policy to associate with the principal
- access_
scope pulumi_aws.eks. Access Policy Association Access Scope Args - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- policy_
arn str - The ARN of the access policy to associate with the principal
- access
Scope Property Map - The scope of the access policy association. This controls whether the access policy is scoped to the cluster or to a particular namespace. This type is defined in the AWS Classic package.
- policy
Arn String - The ARN of the access policy to associate with the principal
ClusterNodeGroupOptions, ClusterNodeGroupOptionsArgs
- Ami
Id string The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- Ami
Type string The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Dictionary<string, string>
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Bootstrap
Extra stringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - Bottlerocket
Settings Dictionary<string, object> The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- Dictionary<string, string>
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Cluster
Ingress Pulumi.Rule Aws. Ec2. Security Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- Cluster
Ingress stringRule Id - The ID of the ingress rule that gives node group access.
- Desired
Capacity int - The number of worker nodes that should be running in the cluster. Defaults to 2.
- Enable
Detailed boolMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- Encrypt
Root boolBlock Device - Encrypt the root block device of the nodes in the node group.
- Extra
Node List<Pulumi.Security Groups Aws. Ec2. Security Group> Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- Gpu bool
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- Ignore
Scaling boolChanges Whether to ignore changes to the desired size of the Auto Scaling Group. This is useful when using Cluster Autoscaler.
See EKS best practices for more details.
- Instance
Profile Pulumi.Aws. Iam. Instance Profile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- Instance
Profile stringName - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- Instance
Type string - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- Key
Name string - Name of the key pair to use for SSH access to worker nodes.
- Kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - Labels Dictionary<string, string>
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - List<Pulumi.
Aws. Ec2. Inputs. Launch Template Tag Specification> - The tag specifications to apply to the launch template.
- Max
Size int - The maximum number of worker nodes running in the cluster. Defaults to 2.
- Min
Refresh intPercentage - The minimum amount of instances that should remain available during an instance refresh, expressed as a percentage. Defaults to 50.
- Min
Size int - The minimum number of worker nodes running in the cluster. Defaults to 1.
- Node
Associate boolPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- Node
Public stringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- Node
Root boolVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- Node
Root boolVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- Node
Root intVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- Node
Root intVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- Node
Root intVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- Node
Root stringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- Node
Security Pulumi.Group Aws. Ec2. Security Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- Node
Security stringGroup Id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- Node
Subnet List<string>Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- Node
User stringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - Node
User stringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- Nodeadm
Extra List<NodeadmOptions Options> Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- Operating
System Pulumi.Eks. Operating System The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- Spot
Price string - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- Taints Dictionary<string, Taint>
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - Version string
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- Ami
Id string The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- Ami
Type string The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- map[string]string
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Bootstrap
Extra stringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - Bottlerocket
Settings map[string]interface{} The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- map[string]string
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- Cluster
Ingress SecurityRule Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- Cluster
Ingress stringRule Id - The ID of the ingress rule that gives node group access.
- Desired
Capacity int - The number of worker nodes that should be running in the cluster. Defaults to 2.
- Enable
Detailed boolMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- Encrypt
Root boolBlock Device - Encrypt the root block device of the nodes in the node group.
- Extra
Node SecuritySecurity Groups Group Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- Gpu bool
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- Ignore
Scaling boolChanges Whether to ignore changes to the desired size of the Auto Scaling Group. This is useful when using Cluster Autoscaler.
See EKS best practices for more details.
- Instance
Profile InstanceProfile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- Instance
Profile stringName - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- Instance
Type string - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- Key
Name string - Name of the key pair to use for SSH access to worker nodes.
- Kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - Labels map[string]string
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - Launch
Template Tag Specification - The tag specifications to apply to the launch template.
- Max
Size int - The maximum number of worker nodes running in the cluster. Defaults to 2.
- Min
Refresh intPercentage - The minimum amount of instances that should remain available during an instance refresh, expressed as a percentage. Defaults to 50.
- Min
Size int - The minimum number of worker nodes running in the cluster. Defaults to 1.
- Node
Associate boolPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- Node
Public stringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- Node
Root boolVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- Node
Root boolVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- Node
Root intVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- Node
Root intVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- Node
Root intVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- Node
Root stringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- Node
Security SecurityGroup Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- Node
Security stringGroup Id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- Node
Subnet []stringIds The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- Node
User stringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - Node
User stringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- Nodeadm
Extra []NodeadmOptions Options Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- Operating
System OperatingSystem The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- Spot
Price string - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- Taints map[string]Taint
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - Version string
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- ami
Id String The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami
Type String The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Map<String,String>
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap
Extra StringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - bottlerocket
Settings Map<String,Object> The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- Map<String,String>
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster
Ingress SecurityRule Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- cluster
Ingress StringRule Id - The ID of the ingress rule that gives node group access.
- desired
Capacity Integer - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable
Detailed BooleanMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt
Root BooleanBlock Device - Encrypt the root block device of the nodes in the node group.
- extra
Node List<SecuritySecurity Groups Group> Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu Boolean
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- ignore
Scaling BooleanChanges Whether to ignore changes to the desired size of the Auto Scaling Group. This is useful when using Cluster Autoscaler.
See EKS best practices for more details.
- instance
Profile InstanceProfile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- instance
Profile StringName - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- instance
Type String - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- key
Name String - Name of the key pair to use for SSH access to worker nodes.
- kubelet
Extra StringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels Map<String,String>
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - List<Launch
Template Tag Specification> - The tag specifications to apply to the launch template.
- max
Size Integer - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min
Refresh IntegerPercentage - The minimum amount of instances that should remain available during an instance refresh, expressed as a percentage. Defaults to 50.
- min
Size Integer - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node
Associate BooleanPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node
Public StringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node
Root BooleanVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node
Root BooleanVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node
Root IntegerVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node
Root IntegerVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node
Root IntegerVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node
Root StringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node
Security SecurityGroup Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node
Security StringGroup Id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- node
Subnet List<String>Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node
User StringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node
User StringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- nodeadm
Extra List<NodeadmOptions Options> Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- operating
System OperatingSystem The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- spot
Price String - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints Map<String,Taint>
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version String
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- ami
Id string The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami
Type string The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- {[key: string]: string}
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap
Extra stringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - bottlerocket
Settings {[key: string]: any} The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- {[key: string]: string}
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster
Ingress pulumiRule Awsec2Security Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- cluster
Ingress stringRule Id - The ID of the ingress rule that gives node group access.
- desired
Capacity number - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable
Detailed booleanMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt
Root booleanBlock Device - Encrypt the root block device of the nodes in the node group.
- extra
Node pulumiSecurity Groups Awsec2Security Group[] Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu boolean
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- ignore
Scaling booleanChanges Whether to ignore changes to the desired size of the Auto Scaling Group. This is useful when using Cluster Autoscaler.
See EKS best practices for more details.
- instance
Profile pulumiAwsiam Instance Profile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- instance
Profile stringName - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- instance
Type string - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- key
Name string - Name of the key pair to use for SSH access to worker nodes.
- kubelet
Extra stringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels {[key: string]: string}
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - pulumi
Awstypesinputec2Launch Template Tag Specification[] - The tag specifications to apply to the launch template.
- max
Size number - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min
Refresh numberPercentage - The minimum amount of instances that should remain available during an instance refresh, expressed as a percentage. Defaults to 50.
- min
Size number - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node
Associate booleanPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node
Public stringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node
Root booleanVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node
Root booleanVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node
Root numberVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node
Root numberVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node
Root numberVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node
Root stringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node
Security pulumiGroup Awsec2Security Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node
Security stringGroup Id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- node
Subnet string[]Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node
User stringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node
User stringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- nodeadm
Extra NodeadmOptions Options[] Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- operating
System OperatingSystem The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- spot
Price string - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints {[key: string]: Taint}
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version string
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- ami_
id str The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami_
type str The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Mapping[str, str]
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap_
extra_ strargs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - bottlerocket_
settings Mapping[str, Any] The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- Mapping[str, str]
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster_
ingress_ pulumi_rule aws.ec2. Security Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- cluster_
ingress_ strrule_ id - The ID of the ingress rule that gives node group access.
- desired_
capacity int - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable_
detailed_ boolmonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt_
root_ boolblock_ device - Encrypt the root block device of the nodes in the node group.
- extra_
node_ Sequence[pulumi_security_ groups aws.ec2. Security Group] Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu bool
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- ignore_
scaling_ boolchanges Whether to ignore changes to the desired size of the Auto Scaling Group. This is useful when using Cluster Autoscaler.
See EKS best practices for more details.
- instance_
profile pulumi_aws.iam. Instance Profile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- instance_
profile_ strname - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- instance_
type str - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- key_
name str - Name of the key pair to use for SSH access to worker nodes.
- kubelet_
extra_ strargs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels Mapping[str, str]
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - launch_
template_ Sequence[pulumi_tag_ specifications aws.ec2. Launch Template Tag Specification Args] - The tag specifications to apply to the launch template.
- max_
size int - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min_
refresh_ intpercentage - The minimum amount of instances that should remain available during an instance refresh, expressed as a percentage. Defaults to 50.
- min_
size int - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node_
associate_ boolpublic_ ip_ address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node_
public_ strkey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node_
root_ boolvolume_ delete_ on_ termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node_
root_ boolvolume_ encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node_
root_ intvolume_ iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node_
root_ intvolume_ size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node_
root_ intvolume_ throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node_
root_ strvolume_ type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node_
security_ pulumi_group aws.ec2. Security Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node_
security_ strgroup_ id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- node_
subnet_ Sequence[str]ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node_
user_ strdata - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node_
user_ strdata_ override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- nodeadm_
extra_ Sequence[Nodeadmoptions Options] Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- operating_
system OperatingSystem The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- spot_
price str - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints Mapping[str, Taint]
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version str
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
- ami
Id String The AMI ID to use for the worker nodes.
Defaults to the latest recommended EKS Optimized Linux AMI from the AWS Systems Manager Parameter Store.
Note:
amiId
andgpu
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html.
- ami
Type String The AMI Type to use for the worker nodes.
Only applicable when setting an AMI ID that is of type
arm64
.Note:
amiType
andgpu
are mutually exclusive.- Map<String>
The tags to apply to the NodeGroup's AutoScalingGroup in the CloudFormation Stack.
Per AWS, all stack-level tags, including automatically created tags, and the
cloudFormationTags
option are propagated to resources that AWS CloudFormation supports, including the AutoScalingGroup. See https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-resource-tags.htmlNote: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- bootstrap
Extra StringArgs - Additional args to pass directly to
/etc/eks/bootstrap.sh
. For details on available options, see: https://github.com/awslabs/amazon-eks-ami/blob/master/files/bootstrap.sh. Note that the--apiserver-endpoint
,--b64-cluster-ca
and--kubelet-extra-args
flags are included automatically based on other configuration parameters. - bottlerocket
Settings Map<Any> The configuration settings for Bottlerocket OS. The settings will get merged with the base settings the provider uses to configure Bottlerocket.
This includes:
- settings.kubernetes.api-server
- settings.kubernetes.cluster-certificate
- settings.kubernetes.cluster-name
- settings.kubernetes.cluster-dns-ip
For an overview of the available settings, see https://bottlerocket.dev/en/os/1.20.x/api/settings/.
- Map<String>
The tags to apply to the CloudFormation Stack of the Worker NodeGroup.
Note: Given the inheritance of auto-generated CF tags and
cloudFormationTags
, you should either supply the tag inautoScalingGroupTags
orcloudFormationTags
, but not both.- cluster
Ingress aws:ec2:SecurityRule Group Rule - The ingress rule that gives node group access. This type is defined in the AWS Classic package.
- cluster
Ingress StringRule Id - The ID of the ingress rule that gives node group access.
- desired
Capacity Number - The number of worker nodes that should be running in the cluster. Defaults to 2.
- enable
Detailed BooleanMonitoring Enables/disables detailed monitoring of the EC2 instances.
With detailed monitoring, all metrics, including status check metrics, are available in 1-minute intervals. When enabled, you can also get aggregated data across groups of similar instances.
Note: You are charged per metric that is sent to CloudWatch. You are not charged for data storage. For more information, see "Paid tier" and "Example 1 - EC2 Detailed Monitoring" here https://aws.amazon.com/cloudwatch/pricing/.
- encrypt
Root BooleanBlock Device - Encrypt the root block device of the nodes in the node group.
- extra
Node List<aws:ec2:SecuritySecurity Groups Group> Extra security groups to attach on all nodes in this worker node group.
This additional set of security groups captures any user application rules that will be needed for the nodes.
- gpu Boolean
Use the latest recommended EKS Optimized Linux AMI with GPU support for the worker nodes from the AWS Systems Manager Parameter Store.
Defaults to false.
Note:
gpu
andamiId
are mutually exclusive.See for more details:
- https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- https://docs.aws.amazon.com/eks/latest/userguide/retrieve-ami-id.html
- ignore
Scaling BooleanChanges Whether to ignore changes to the desired size of the Auto Scaling Group. This is useful when using Cluster Autoscaler.
See EKS best practices for more details.
- instance
Profile aws:iam:InstanceProfile - The IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive. This type is defined in the AWS Classic package.
- instance
Profile StringName - The name of the IAM InstanceProfile to use on the NodeGroup. Properties instanceProfile and instanceProfileName are mutually exclusive.
- instance
Type String - The instance type to use for the cluster's nodes. Defaults to "t3.medium".
- key
Name String - Name of the key pair to use for SSH access to worker nodes.
- kubelet
Extra StringArgs - Extra args to pass to the Kubelet. Corresponds to the options passed in the
--kubeletExtraArgs
flag to/etc/eks/bootstrap.sh
. For example, '--port=10251 --address=0.0.0.0'. Note that thelabels
andtaints
properties will be applied to this list (using--node-labels
and--register-with-taints
respectively) after to the explicitkubeletExtraArgs
. - labels Map<String>
- Custom k8s node labels to be attached to each worker node. Adds the given key/value pairs to the
--node-labels
kubelet argument. - List<Property Map>
- The tag specifications to apply to the launch template.
- max
Size Number - The maximum number of worker nodes running in the cluster. Defaults to 2.
- min
Refresh NumberPercentage - The minimum amount of instances that should remain available during an instance refresh, expressed as a percentage. Defaults to 50.
- min
Size Number - The minimum number of worker nodes running in the cluster. Defaults to 1.
- node
Associate BooleanPublic Ip Address - Whether or not to auto-assign public IP addresses on the EKS worker nodes. If this toggle is set to true, the EKS workers will be auto-assigned public IPs. If false, they will not be auto-assigned public IPs.
- node
Public StringKey - Public key material for SSH access to worker nodes. See allowed formats at: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html If not provided, no SSH access is enabled on VMs.
- node
Root BooleanVolume Delete On Termination - Whether the root block device should be deleted on termination of the instance. Defaults to true.
- node
Root BooleanVolume Encrypted - Whether to encrypt a cluster node's root volume. Defaults to false.
- node
Root NumberVolume Iops - The amount of provisioned IOPS. This is only valid with a volumeType of 'io1'.
- node
Root NumberVolume Size - The size in GiB of a cluster node's root volume. Defaults to 20.
- node
Root NumberVolume Throughput - Provisioned throughput performance in integer MiB/s for a cluster node's root volume. This is only valid with a volumeType of 'gp3'.
- node
Root StringVolume Type - Configured EBS type for a cluster node's root volume. Default is 'gp2'. Supported values are 'standard', 'gp2', 'gp3', 'st1', 'sc1', 'io1'.
- node
Security aws:ec2:SecurityGroup Group The security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroup
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive. This type is defined in the AWS Classic package.- node
Security StringGroup Id The ID of the security group for the worker node group to communicate with the cluster.
This security group requires specific inbound and outbound rules.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html
Note: The
nodeSecurityGroupId
option and the cluster optionnodeSecurityGroupTags
are mutually exclusive.- node
Subnet List<String>Ids The set of subnets to override and use for the worker node group.
Setting this option overrides which subnets to use for the worker node group, regardless if the cluster's
subnetIds
is set, or ifpublicSubnetIds
and/orprivateSubnetIds
were set.- node
User StringData - Extra code to run on node startup. This code will run after the AWS EKS bootstrapping code and before the node signals its readiness to the managing CloudFormation stack. This code must be a typical user data script: critically it must begin with an interpreter directive (i.e. a
#!
). - node
User StringData Override User specified code to run on node startup. This code is expected to handle the full AWS EKS bootstrapping code and signal node readiness to the managing CloudFormation stack. This code must be a complete and executable user data script in bash (Linux) or powershell (Windows).
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/worker.html
- nodeadm
Extra List<Property Map>Options Extra nodeadm configuration sections to be added to the nodeadm user data. This can be shell scripts, nodeadm NodeConfig or any other user data compatible script. When configuring additional nodeadm NodeConfig sections, they'll be merged with the base settings the provider sets. You can overwrite base settings or provide additional settings this way. The base settings the provider sets are:
- cluster.name
- cluster.apiServerEndpoint
- cluster.certificateAuthority
- cluster.cidr
Note: This is only applicable when using AL2023. See for more details:
- https://awslabs.github.io/amazon-eks-ami/nodeadm/
- https://awslabs.github.io/amazon-eks-ami/nodeadm/doc/api/
- operating
System "AL2" | "AL2023" | "Bottlerocket" | "AL2023" The type of OS to use for the node group. Will be used to determine the right EKS optimized AMI to use based on the instance types and gpu configuration. Valid values are
RECOMMENDED
,AL2
,AL2023
andBottlerocket
.Defaults to the current recommended OS.
- spot
Price String - Bidding price for spot instance. If set, only spot instances will be added as worker node.
- taints Map<Property Map>
- Custom k8s node taints to be attached to each worker node. Adds the given taints to the
--register-with-taints
kubelet argument - version String
- Desired Kubernetes master / control plane version. If you do not specify a value, the latest available version is used.
CoreData, CoreDataArgs
- Cluster
Pulumi.
Aws. Eks. Cluster - This type is defined in the AWS Classic package.
- Cluster
Iam Pulumi.Role Aws. Iam. Role - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- Endpoint string
- The EKS cluster's Kubernetes API server endpoint.
- Instance
Roles List<Pulumi.Aws. Iam. Role> - The IAM instance roles for the cluster's nodes.
- Node
Group ClusterOptions Node Group Options - The cluster's node group options.
- Provider
Pulumi.
Kubernetes. Provider - This type is defined in the pulumi package.
- Subnet
Ids List<string> - List of subnet IDs for the EKS cluster.
- Vpc
Id string - ID of the cluster's VPC.
- Access
Entries List<AccessEntry> - The access entries added to the cluster.
- Aws
Provider Pulumi.Aws. Provider - This type is defined in the pulumi package.
- Cluster
Security Pulumi.Group Aws. Ec2. Security Group - This type is defined in the AWS Classic package.
- Eks
Node Pulumi.Access Kubernetes. Core. V1. Config Map - This type is defined in the Kubernetes package.
- Encryption
Config Pulumi.Aws. Eks. Inputs. Cluster Encryption Config - This type is defined in the AWS Classic package.
- Fargate
Profile Pulumi.Aws. Eks. Fargate Profile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- Kubeconfig object
- The kubeconfig file for the cluster.
- Dictionary<string, string>
- Tags attached to the security groups associated with the cluster's worker nodes.
- Oidc
Provider Pulumi.Aws. Iam. Open Id Connect Provider - This type is defined in the AWS Classic package.
- Private
Subnet List<string>Ids - List of subnet IDs for the private subnets.
- Public
Subnet List<string>Ids - List of subnet IDs for the public subnets.
- Storage
Classes Dictionary<string, Pulumi.Kubernetes. Storage. V1. Storage Class> - The storage class used for persistent storage by the cluster.
- Dictionary<string, string>
- A map of tags assigned to the EKS cluster.
- Vpc
Cni Pulumi.Eks. Vpc Cni Addon - The VPC CNI for the cluster.
- Cluster Cluster
- This type is defined in the AWS Classic package.
- Cluster
Iam RoleRole - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- Endpoint string
- The EKS cluster's Kubernetes API server endpoint.
- Instance
Roles Role - The IAM instance roles for the cluster's nodes.
- Node
Group ClusterOptions Node Group Options - The cluster's node group options.
- Provider Provider
- This type is defined in the pulumi package.
- Subnet
Ids []string - List of subnet IDs for the EKS cluster.
- Vpc
Id string - ID of the cluster's VPC.
- Access
Entries []AccessEntry - The access entries added to the cluster.
- Aws
Provider Provider - This type is defined in the pulumi package.
- Cluster
Security SecurityGroup Group - This type is defined in the AWS Classic package.
- Eks
Node ConfigAccess Map - This type is defined in the Kubernetes package.
- Encryption
Config ClusterEncryption Config - This type is defined in the AWS Classic package.
- Fargate
Profile FargateProfile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- Kubeconfig interface{}
- The kubeconfig file for the cluster.
- map[string]string
- Tags attached to the security groups associated with the cluster's worker nodes.
- Oidc
Provider OpenId Connect Provider - This type is defined in the AWS Classic package.
- Private
Subnet []stringIds - List of subnet IDs for the private subnets.
- Public
Subnet []stringIds - List of subnet IDs for the public subnets.
- Storage
Classes StorageClass - The storage class used for persistent storage by the cluster.
- map[string]string
- A map of tags assigned to the EKS cluster.
- Vpc
Cni VpcCni Addon - The VPC CNI for the cluster.
- cluster Cluster
- This type is defined in the AWS Classic package.
- cluster
Iam RoleRole - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- endpoint String
- The EKS cluster's Kubernetes API server endpoint.
- instance
Roles List<Role> - The IAM instance roles for the cluster's nodes.
- node
Group ClusterOptions Node Group Options - The cluster's node group options.
- provider Provider
- This type is defined in the pulumi package.
- subnet
Ids List<String> - List of subnet IDs for the EKS cluster.
- vpc
Id String - ID of the cluster's VPC.
- access
Entries List<AccessEntry> - The access entries added to the cluster.
- aws
Provider Provider - This type is defined in the pulumi package.
- cluster
Security SecurityGroup Group - This type is defined in the AWS Classic package.
- eks
Node ConfigAccess Map - This type is defined in the Kubernetes package.
- encryption
Config ClusterEncryption Config - This type is defined in the AWS Classic package.
- fargate
Profile FargateProfile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- kubeconfig Object
- The kubeconfig file for the cluster.
- Map<String,String>
- Tags attached to the security groups associated with the cluster's worker nodes.
- oidc
Provider OpenId Connect Provider - This type is defined in the AWS Classic package.
- private
Subnet List<String>Ids - List of subnet IDs for the private subnets.
- public
Subnet List<String>Ids - List of subnet IDs for the public subnets.
- storage
Classes Map<String,StorageClass> - The storage class used for persistent storage by the cluster.
- Map<String,String>
- A map of tags assigned to the EKS cluster.
- vpc
Cni VpcCni Addon - The VPC CNI for the cluster.
- cluster
pulumi
Awseks Cluster - This type is defined in the AWS Classic package.
- cluster
Iam pulumiRole Awsiam Role - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- endpoint string
- The EKS cluster's Kubernetes API server endpoint.
- instance
Roles pulumiAwsiam Role[] - The IAM instance roles for the cluster's nodes.
- node
Group ClusterOptions Node Group Options - The cluster's node group options.
- provider
pulumi
Kubernetes Provider - This type is defined in the pulumi package.
- subnet
Ids string[] - List of subnet IDs for the EKS cluster.
- vpc
Id string - ID of the cluster's VPC.
- access
Entries AccessEntry[] - The access entries added to the cluster.
- aws
Provider pulumiAws Provider - This type is defined in the pulumi package.
- cluster
Security pulumiGroup Awsec2Security Group - This type is defined in the AWS Classic package.
- eks
Node pulumiAccess Kubernetescorev1Config Map - This type is defined in the Kubernetes package.
- encryption
Config pulumiAwstypesinputeks Cluster Encryption Config - This type is defined in the AWS Classic package.
- fargate
Profile pulumiAwseks Fargate Profile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- kubeconfig any
- The kubeconfig file for the cluster.
- {[key: string]: string}
- Tags attached to the security groups associated with the cluster's worker nodes.
- oidc
Provider pulumiAwsiam Open Id Connect Provider - This type is defined in the AWS Classic package.
- private
Subnet string[]Ids - List of subnet IDs for the private subnets.
- public
Subnet string[]Ids - List of subnet IDs for the public subnets.
- storage
Classes {[key: string]: pulumiKubernetesstoragev1Storage Class} - The storage class used for persistent storage by the cluster.
- {[key: string]: string}
- A map of tags assigned to the EKS cluster.
- vpc
Cni VpcCni Addon - The VPC CNI for the cluster.
- cluster
pulumi_
aws.eks. Cluster - This type is defined in the AWS Classic package.
- cluster_
iam_ pulumi_role aws.iam. Role - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- endpoint str
- The EKS cluster's Kubernetes API server endpoint.
- instance_
roles Sequence[pulumi_aws.iam. Role] - The IAM instance roles for the cluster's nodes.
- node_
group_ Clusteroptions Node Group Options - The cluster's node group options.
- provider
pulumi_
kubernetes. Provider - This type is defined in the pulumi package.
- subnet_
ids Sequence[str] - List of subnet IDs for the EKS cluster.
- vpc_
id str - ID of the cluster's VPC.
- access_
entries Sequence[AccessEntry] - The access entries added to the cluster.
- aws_
provider pulumi_aws. Provider - This type is defined in the pulumi package.
- cluster_
security_ pulumi_group aws.ec2. Security Group - This type is defined in the AWS Classic package.
- eks_
node_ pulumi_access kubernetes.core.v1. Config Map - This type is defined in the Kubernetes package.
- encryption_
config pulumi_aws.eks. Cluster Encryption Config Args - This type is defined in the AWS Classic package.
- fargate_
profile pulumi_aws.eks. Fargate Profile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- kubeconfig Any
- The kubeconfig file for the cluster.
- Mapping[str, str]
- Tags attached to the security groups associated with the cluster's worker nodes.
- oidc_
provider pulumi_aws.iam. Open Id Connect Provider - This type is defined in the AWS Classic package.
- private_
subnet_ Sequence[str]ids - List of subnet IDs for the private subnets.
- public_
subnet_ Sequence[str]ids - List of subnet IDs for the public subnets.
- storage_
classes Mapping[str, pulumi_kubernetes.storage.v1. Storage Class] - The storage class used for persistent storage by the cluster.
- Mapping[str, str]
- A map of tags assigned to the EKS cluster.
- vpc_
cni VpcCni Addon - The VPC CNI for the cluster.
- cluster aws:eks:Cluster
- This type is defined in the AWS Classic package.
- cluster
Iam aws:iam:RoleRole - The IAM Role attached to the EKS Cluster This type is defined in the AWS Classic package.
- endpoint String
- The EKS cluster's Kubernetes API server endpoint.
- instance
Roles List<aws:iam:Role> - The IAM instance roles for the cluster's nodes.
- node
Group Property MapOptions - The cluster's node group options.
- provider pulumi:providers:kubernetes
- This type is defined in the pulumi package.
- subnet
Ids List<String> - List of subnet IDs for the EKS cluster.
- vpc
Id String - ID of the cluster's VPC.
- access
Entries List<Property Map> - The access entries added to the cluster.
- aws
Provider pulumi:providers:aws - This type is defined in the pulumi package.
- cluster
Security aws:ec2:SecurityGroup Group - This type is defined in the AWS Classic package.
- eks
Node kubernetes:core/v1:ConfigAccess Map - This type is defined in the Kubernetes package.
- encryption
Config Property Map - This type is defined in the AWS Classic package.
- fargate
Profile aws:eks:FargateProfile - The Fargate profile used to manage which pods run on Fargate. This type is defined in the AWS Classic package.
- kubeconfig Any
- The kubeconfig file for the cluster.
- Map<String>
- Tags attached to the security groups associated with the cluster's worker nodes.
- oidc
Provider aws:iam:OpenId Connect Provider - This type is defined in the AWS Classic package.
- private
Subnet List<String>Ids - List of subnet IDs for the private subnets.
- public
Subnet List<String>Ids - List of subnet IDs for the public subnets.
- storage
Classes Map<kubernetes:storage.k8s.io/v1:StorageClass> - The storage class used for persistent storage by the cluster.
- Map<String>
- A map of tags assigned to the EKS cluster.
- vpc
Cni eks:VpcCni Addon - The VPC CNI for the cluster.
NodeadmOptions, NodeadmOptionsArgs
- Content string
- The ARN of the access policy to associate with the principal
- Content
Type string - The MIME type of the content. Examples are
text/x-shellscript; charset="us-ascii"
for shell scripts, andapplication/node.eks.aws
nodeadm configuration.
- Content string
- The ARN of the access policy to associate with the principal
- Content
Type string - The MIME type of the content. Examples are
text/x-shellscript; charset="us-ascii"
for shell scripts, andapplication/node.eks.aws
nodeadm configuration.
- content String
- The ARN of the access policy to associate with the principal
- content
Type String - The MIME type of the content. Examples are
text/x-shellscript; charset="us-ascii"
for shell scripts, andapplication/node.eks.aws
nodeadm configuration.
- content string
- The ARN of the access policy to associate with the principal
- content
Type string - The MIME type of the content. Examples are
text/x-shellscript; charset="us-ascii"
for shell scripts, andapplication/node.eks.aws
nodeadm configuration.
- content str
- The ARN of the access policy to associate with the principal
- content_
type str - The MIME type of the content. Examples are
text/x-shellscript; charset="us-ascii"
for shell scripts, andapplication/node.eks.aws
nodeadm configuration.
- content String
- The ARN of the access policy to associate with the principal
- content
Type String - The MIME type of the content. Examples are
text/x-shellscript; charset="us-ascii"
for shell scripts, andapplication/node.eks.aws
nodeadm configuration.
OperatingSystem, OperatingSystemArgs
- AL2
- AL2EKS optimized OS based on Amazon Linux 2 (AL2).
- AL2023
- AL2023EKS optimized OS based on Amazon Linux 2023 (AL2023). See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- Bottlerocket
- BottlerocketEKS optimized Container OS based on Bottlerocket. See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami-bottlerocket.html
- RECOMMENDED
- AL2023
The recommended EKS optimized OS. Currently Amazon Linux 2023 (AL2023). This will be kept up to date with AWS' recommendations for EKS optimized operating systems.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- Operating
System AL2 - AL2EKS optimized OS based on Amazon Linux 2 (AL2).
- Operating
System AL2023 - AL2023EKS optimized OS based on Amazon Linux 2023 (AL2023). See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- Operating
System Bottlerocket - BottlerocketEKS optimized Container OS based on Bottlerocket. See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami-bottlerocket.html
- Operating
System RECOMMENDED - AL2023
The recommended EKS optimized OS. Currently Amazon Linux 2023 (AL2023). This will be kept up to date with AWS' recommendations for EKS optimized operating systems.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- AL2
- AL2EKS optimized OS based on Amazon Linux 2 (AL2).
- AL2023
- AL2023EKS optimized OS based on Amazon Linux 2023 (AL2023). See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- Bottlerocket
- BottlerocketEKS optimized Container OS based on Bottlerocket. See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami-bottlerocket.html
- RECOMMENDED
- AL2023
The recommended EKS optimized OS. Currently Amazon Linux 2023 (AL2023). This will be kept up to date with AWS' recommendations for EKS optimized operating systems.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- AL2
- AL2EKS optimized OS based on Amazon Linux 2 (AL2).
- AL2023
- AL2023EKS optimized OS based on Amazon Linux 2023 (AL2023). See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- Bottlerocket
- BottlerocketEKS optimized Container OS based on Bottlerocket. See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami-bottlerocket.html
- RECOMMENDED
- AL2023
The recommended EKS optimized OS. Currently Amazon Linux 2023 (AL2023). This will be kept up to date with AWS' recommendations for EKS optimized operating systems.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- AL2
- AL2EKS optimized OS based on Amazon Linux 2 (AL2).
- AL2023
- AL2023EKS optimized OS based on Amazon Linux 2023 (AL2023). See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- BOTTLEROCKET
- BottlerocketEKS optimized Container OS based on Bottlerocket. See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami-bottlerocket.html
- RECOMMENDED
- AL2023
The recommended EKS optimized OS. Currently Amazon Linux 2023 (AL2023). This will be kept up to date with AWS' recommendations for EKS optimized operating systems.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- "AL2"
- AL2EKS optimized OS based on Amazon Linux 2 (AL2).
- "AL2023"
- AL2023EKS optimized OS based on Amazon Linux 2023 (AL2023). See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
- "Bottlerocket"
- BottlerocketEKS optimized Container OS based on Bottlerocket. See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami-bottlerocket.html
- "AL2023"
- AL2023
The recommended EKS optimized OS. Currently Amazon Linux 2023 (AL2023). This will be kept up to date with AWS' recommendations for EKS optimized operating systems.
See for more details: https://docs.aws.amazon.com/eks/latest/userguide/eks-optimized-ami.html
Taint, TaintArgs
Package Details
- Repository
- Amazon EKS pulumi/pulumi-eks
- License
- Apache-2.0