aws-cdk-lib

import * as cdk from "../../core"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; /** * Creates an Amazon EKS add-on. * * Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. For more information, see [Amazon EKS add-ons](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) in the *Amazon EKS User Guide* . * * @cloudformationResource AWS::EKS::Addon * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html */ export declare class CfnAddon extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAddon from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAddon; /** * The ARN of the add-on, such as `arn:aws:eks:us-west-2:111122223333:addon/1-19/vpc-cni/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` . * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The name of the add-on. */ addonName: string; /** * The version of the add-on. */ addonVersion?: string; /** * The name of your cluster. */ clusterName: string; /** * The configuration values that you provided. */ configurationValues?: string; /** * An array of EKS Pod Identity associations owned by the add-on. */ podIdentityAssociations?: Array<cdk.IResolvable | CfnAddon.PodIdentityAssociationProperty> | cdk.IResolvable; /** * Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. */ preserveOnDelete?: boolean | cdk.IResolvable; /** * How to resolve field value conflicts for an Amazon EKS add-on. */ resolveConflicts?: string; /** * The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. */ serviceAccountRoleArn?: string; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The metadata that you apply to the add-on to assist with categorization and organization. */ tagsRaw?: Array<cdk.CfnTag>; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAddonProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnAddon { /** * Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html */ interface PodIdentityAssociationProperty { /** * The Amazon Resource Name (ARN) of the IAM role to associate with the service account. * * The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the Pods that use this service account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html#cfn-eks-addon-podidentityassociation-rolearn */ readonly roleArn: string; /** * The name of the Kubernetes service account inside the cluster to associate the IAM credentials with. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html#cfn-eks-addon-podidentityassociation-serviceaccount */ readonly serviceAccount: string; } } /** * Properties for defining a `CfnAddon` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html */ export interface CfnAddonProps { /** * The name of the add-on. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname */ readonly addonName: string; /** * The version of the add-on. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion */ readonly addonVersion?: string; /** * The name of your cluster. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername */ readonly clusterName: string; /** * The configuration values that you provided. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-configurationvalues */ readonly configurationValues?: string; /** * An array of EKS Pod Identity associations owned by the add-on. * * Each association maps a role to a service account in a namespace in the cluster. * * For more information, see [Attach an IAM Role to an Amazon EKS add-on using EKS Pod Identity](https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html) in the *Amazon EKS User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-podidentityassociations */ readonly podIdentityAssociations?: Array<cdk.IResolvable | CfnAddon.PodIdentityAssociationProperty> | cdk.IResolvable; /** * Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. * * If an IAM account is associated with the add-on, it isn't removed. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-preserveondelete */ readonly preserveOnDelete?: boolean | cdk.IResolvable; /** * How to resolve field value conflicts for an Amazon EKS add-on. * * Conflicts are handled based on the value you choose: * * - *None* – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail. * - *Overwrite* – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value. * - *Preserve* – This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see [`UpdateAddon`](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) . * * If you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts */ readonly resolveConflicts?: string; /** * The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. * * The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the *Amazon EKS User Guide* . * * > To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see [Enabling IAM roles for service accounts on your cluster](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) in the *Amazon EKS User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn */ readonly serviceAccountRoleArn?: string; /** * The metadata that you apply to the add-on to assist with categorization and organization. * * Each tag consists of a key and an optional value, both of which you define. Add-on tags do not propagate to any other resources associated with the cluster. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * Creates an Amazon EKS control plane. * * The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances. * * The cluster control plane is provisioned across multiple Availability Zones and fronted by an Elastic Load Balancing Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows). * * Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster. * * You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. The endpoint domain name and IP address family depends on the value of the `ipFamily` for the cluster. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . * * You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** . * * > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) . * * In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Allowing users to access your cluster](https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* . * * @cloudformationResource AWS::EKS::Cluster * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html */ export declare class CfnCluster extends cdk.CfnResource implements cdk.IInspectable, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnCluster from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCluster; /** * The ARN of the cluster, such as `arn:aws:eks:us-west-2:666666666666:cluster/prod` . * * @cloudformationAttribute Arn */ readonly attrArn: string; /** * The `certificate-authority-data` for your cluster. * * @cloudformationAttribute CertificateAuthorityData */ readonly attrCertificateAuthorityData: string; /** * The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication. * * This parameter is only returned by Amazon EKS clusters that support managed node groups. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* . * * @cloudformationAttribute ClusterSecurityGroupId */ readonly attrClusterSecurityGroupId: string; /** * Amazon Resource Name (ARN) or alias of the customer master key (CMK). * * @cloudformationAttribute EncryptionConfigKeyArn */ readonly attrEncryptionConfigKeyArn: string; /** * The endpoint for your Kubernetes API server, such as `https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com` . * * @cloudformationAttribute Endpoint */ readonly attrEndpoint: string; /** * The ID of your local Amazon EKS cluster on an AWS Outpost. This property isn't available for an Amazon EKS cluster on the AWS cloud. * * @cloudformationAttribute Id */ readonly attrId: string; /** * The CIDR block that Kubernetes Service IP addresses are assigned from if you created a `1.21` or later cluster with version `>1.10.1` or later of the Amazon VPC CNI add-on and specified `ipv6` for *ipFamily* when you created the cluster. Kubernetes assigns Service addresses from the unique local address range ( `fc00::/7` ) because you can't specify a custom `IPv6` CIDR block when you create the cluster. * * @cloudformationAttribute KubernetesNetworkConfig.ServiceIpv6Cidr */ readonly attrKubernetesNetworkConfigServiceIpv6Cidr: string; /** * The issuer URL for the OIDC identity provider of the cluster, such as `https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E` . If you need to remove `https://` from this output value, you can include the following code in your template. * * `!Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]]` * * @cloudformationAttribute OpenIdConnectIssuerUrl */ readonly attrOpenIdConnectIssuerUrl: string; /** * The access configuration for the cluster. */ accessConfig?: CfnCluster.AccessConfigProperty | cdk.IResolvable; /** * If you set this value to `False` when creating a cluster, the default networking add-ons will not be installed. */ bootstrapSelfManagedAddons?: boolean | cdk.IResolvable; /** * Indicates the current configuration of the compute capability on your EKS Auto Mode cluster. */ computeConfig?: CfnCluster.ComputeConfigProperty | cdk.IResolvable; /** * The encryption configuration for the cluster. */ encryptionConfig?: Array<CfnCluster.EncryptionConfigProperty | cdk.IResolvable> | cdk.IResolvable; /** * Set this value to `true` to override upgrade-blocking readiness checks when updating a cluster. */ force?: boolean | cdk.IResolvable; /** * The Kubernetes network configuration for the cluster. */ kubernetesNetworkConfig?: cdk.IResolvable | CfnCluster.KubernetesNetworkConfigProperty; /** * The logging configuration for your cluster. */ logging?: cdk.IResolvable | CfnCluster.LoggingProperty; /** * The unique name to give to your cluster. */ name?: string; /** * An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. */ outpostConfig?: cdk.IResolvable | CfnCluster.OutpostConfigProperty; /** * The configuration in the cluster for EKS Hybrid Nodes. */ remoteNetworkConfig?: cdk.IResolvable | CfnCluster.RemoteNetworkConfigProperty; /** * The VPC configuration that's used by the cluster control plane. */ resourcesVpcConfig: cdk.IResolvable | CfnCluster.ResourcesVpcConfigProperty; /** * The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. */ roleArn: string; /** * Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. */ storageConfig?: cdk.IResolvable | CfnCluster.StorageConfigProperty; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The metadata that you apply to the cluster to assist with categorization and organization. */ tagsRaw?: Array<cdk.CfnTag>; /** * This value indicates if extended support is enabled or disabled for the cluster. */ upgradePolicy?: cdk.IResolvable | CfnCluster.UpgradePolicyProperty; /** * The desired Kubernetes version for your cluster. */ version?: string; /** * The configuration for zonal shift for the cluster. */ zonalShiftConfig?: cdk.IResolvable | CfnCluster.ZonalShiftConfigProperty; /** * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnClusterProps); protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnCluster { /** * Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. * * By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster control plane logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** . * * > When updating a resource, you must include this `Logging` property if the previous CloudFormation template of the resource had it. > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-logging.html */ interface LoggingProperty { /** * The cluster control plane logging configuration for your cluster. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-logging.html#cfn-eks-cluster-logging-clusterlogging */ readonly clusterLogging?: CfnCluster.ClusterLoggingProperty | cdk.IResolvable; } /** * The cluster control plane logging configuration for your cluster. * * > When updating a resource, you must include this `ClusterLogging` property if the previous CloudFormation template of the resource had it. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-clusterlogging.html */ interface ClusterLoggingProperty { /** * The enabled control plane logs for your cluster. All log types are disabled if the array is empty. * * > When updating a resource, you must include this `EnabledTypes` property if the previous CloudFormation template of the resource had it. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-clusterlogging.html#cfn-eks-cluster-clusterlogging-enabledtypes */ readonly enabledTypes?: Array<cdk.IResolvable | CfnCluster.LoggingTypeConfigProperty> | cdk.IResolvable; } /** * The enabled logging type. * * For a list of the valid logging types, see the [`types` property of `LogSetup`](https://docs.aws.amazon.com/eks/latest/APIReference/API_LogSetup.html#AmazonEKS-Type-LogSetup-types) in the *Amazon EKS API Reference* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-loggingtypeconfig.html */ interface LoggingTypeConfigProperty { /** * The name of the log type. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-loggingtypeconfig.html#cfn-eks-cluster-loggingtypeconfig-type */ readonly type?: string; } /** * The configuration of your local Amazon EKS cluster on an AWS Outpost. * * Before creating a cluster on an Outpost, review [Creating a local cluster on an Outpost](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-local-cluster-create.html) in the *Amazon EKS User Guide* . This API isn't available for Amazon EKS clusters on the AWS cloud. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html */ interface OutpostConfigProperty { /** * The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. * * Choose an instance type based on the number of nodes that your cluster will have. For more information, see [Capacity considerations](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html) in the *Amazon EKS User Guide* . * * The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. The control plane is not automatically scaled by Amazon EKS. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html#cfn-eks-cluster-outpostconfig-controlplaneinstancetype */ readonly controlPlaneInstanceType: string; /** * An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on an AWS Outpost. * * For more information, see [Capacity considerations](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html) in the *Amazon EKS User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html#cfn-eks-cluster-outpostconfig-controlplaneplacement */ readonly controlPlanePlacement?: CfnCluster.ControlPlanePlacementProperty | cdk.IResolvable; /** * The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. * * Only a single Outpost ARN is supported. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html#cfn-eks-cluster-outpostconfig-outpostarns */ readonly outpostArns: Array<string>; } /** * The placement configuration for all the control plane instances of your local Amazon EKS cluster on an AWS Outpost. * * For more information, see [Capacity considerations](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html) in the *Amazon EKS User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-controlplaneplacement.html */ interface ControlPlanePlacementProperty { /** * The name of the placement group for the Kubernetes control plane instances. * * This property is only used for a local cluster on an AWS Outpost. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-controlplaneplacement.html#cfn-eks-cluster-controlplaneplacement-groupname */ readonly groupName?: string; } /** * The encryption configuration for the cluster. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html */ interface EncryptionConfigProperty { /** * The encryption provider for the cluster. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider */ readonly provider?: cdk.IResolvable | CfnCluster.ProviderProperty; /** * Specifies the resources to be encrypted. * * The only supported value is `secrets` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources */ readonly resources?: Array<string>; } /** * Identifies the AWS Key Management Service ( AWS KMS ) key used to encrypt the secrets. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html */ interface ProviderProperty { /** * Amazon Resource Name (ARN) or alias of the KMS key. * * The KMS key must be symmetric and created in the same AWS Region as the cluster. If the KMS key was created in a different account, the [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) must have access to the KMS key. For more information, see [Allowing users in other accounts to use a KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html) in the *AWS Key Management Service Developer Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn */ readonly keyArn?: string; } /** * The Kubernetes network configuration for the cluster. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html */ interface KubernetesNetworkConfigProperty { /** * Request to enable or disable the load balancing capability on your EKS Auto Mode cluster. * * For more information, see EKS Auto Mode load balancing capability in the *Amazon EKS User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-elasticloadbalancing */ readonly elasticLoadBalancing?: CfnCluster.ElasticLoadBalancingProperty | cdk.IResolvable; /** * Specify which IP family is used to assign Kubernetes pod and service IP addresses. * * If you don't specify a value, `ipv4` is used by default. You can only specify an IP family when you create a cluster and can't change this value once the cluster is created. If you specify `ipv6` , the VPC and subnets that you specify for cluster creation must have both `IPv4` and `IPv6` CIDR blocks assigned to them. You can't specify `ipv6` for clusters in China Regions. * * You can only specify `ipv6` for `1.21` and later clusters that use version `1.10.1` or later of the Amazon VPC CNI add-on. If you specify `ipv6` , then ensure that your VPC meets the requirements listed in the considerations listed in [Assigning IPv6 addresses to pods and services](https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html) in the *Amazon EKS User Guide* . Kubernetes assigns services `IPv6` addresses from the unique local address range `(fc00::/7)` . You can't specify a custom `IPv6` CIDR block. Pod addresses are assigned from the subnet's `IPv6` CIDR. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-ipfamily */ readonly ipFamily?: string; /** * Don't specify a value if you select `ipv6` for *ipFamily* . * * The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the `10.100.0.0/16` or `172.20.0.0/16` CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. The block must meet the following requirements: * * - Within one of the following private IP address blocks: `10.0.0.0/8` , `172.16.0.0/12` , or `192.168.0.0/16` . * - Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC. * - Between `/24` and `/12` . * * > You can only specify a custom CIDR block when you create a cluster. You can't change this value after the cluster is created. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr */ readonly serviceIpv4Cidr?: string; /** * The CIDR block that Kubernetes pod and service IP addresses are assigned from if you created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and specified `ipv6` for *ipFamily* when you created the cluster. Kubernetes assigns service addresses from the unique local address range ( `fc00::/7` ) because you can't specify a custom IPv6 CIDR block when you create the cluster. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv6cidr */ readonly serviceIpv6Cidr?: string; } /** * Indicates the current configuration of the load balancing capability on your EKS Auto Mode cluster. * * For example, if the capability is enabled or disabled. For more information, see EKS Auto Mode load balancing capability in the *Amazon EKS User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-elasticloadbalancing.html */ interface ElasticLoadBalancingProperty { /** * Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. * * If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your AWS account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-elasticloadbalancing.html#cfn-eks-cluster-elasticloadbalancing-enabled */ readonly enabled?: boolean | cdk.IResolvable; } /** * An object representing the VPC configuration to use for an Amazon EKS cluster. * * > When updating a resource, you must include these properties if the previous CloudFormation template of the resource had them: * > * > - `EndpointPublicAccess` * > - `EndpointPrivateAccess` * > - `PublicAccessCidrs` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html */ interface ResourcesVpcConfigProperty { /** * Set this value to `true` to enable private access for your cluster's Kubernetes API server endpoint. * * If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is `false` , which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that `publicAccessCidrs` includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see [Cluster API server endpoint](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-endpointprivateaccess */ readonly endpointPrivateAccess?: boolean | cdk.IResolvable; /** * Set this value to `false` to disable public access to your cluster's Kubernetes API server endpoint. * * If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is `true` , which enables public access for your Kubernetes API server. The endpoint domain name and IP address family depends on the value of the `ipFamily` for the cluster. For more information, see [Cluster API server endpoint](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-endpointpublicaccess */ readonly endpointPublicAccess?: boolean | cdk.IResolvable; /** * The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. * * Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is `0.0.0.0/0` and additionally `::/0` for dual-stack `IPv6` clusters. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and AWS Fargate `Pod` in the cluster. For more information, see [Cluster API server endpoint](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . * * Note that the public endpoints are dual-stack for only `IPv6` clusters that are made after October 2024. You can't add `IPv6` CIDR blocks to `IPv4` clusters or `IPv6` clusters that were made before October 2024. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-publicaccesscidrs */ readonly publicAccessCidrs?: Array<string>; /** * Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane. * * If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see [Amazon EKS security group considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the **Amazon EKS User Guide** . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids */ readonly securityGroupIds?: Array<string>; /** * Specify subnets for your Amazon EKS nodes. * * Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids */ readonly subnetIds: Array<string>; } /** * The access configuration for the cluster. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-accessconfig.html */ interface AccessConfigProperty { /** * The desired authentication mode for the cluster. * * If you create a cluster by using the EKS API, AWS SDKs, or AWS CloudFormation , the default is `CONFIG_MAP` . If you create the cluster by using the AWS Management Console , the default value is `API_AND_CONFIG_MAP` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-accessconfig.html#cfn-eks-cluster-accessconfig-authenticationmode */ readonly authenticationMode?: string; /** * Specifies whether or not the cluster creator IAM principal was set as a cluster admin access entry during cluster creation time. * * The default value is `true` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-accessconfig.html#cfn-eks-cluster-accessconfig-bootstrapclustercreatoradminpermissions */ readonly bootstrapClusterCreatorAdminPermissions?: boolean | cdk.IResolvable; } /** * The support policy to use for the cluster. * * Extended support allows you to remain on specific Kubernetes versions for longer. Clusters in extended support have higher costs. The default value is `EXTENDED` . Use `STANDARD` to disable extended support. * * [Learn more about EKS Extended Support in the *Amazon EKS User Guide* .](https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html) * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-upgradepolicy.html */ interface UpgradePolicyProperty { /** * If the cluster is set to `EXTENDED` , it will enter extended support at the end of standard support. * * If the cluster is set to `STANDARD` , it will be automatically upgraded at the end of standard support. * * [Learn more about EKS Extended Support in the *Amazon EKS User Guide* .](https://docs.aws.amazon.com/eks/latest/userguide/extended-support-control.html) * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-upgradepolicy.html#cfn-eks-cluster-upgradepolicy-supporttype */ readonly supportType?: string; } /** * The configuration in the cluster for EKS Hybrid Nodes. * * You can add, change, or remove this configuration after the cluster is created. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotenetworkconfig.html */ interface RemoteNetworkConfigProperty { /** * The list of network CIDRs that can contain hybrid nodes. * * These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator. * * Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ). * * It must satisfy the following requirements: * * - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported. * - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range. * - Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including AWS Transit Gateway , AWS Site-to-Site VPN , or AWS Direct Connect . * - Each host must allow outbound connection to the EKS cluster control plane on TCP ports `443` and `10250` . * - Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations. * - Each host must allow TCP and UDP network connectivity to and from other hosts that are running `CoreDNS` on UDP port `53` for service and pod DNS names. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotenetworkconfig.html#cfn-eks-cluster-remotenetworkconfig-remotenodenetworks */ readonly remoteNodeNetworks: Array<cdk.IResolvable | CfnCluster.RemoteNodeNetworkProperty> | cdk.IResolvable; /** * The list of network CIDRs that can contain pods that run Kubernetes webhooks on hybrid nodes. * * These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations. * * Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ). * * It must satisfy the following requirements: * * - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported. * - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotenetworkconfig.html#cfn-eks-cluster-remotenetworkconfig-remotepodnetworks */ readonly remotePodNetworks?: Array<cdk.IResolvable | CfnCluster.RemotePodNetworkProperty> | cdk.IResolvable; } /** * A network CIDR that can contain hybrid nodes. * * These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator. * * Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ). * * It must satisfy the following requirements: * * - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported. * - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range. * - Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including AWS Transit Gateway , AWS Site-to-Site VPN , or AWS Direct Connect . * - Each host must allow outbound connection to the EKS cluster control plane on TCP ports `443` and `10250` . * - Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations. * - Each host must allow TCP and UDP network connectivity to and from other hosts that are running `CoreDNS` on UDP port `53` for service and pod DNS names. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotenodenetwork.html */ interface RemoteNodeNetworkProperty { /** * A network CIDR that can contain hybrid nodes. * * These CIDR blocks define the expected IP address range of the hybrid nodes that join the cluster. These blocks are typically determined by your network administrator. * * Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ). * * It must satisfy the following requirements: * * - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported. * - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range. * - Each block must have a route to the VPC that uses the VPC CIDR blocks, not public IPs or Elastic IPs. There are many options including AWS Transit Gateway , AWS Site-to-Site VPN , or AWS Direct Connect . * - Each host must allow outbound connection to the EKS cluster control plane on TCP ports `443` and `10250` . * - Each host must allow inbound connection from the EKS cluster control plane on TCP port 10250 for logs, exec and port-forward operations. * - Each host must allow TCP and UDP network connectivity to and from other hosts that are running `CoreDNS` on UDP port `53` for service and pod DNS names. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotenodenetwork.html#cfn-eks-cluster-remotenodenetwork-cidrs */ readonly cidrs: Array<string>; } /** * A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes. * * These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations. * * Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ). * * It must satisfy the following requirements: * * - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported. * - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotepodnetwork.html */ interface RemotePodNetworkProperty { /** * A network CIDR that can contain pods that run Kubernetes webhooks on hybrid nodes. * * These CIDR blocks are determined by configuring your Container Network Interface (CNI) plugin. We recommend the Calico CNI or Cilium CNI. Note that the Amazon VPC CNI plugin for Kubernetes isn't available for on-premises and edge locations. * * Enter one or more IPv4 CIDR blocks in decimal dotted-quad notation (for example, `10.2.0.0/16` ). * * It must satisfy the following requirements: * * - Each block must be within an `IPv4` RFC-1918 network range. Minimum allowed size is /32, maximum allowed size is /8. Publicly-routable addresses aren't supported. * - Each block cannot overlap with the range of the VPC CIDR blocks for your EKS resources, or the block of the Kubernetes service IP range. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-remotepodnetwork.html#cfn-eks-cluster-remotepodnetwork-cidrs */ readonly cidrs: Array<string>; } /** * Indicates the current configuration of the compute capability on your EKS Auto Mode cluster. * * For example, if the capability is enabled or disabled. If the compute capability is enabled, EKS Auto Mode will create