aws-cdk-lib

import * as cdk from "../../core/lib"; import * as constructs from "constructs"; import * as cfn_parse from "../../core/lib/helpers-internal"; import { aws_ec2 as ec2Refs, aws_eks as eksRefs, aws_iam as iamRefs } from "../../interfaces"; import { AccessEntryReference, AddonReference, CapabilityReference, ClusterReference, FargateProfileReference, IAccessEntryRef, IAddonRef, ICapabilityRef, IClusterRef, IdentityProviderConfigReference, IFargateProfileRef, IIdentityProviderConfigRef, INodegroupRef, IPodIdentityAssociationRef, NodegroupReference, PodIdentityAssociationReference } from "../../interfaces/generated/aws-eks-interfaces.generated"; /** * Creates an Amazon EKS add-on. * * Amazon EKS add-ons help to automate the provisioning and lifecycle management of common operational software for Amazon EKS clusters. For more information, see [Amazon EKS add-ons](https://docs.aws.amazon.com/eks/latest/userguide/eks-add-ons.html) in the *Amazon EKS User Guide* . * * @cloudformationResource AWS::EKS::Addon * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html */ export declare class CfnAddon extends cdk.CfnResource implements cdk.IInspectable, IAddonRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnAddon from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnAddon; /** * Checks whether the given object is a CfnAddon */ static isCfnAddon(x: any): x is CfnAddon; static arnForAddon(resource: IAddonRef): string; /** * The name of the add-on. */ private _addonName; /** * The version of the add-on. */ private _addonVersion?; /** * The name of your cluster. */ private _clusterName; /** * The configuration values that you provided. */ private _configurationValues?; /** * The namespace configuration for the addon. */ private _namespaceConfig?; /** * An array of EKS Pod Identity associations owned by the add-on. */ private _podIdentityAssociations?; /** * Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. */ private _preserveOnDelete?; /** * How to resolve field value conflicts for an Amazon EKS add-on. */ private _resolveConflicts?; /** * The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. */ private _serviceAccountRoleArn?; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The metadata that you apply to the add-on to assist with categorization and organization. */ private _tagsRaw?; /** * Create a new `AWS::EKS::Addon`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnAddonProps); get addonRef(): AddonReference; /** * The name of the add-on. */ get addonName(): string; /** * The name of the add-on. */ set addonName(value: string); /** * The version of the add-on. */ get addonVersion(): string | undefined; /** * The version of the add-on. */ set addonVersion(value: string | undefined); /** * The name of your cluster. */ get clusterName(): string; /** * The name of your cluster. */ set clusterName(value: string); /** * The configuration values that you provided. */ get configurationValues(): string | undefined; /** * The configuration values that you provided. */ set configurationValues(value: string | undefined); /** * The namespace configuration for the addon. */ get namespaceConfig(): cdk.IResolvable | CfnAddon.NamespaceConfigProperty | undefined; /** * The namespace configuration for the addon. */ set namespaceConfig(value: cdk.IResolvable | CfnAddon.NamespaceConfigProperty | undefined); /** * An array of EKS Pod Identity associations owned by the add-on. */ get podIdentityAssociations(): Array<cdk.IResolvable | CfnAddon.PodIdentityAssociationProperty> | cdk.IResolvable | undefined; /** * An array of EKS Pod Identity associations owned by the add-on. */ set podIdentityAssociations(value: Array<cdk.IResolvable | CfnAddon.PodIdentityAssociationProperty> | cdk.IResolvable | undefined); /** * Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. */ get preserveOnDelete(): boolean | cdk.IResolvable | undefined; /** * Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. */ set preserveOnDelete(value: boolean | cdk.IResolvable | undefined); /** * How to resolve field value conflicts for an Amazon EKS add-on. */ get resolveConflicts(): string | undefined; /** * How to resolve field value conflicts for an Amazon EKS add-on. */ set resolveConflicts(value: string | undefined); /** * The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. */ get serviceAccountRoleArn(): string | undefined; /** * The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. */ set serviceAccountRoleArn(value: string | undefined); /** * The metadata that you apply to the add-on to assist with categorization and organization. */ get tagsRaw(): Array<cdk.CfnTag> | undefined; /** * The metadata that you apply to the add-on to assist with categorization and organization. */ set tagsRaw(value: Array<cdk.CfnTag> | undefined); /** * The ARN of the add-on, such as `arn:aws:eks:us-west-2:111122223333:addon/1-19/vpc-cni/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx` . * * @cloudformationAttribute Arn */ get attrArn(): string; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnAddon { /** * Amazon EKS Pod Identity associations provide the ability to manage credentials for your applications, similar to the way that Amazon EC2 instance profiles provide credentials to Amazon EC2 instances. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html */ interface PodIdentityAssociationProperty { /** * The Amazon Resource Name (ARN) of the IAM role to associate with the service account. * * The EKS Pod Identity agent manages credentials to assume this role for applications in the containers in the Pods that use this service account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html#cfn-eks-addon-podidentityassociation-rolearn */ readonly roleArn: string; /** * The name of the Kubernetes service account inside the cluster to associate the IAM credentials with. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-podidentityassociation.html#cfn-eks-addon-podidentityassociation-serviceaccount */ readonly serviceAccount: string; } /** * The custom namespace configuration to use with the add-on. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-namespaceconfig.html */ interface NamespaceConfigProperty { /** * The custom namespace for creating the add-on. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-addon-namespaceconfig.html#cfn-eks-addon-namespaceconfig-namespace */ readonly namespace: string; } } /** * Properties for defining a `CfnAddon` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html */ export interface CfnAddonProps { /** * The name of the add-on. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonname */ readonly addonName: string; /** * The version of the add-on. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-addonversion */ readonly addonVersion?: string; /** * The name of your cluster. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-clustername */ readonly clusterName: string; /** * The configuration values that you provided. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-configurationvalues */ readonly configurationValues?: string; /** * The namespace configuration for the addon. * * This specifies the Kubernetes namespace where the addon is installed. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-namespaceconfig */ readonly namespaceConfig?: cdk.IResolvable | CfnAddon.NamespaceConfigProperty; /** * An array of EKS Pod Identity associations owned by the add-on. * * Each association maps a role to a service account in a namespace in the cluster. * * For more information, see [Attach an IAM Role to an Amazon EKS add-on using EKS Pod Identity](https://docs.aws.amazon.com/eks/latest/userguide/add-ons-iam.html) in the *Amazon EKS User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-podidentityassociations */ readonly podIdentityAssociations?: Array<cdk.IResolvable | CfnAddon.PodIdentityAssociationProperty> | cdk.IResolvable; /** * Specifying this option preserves the add-on software on your cluster but Amazon EKS stops managing any settings for the add-on. * * If an IAM account is associated with the add-on, it isn't removed. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-preserveondelete */ readonly preserveOnDelete?: boolean | cdk.IResolvable; /** * How to resolve field value conflicts for an Amazon EKS add-on. * * Conflicts are handled based on the value you choose: * * - *None* – If the self-managed version of the add-on is installed on your cluster, Amazon EKS doesn't change the value. Creation of the add-on might fail. * - *Overwrite* – If the self-managed version of the add-on is installed on your cluster and the Amazon EKS default value is different than the existing value, Amazon EKS changes the value to the Amazon EKS default value. * - *Preserve* – This is similar to the NONE option. If the self-managed version of the add-on is installed on your cluster Amazon EKS doesn't change the add-on resource properties. Creation of the add-on might fail if conflicts are detected. This option works differently during the update operation. For more information, see [`UpdateAddon`](https://docs.aws.amazon.com/eks/latest/APIReference/API_UpdateAddon.html) . * * If you don't currently have the self-managed version of the add-on installed on your cluster, the Amazon EKS add-on is installed. Amazon EKS sets all values to default values, regardless of the option that you specify. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-resolveconflicts */ readonly resolveConflicts?: string; /** * The Amazon Resource Name (ARN) of an existing IAM role to bind to the add-on's service account. * * The role must be assigned the IAM permissions required by the add-on. If you don't specify an existing IAM role, then the add-on uses the permissions assigned to the node IAM role. For more information, see [Amazon EKS node IAM role](https://docs.aws.amazon.com/eks/latest/userguide/create-node-role.html) in the *Amazon EKS User Guide* . * * > To specify an existing IAM role, you must have an IAM OpenID Connect (OIDC) provider created for your cluster. For more information, see [Enabling IAM roles for service accounts on your cluster](https://docs.aws.amazon.com/eks/latest/userguide/enable-iam-roles-for-service-accounts.html) in the *Amazon EKS User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-serviceaccountrolearn */ readonly serviceAccountRoleArn?: iamRefs.IRoleRef | string; /** * The metadata that you apply to the add-on to assist with categorization and organization. * * Each tag consists of a key and an optional value, both of which you define. Add-on tags do not propagate to any other resources associated with the cluster. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-addon.html#cfn-eks-addon-tags */ readonly tags?: Array<cdk.CfnTag>; } /** * Creates an Amazon EKS control plane. * * The Amazon EKS control plane consists of control plane instances that run the Kubernetes software, such as `etcd` and the API server. The control plane runs in an account managed by AWS , and the Kubernetes API is exposed by the Amazon EKS API server endpoint. Each Amazon EKS cluster control plane is single tenant and unique. It runs on its own set of Amazon EC2 instances. * * The cluster control plane is provisioned across multiple Availability Zones and fronted by an ELB Network Load Balancer. Amazon EKS also provisions elastic network interfaces in your VPC subnets to provide connectivity from the control plane instances to the nodes (for example, to support `kubectl exec` , `logs` , and `proxy` data flows). * * Amazon EKS nodes run in your AWS account and connect to your cluster's control plane over the Kubernetes API server endpoint and a certificate file that is created for your cluster. * * You can use the `endpointPublicAccess` and `endpointPrivateAccess` parameters to enable or disable public and private access to your cluster's Kubernetes API server endpoint. By default, public access is enabled, and private access is disabled. The endpoint domain name and IP address family depends on the value of the `ipFamily` for the cluster. For more information, see [Amazon EKS Cluster Endpoint Access Control](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . * * You can use the `logging` parameter to enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster Control Plane Logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** . * * > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) . * * In most cases, it takes several minutes to create a cluster. After you create an Amazon EKS cluster, you must configure your Kubernetes tooling to communicate with the API server and launch nodes into your cluster. For more information, see [Allowing users to access your cluster](https://docs.aws.amazon.com/eks/latest/userguide/cluster-auth.html) and [Launching Amazon EKS nodes](https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html) in the *Amazon EKS User Guide* . * * @cloudformationResource AWS::EKS::Cluster * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-eks-cluster.html */ export declare class CfnCluster extends cdk.CfnResource implements cdk.IInspectable, IClusterRef, cdk.ITaggable { /** * The CloudFormation resource type name for this resource class. */ static readonly CFN_RESOURCE_TYPE_NAME: string; /** * Build a CfnCluster from CloudFormation properties * * A factory method that creates a new instance of this class from an object * containing the CloudFormation properties of this resource. * Used in the @aws-cdk/cloudformation-include module. * * @internal */ static _fromCloudFormation(scope: constructs.Construct, id: string, resourceAttributes: any, options: cfn_parse.FromCloudFormationOptions): CfnCluster; /** * Checks whether the given object is a CfnCluster */ static isCfnCluster(x: any): x is CfnCluster; /** * Creates a new IClusterRef from an ARN */ static fromClusterArn(scope: constructs.Construct, id: string, arn: string): IClusterRef; /** * Creates a new IClusterRef from a clusterName */ static fromClusterName(scope: constructs.Construct, id: string, clusterName: string): IClusterRef; static arnForCluster(resource: IClusterRef): string; /** * The access configuration for the cluster. */ private _accessConfig?; /** * If you set this value to `False` when creating a cluster, the default networking add-ons will not be installed. */ private _bootstrapSelfManagedAddons?; /** * Indicates the current configuration of the compute capability on your EKS Auto Mode cluster. */ private _computeConfig?; /** * The control plane scaling tier configuration. */ private _controlPlaneScalingConfig?; /** * The current deletion protection setting for the cluster. */ private _deletionProtection?; /** * The encryption configuration for the cluster. */ private _encryptionConfig?; /** * Set this value to `true` to override upgrade-blocking readiness checks when updating a cluster. */ private _force?; /** * The Kubernetes network configuration for the cluster. */ private _kubernetesNetworkConfig?; /** * The logging configuration for your cluster. */ private _logging?; /** * The unique name to give to your cluster. */ private _name?; /** * An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. */ private _outpostConfig?; /** * The configuration in the cluster for EKS Hybrid Nodes. */ private _remoteNetworkConfig?; /** * The VPC configuration that's used by the cluster control plane. */ private _resourcesVpcConfig; /** * The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. */ private _roleArn; /** * Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. */ private _storageConfig?; /** * Tag Manager which manages the tags for this resource */ readonly tags: cdk.TagManager; /** * The metadata that you apply to the cluster to assist with categorization and organization. */ private _tagsRaw?; /** * This value indicates if extended support is enabled or disabled for the cluster. */ private _upgradePolicy?; /** * The desired Kubernetes version for your cluster. */ private _version?; /** * The configuration for zonal shift for the cluster. */ private _zonalShiftConfig?; /** * Create a new `AWS::EKS::Cluster`. * * @param scope Scope in which this resource is defined * @param id Construct identifier for this resource (unique in its scope) * @param props Resource properties */ constructor(scope: constructs.Construct, id: string, props: CfnClusterProps); get clusterRef(): ClusterReference; /** * The access configuration for the cluster. */ get accessConfig(): CfnCluster.AccessConfigProperty | cdk.IResolvable | undefined; /** * The access configuration for the cluster. */ set accessConfig(value: CfnCluster.AccessConfigProperty | cdk.IResolvable | undefined); /** * If you set this value to `False` when creating a cluster, the default networking add-ons will not be installed. */ get bootstrapSelfManagedAddons(): boolean | cdk.IResolvable | undefined; /** * If you set this value to `False` when creating a cluster, the default networking add-ons will not be installed. */ set bootstrapSelfManagedAddons(value: boolean | cdk.IResolvable | undefined); /** * Indicates the current configuration of the compute capability on your EKS Auto Mode cluster. */ get computeConfig(): CfnCluster.ComputeConfigProperty | cdk.IResolvable | undefined; /** * Indicates the current configuration of the compute capability on your EKS Auto Mode cluster. */ set computeConfig(value: CfnCluster.ComputeConfigProperty | cdk.IResolvable | undefined); /** * The control plane scaling tier configuration. */ get controlPlaneScalingConfig(): CfnCluster.ControlPlaneScalingConfigProperty | cdk.IResolvable | undefined; /** * The control plane scaling tier configuration. */ set controlPlaneScalingConfig(value: CfnCluster.ControlPlaneScalingConfigProperty | cdk.IResolvable | undefined); /** * The current deletion protection setting for the cluster. */ get deletionProtection(): boolean | cdk.IResolvable | undefined; /** * The current deletion protection setting for the cluster. */ set deletionProtection(value: boolean | cdk.IResolvable | undefined); /** * The encryption configuration for the cluster. */ get encryptionConfig(): Array<CfnCluster.EncryptionConfigProperty | cdk.IResolvable> | cdk.IResolvable | undefined; /** * The encryption configuration for the cluster. */ set encryptionConfig(value: Array<CfnCluster.EncryptionConfigProperty | cdk.IResolvable> | cdk.IResolvable | undefined); /** * Set this value to `true` to override upgrade-blocking readiness checks when updating a cluster. */ get force(): boolean | cdk.IResolvable | undefined; /** * Set this value to `true` to override upgrade-blocking readiness checks when updating a cluster. */ set force(value: boolean | cdk.IResolvable | undefined); /** * The Kubernetes network configuration for the cluster. */ get kubernetesNetworkConfig(): cdk.IResolvable | CfnCluster.KubernetesNetworkConfigProperty | undefined; /** * The Kubernetes network configuration for the cluster. */ set kubernetesNetworkConfig(value: cdk.IResolvable | CfnCluster.KubernetesNetworkConfigProperty | undefined); /** * The logging configuration for your cluster. */ get logging(): cdk.IResolvable | CfnCluster.LoggingProperty | undefined; /** * The logging configuration for your cluster. */ set logging(value: cdk.IResolvable | CfnCluster.LoggingProperty | undefined); /** * The unique name to give to your cluster. */ get name(): string | undefined; /** * The unique name to give to your cluster. */ set name(value: string | undefined); /** * An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. */ get outpostConfig(): cdk.IResolvable | CfnCluster.OutpostConfigProperty | undefined; /** * An object representing the configuration of your local Amazon EKS cluster on an AWS Outpost. */ set outpostConfig(value: cdk.IResolvable | CfnCluster.OutpostConfigProperty | undefined); /** * The configuration in the cluster for EKS Hybrid Nodes. */ get remoteNetworkConfig(): cdk.IResolvable | CfnCluster.RemoteNetworkConfigProperty | undefined; /** * The configuration in the cluster for EKS Hybrid Nodes. */ set remoteNetworkConfig(value: cdk.IResolvable | CfnCluster.RemoteNetworkConfigProperty | undefined); /** * The VPC configuration that's used by the cluster control plane. */ get resourcesVpcConfig(): cdk.IResolvable | CfnCluster.ResourcesVpcConfigProperty; /** * The VPC configuration that's used by the cluster control plane. */ set resourcesVpcConfig(value: cdk.IResolvable | CfnCluster.ResourcesVpcConfigProperty); /** * The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. */ get roleArn(): string; /** * The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. */ set roleArn(value: string); /** * Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. */ get storageConfig(): cdk.IResolvable | CfnCluster.StorageConfigProperty | undefined; /** * Indicates the current configuration of the block storage capability on your EKS Auto Mode cluster. */ set storageConfig(value: cdk.IResolvable | CfnCluster.StorageConfigProperty | undefined); /** * The metadata that you apply to the cluster to assist with categorization and organization. */ get tagsRaw(): Array<cdk.CfnTag> | undefined; /** * The metadata that you apply to the cluster to assist with categorization and organization. */ set tagsRaw(value: Array<cdk.CfnTag> | undefined); /** * This value indicates if extended support is enabled or disabled for the cluster. */ get upgradePolicy(): cdk.IResolvable | CfnCluster.UpgradePolicyProperty | undefined; /** * This value indicates if extended support is enabled or disabled for the cluster. */ set upgradePolicy(value: cdk.IResolvable | CfnCluster.UpgradePolicyProperty | undefined); /** * The desired Kubernetes version for your cluster. */ get version(): string | undefined; /** * The desired Kubernetes version for your cluster. */ set version(value: string | undefined); /** * The configuration for zonal shift for the cluster. */ get zonalShiftConfig(): cdk.IResolvable | CfnCluster.ZonalShiftConfigProperty | undefined; /** * The configuration for zonal shift for the cluster. */ set zonalShiftConfig(value: cdk.IResolvable | CfnCluster.ZonalShiftConfigProperty | undefined); /** * The ARN of the cluster, such as `arn:aws:eks:us-west-2:666666666666:cluster/prod` . * * @cloudformationAttribute Arn */ get attrArn(): string; /** * The `certificate-authority-data` for your cluster. * * @cloudformationAttribute CertificateAuthorityData */ get attrCertificateAuthorityData(): string; /** * The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication. * * This parameter is only returned by Amazon EKS clusters that support managed node groups. For more information, see [Managed node groups](https://docs.aws.amazon.com/eks/latest/userguide/managed-node-groups.html) in the *Amazon EKS User Guide* . * * @cloudformationAttribute ClusterSecurityGroupId */ get attrClusterSecurityGroupId(): string; /** * Amazon Resource Name (ARN) or alias of the customer master key (CMK). * * @cloudformationAttribute EncryptionConfigKeyArn */ get attrEncryptionConfigKeyArn(): string; /** * The endpoint for your Kubernetes API server, such as `https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com` . * * @cloudformationAttribute Endpoint */ get attrEndpoint(): string; /** * The ID of your local Amazon EKS cluster on an AWS Outpost. This property isn't available for an Amazon EKS cluster on the AWS cloud. * * @cloudformationAttribute Id */ get attrId(): string; /** * The CIDR block that Kubernetes Service IP addresses are assigned from if you created a `1.21` or later cluster with version `>1.10.1` or later of the Amazon VPC CNI add-on and specified `ipv6` for *ipFamily* when you created the cluster. Kubernetes assigns Service addresses from the unique local address range ( `fc00::/7` ) because you can't specify a custom `IPv6` CIDR block when you create the cluster. * * @cloudformationAttribute KubernetesNetworkConfig.ServiceIpv6Cidr */ get attrKubernetesNetworkConfigServiceIpv6Cidr(): string; /** * The issuer URL for the OIDC identity provider of the cluster, such as `https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E` . If you need to remove `https://` from this output value, you can include the following code in your template. * * `!Select [1, !Split ["//", !GetAtt EKSCluster.OpenIdConnectIssuerUrl]]` * * @cloudformationAttribute OpenIdConnectIssuerUrl */ get attrOpenIdConnectIssuerUrl(): string; protected get cfnProperties(): Record<string, any>; /** * Examines the CloudFormation resource and discloses attributes * * @param inspector tree inspector to collect and process attributes */ inspect(inspector: cdk.TreeInspector): void; protected renderProperties(props: Record<string, any>): Record<string, any>; } export declare namespace CfnCluster { /** * Enable or disable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs. * * By default, cluster control plane logs aren't exported to CloudWatch Logs. For more information, see [Amazon EKS Cluster control plane logs](https://docs.aws.amazon.com/eks/latest/userguide/control-plane-logs.html) in the **Amazon EKS User Guide** . * * > When updating a resource, you must include this `Logging` property if the previous CloudFormation template of the resource had it. > CloudWatch Logs ingestion, archive storage, and data scanning rates apply to exported control plane logs. For more information, see [CloudWatch Pricing](https://docs.aws.amazon.com/cloudwatch/pricing/) . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-logging.html */ interface LoggingProperty { /** * The cluster control plane logging configuration for your cluster. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-logging.html#cfn-eks-cluster-logging-clusterlogging */ readonly clusterLogging?: CfnCluster.ClusterLoggingProperty | cdk.IResolvable; } /** * The cluster control plane logging configuration for your cluster. * * > When updating a resource, you must include this `ClusterLogging` property if the previous CloudFormation template of the resource had it. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-clusterlogging.html */ interface ClusterLoggingProperty { /** * The enabled control plane logs for your cluster. All log types are disabled if the array is empty. * * > When updating a resource, you must include this `EnabledTypes` property if the previous CloudFormation template of the resource had it. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-clusterlogging.html#cfn-eks-cluster-clusterlogging-enabledtypes */ readonly enabledTypes?: Array<cdk.IResolvable | CfnCluster.LoggingTypeConfigProperty> | cdk.IResolvable; } /** * The enabled logging type. * * For a list of the valid logging types, see the [`types` property of `LogSetup`](https://docs.aws.amazon.com/eks/latest/APIReference/API_LogSetup.html#AmazonEKS-Type-LogSetup-types) in the *Amazon EKS API Reference* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-loggingtypeconfig.html */ interface LoggingTypeConfigProperty { /** * The name of the log type. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-loggingtypeconfig.html#cfn-eks-cluster-loggingtypeconfig-type */ readonly type?: string; } /** * The configuration of your local Amazon EKS cluster on an AWS Outpost. * * Before creating a cluster on an Outpost, review [Creating a local cluster on an Outpost](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-local-cluster-create.html) in the *Amazon EKS User Guide* . This API isn't available for Amazon EKS clusters on the AWS cloud. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html */ interface OutpostConfigProperty { /** * The Amazon EC2 instance type that you want to use for your local Amazon EKS cluster on Outposts. * * Choose an instance type based on the number of nodes that your cluster will have. For more information, see [Capacity considerations](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html) in the *Amazon EKS User Guide* . * * The instance type that you specify is used for all Kubernetes control plane instances. The instance type can't be changed after cluster creation. The control plane is not automatically scaled by Amazon EKS. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html#cfn-eks-cluster-outpostconfig-controlplaneinstancetype */ readonly controlPlaneInstanceType: string; /** * An object representing the placement configuration for all the control plane instances of your local Amazon EKS cluster on an AWS Outpost. * * For more information, see [Capacity considerations](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html) in the *Amazon EKS User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html#cfn-eks-cluster-outpostconfig-controlplaneplacement */ readonly controlPlanePlacement?: CfnCluster.ControlPlanePlacementProperty | cdk.IResolvable; /** * The ARN of the Outpost that you want to use for your local Amazon EKS cluster on Outposts. * * Only a single Outpost ARN is supported. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-outpostconfig.html#cfn-eks-cluster-outpostconfig-outpostarns */ readonly outpostArns: Array<string>; } /** * The placement configuration for all the control plane instances of your local Amazon EKS cluster on an AWS Outpost. * * For more information, see [Capacity considerations](https://docs.aws.amazon.com/eks/latest/userguide/eks-outposts-capacity-considerations.html) in the *Amazon EKS User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-controlplaneplacement.html */ interface ControlPlanePlacementProperty { /** * The name of the placement group for the Kubernetes control plane instances. * * This property is only used for a local cluster on an AWS Outpost. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-controlplaneplacement.html#cfn-eks-cluster-controlplaneplacement-groupname */ readonly groupName?: string; } /** * The encryption configuration for the cluster. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html */ interface EncryptionConfigProperty { /** * The encryption provider for the cluster. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-provider */ readonly provider?: cdk.IResolvable | CfnCluster.ProviderProperty; /** * Specifies the resources to be encrypted. * * The only supported value is `secrets` . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-encryptionconfig.html#cfn-eks-cluster-encryptionconfig-resources */ readonly resources?: Array<string>; } /** * Identifies the AWS Key Management Service ( AWS ) key used to encrypt the secrets. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html */ interface ProviderProperty { /** * Amazon Resource Name (ARN) or alias of the KMS key. * * The KMS key must be symmetric and created in the same AWS Region as the cluster. If the KMS key was created in a different account, the [IAM principal](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_terms-and-concepts.html) must have access to the KMS key. For more information, see [Allowing users in other accounts to use a KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-modifying-external-accounts.html) in the *AWS Key Management Service Developer Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-provider.html#cfn-eks-cluster-provider-keyarn */ readonly keyArn?: string; } /** * The Kubernetes network configuration for the cluster. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html */ interface KubernetesNetworkConfigProperty { /** * Request to enable or disable the load balancing capability on your EKS Auto Mode cluster. * * For more information, see EKS Auto Mode load balancing capability in the *Amazon EKS User Guide* . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-elasticloadbalancing */ readonly elasticLoadBalancing?: CfnCluster.ElasticLoadBalancingProperty | cdk.IResolvable; /** * Specify which IP family is used to assign Kubernetes pod and service IP addresses. * * If you don't specify a value, `ipv4` is used by default. You can only specify an IP family when you create a cluster and can't change this value once the cluster is created. If you specify `ipv6` , the VPC and subnets that you specify for cluster creation must have both `IPv4` and `IPv6` CIDR blocks assigned to them. You can't specify `ipv6` for clusters in China Regions. * * You can only specify `ipv6` for `1.21` and later clusters that use version `1.10.1` or later of the Amazon VPC CNI add-on. If you specify `ipv6` , then ensure that your VPC meets the requirements listed in the considerations listed in [Assigning IPv6 addresses to pods and services](https://docs.aws.amazon.com/eks/latest/userguide/cni-ipv6.html) in the *Amazon EKS User Guide* . Kubernetes assigns services `IPv6` addresses from the unique local address range `(fc00::/7)` . You can't specify a custom `IPv6` CIDR block. Pod addresses are assigned from the subnet's `IPv6` CIDR. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-ipfamily */ readonly ipFamily?: string; /** * Don't specify a value if you select `ipv6` for *ipFamily* . * * The CIDR block to assign Kubernetes service IP addresses from. If you don't specify a block, Kubernetes assigns addresses from either the `10.100.0.0/16` or `172.20.0.0/16` CIDR blocks. We recommend that you specify a block that does not overlap with resources in other networks that are peered or connected to your VPC. The block must meet the following requirements: * * - Within one of the following private IP address blocks: `10.0.0.0/8` , `172.16.0.0/12` , or `192.168.0.0/16` . * - Doesn't overlap with any CIDR block assigned to the VPC that you selected for VPC. * - Between `/24` and `/12` . * * > You can only specify a custom CIDR block when you create a cluster. You can't change this value after the cluster is created. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv4cidr */ readonly serviceIpv4Cidr?: string; /** * The CIDR block that Kubernetes pod and service IP addresses are assigned from if you created a 1.21 or later cluster with version 1.10.1 or later of the Amazon VPC CNI add-on and specified `ipv6` for *ipFamily* when you created the cluster. Kubernetes assigns service addresses from the unique local address range ( `fc00::/7` ) because you can't specify a custom IPv6 CIDR block when you create the cluster. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-kubernetesnetworkconfig.html#cfn-eks-cluster-kubernetesnetworkconfig-serviceipv6cidr */ readonly serviceIpv6Cidr?: string; } /** * Indicates the current configuration of the load balancing capability on your EKS Auto Mode cluster. * * For example, if the capability is enabled or disabled. For more information, see EKS Auto Mode load balancing capability in the *Amazon EKS User Guide* . * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-elasticloadbalancing.html */ interface ElasticLoadBalancingProperty { /** * Indicates if the load balancing capability is enabled on your EKS Auto Mode cluster. * * If the load balancing capability is enabled, EKS Auto Mode will create and delete load balancers in your AWS account. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-elasticloadbalancing.html#cfn-eks-cluster-elasticloadbalancing-enabled */ readonly enabled?: boolean | cdk.IResolvable; } /** * An object representing the VPC configuration to use for an Amazon EKS cluster. * * > When updating a resource, you must include these properties if the previous CloudFormation template of the resource had them: * > * > - `EndpointPublicAccess` * > - `EndpointPrivateAccess` * > - `PublicAccessCidrs` * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html */ interface ResourcesVpcConfigProperty { /** * Set this value to `true` to enable private access for your cluster's Kubernetes API server endpoint. * * If you enable private access, Kubernetes API requests from within your cluster's VPC use the private VPC endpoint. The default value for this parameter is `false` , which disables private access for your Kubernetes API server. If you disable private access and you have nodes or AWS Fargate pods in the cluster, then ensure that `publicAccessCidrs` includes the necessary CIDR blocks for communication with the nodes or Fargate pods. For more information, see [Cluster API server endpoint](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-endpointprivateaccess */ readonly endpointPrivateAccess?: boolean | cdk.IResolvable; /** * Set this value to `false` to disable public access to your cluster's Kubernetes API server endpoint. * * If you disable public access, your cluster's Kubernetes API server can only receive requests from within the cluster VPC. The default value for this parameter is `true` , which enables public access for your Kubernetes API server. The endpoint domain name and IP address family depends on the value of the `ipFamily` for the cluster. For more information, see [Cluster API server endpoint](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-endpointpublicaccess */ readonly endpointPublicAccess?: boolean | cdk.IResolvable; /** * The CIDR blocks that are allowed access to your cluster's public Kubernetes API server endpoint. * * Communication to the endpoint from addresses outside of the CIDR blocks that you specify is denied. The default value is `0.0.0.0/0` and additionally `::/0` for dual-stack `IPv6` clusters. If you've disabled private endpoint access, make sure that you specify the necessary CIDR blocks for every node and AWS Fargate `Pod` in the cluster. For more information, see [Cluster API server endpoint](https://docs.aws.amazon.com/eks/latest/userguide/cluster-endpoint.html) in the **Amazon EKS User Guide** . * * Note that the public endpoints are dual-stack for only `IPv6` clusters that are made after October 2024. You can't add `IPv6` CIDR blocks to `IPv4` clusters or `IPv6` clusters that were made before October 2024. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-publicaccesscidrs */ readonly publicAccessCidrs?: Array<string>; /** * Specify one or more security groups for the cross-account elastic network interfaces that Amazon EKS creates to use that allow communication between your nodes and the Kubernetes control plane. * * If you don't specify any security groups, then familiarize yourself with the difference between Amazon EKS defaults for clusters deployed with Kubernetes. For more information, see [Amazon EKS security group considerations](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html) in the **Amazon EKS User Guide** . * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-securitygroupids */ readonly securityGroupIds?: Array<string>; /** * Specify subnets for your Amazon EKS nodes. * * Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your nodes and the Kubernetes control plane. * * @see http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-eks-cluster-resourcesvpcconfig.html#cfn-eks-cluster-resourcesvpcconfig-subnetids */ readonly subnetIds: Array<string>; } /** * The access configuration for the cluster. * * @struct * @stability external * @see http://docs.aws.amazon.com/AWSCloudFormation/