awscc.eks_cluster¶
Filters¶
event
reduce
value
Actions¶
delete¶
Parent base class for filters and actions.
properties:
type:
enum:
- delete
required:
- type
Permissions - eks:DeleteCluster, eks:DescribeCluster
update¶
Parent base class for filters and actions.
definitions:
ClusterLogging:
additionalProperties: false
description: 'The cluster control plane logging configuration for your cluster. '
properties:
EnabledTypes:
description: Enable control plane logs for your cluster, all log types will
be disabled if the array is empty
insertionOrder: false
items:
additionalProperties: false
description: Enabled Logging Type
properties:
Type:
description: name of the log type
enum:
- api
- audit
- authenticator
- controllerManager
- scheduler
type: string
type: object
type: array
type: object
EnabledTypes:
description: Enable control plane logs for your cluster, all log types will be
disabled if the array is empty
insertionOrder: false
items:
additionalProperties: false
description: Enabled Logging Type
properties:
Type:
description: name of the log type
enum:
- api
- audit
- authenticator
- controllerManager
- scheduler
type: string
type: object
type: array
EncryptionConfig:
additionalProperties: false
description: The encryption configuration for the cluster
properties:
Provider:
additionalProperties: false
description: The encryption provider for the cluster.
properties:
KeyArn:
description: Amazon Resource Name (ARN) or alias of the KMS key. The KMS
key must be symmetric, created in the same region as the cluster, and
if the KMS key was created in a different account, the user must have
access to the KMS key.
type: string
type: object
Resources:
description: Specifies the resources to be encrypted. The only supported value
is "secrets".
insertionOrder: false
items:
type: string
type: array
type: object
KubernetesNetworkConfig:
additionalProperties: false
description: The Kubernetes network configuration for the cluster.
properties:
IpFamily:
description: Ipv4 or Ipv6, Ipv6 is only supported on cluster with k8s version
1.21
enum:
- ipv4
- ipv6
type: string
ServiceIpv4Cidr:
description: 'The CIDR block to assign Kubernetes service IP addresses from.
If you don''t specify a block, Kubernetes assigns addresses from either
the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify
a block that does not overlap with resources in other networks that are
peered or connected to your VPC. '
type: string
ServiceIpv6Cidr:
description: The CIDR block to assign Kubernetes service IP addresses from.
type: string
type: object
Logging:
additionalProperties: false
description: Enable exporting the Kubernetes control plane logs for your cluster
to CloudWatch Logs based on log types. By default, cluster control plane logs
aren't exported to CloudWatch Logs.
properties:
ClusterLogging:
additionalProperties: false
description: 'The cluster control plane logging configuration for your cluster. '
properties:
EnabledTypes:
description: Enable control plane logs for your cluster, all log types
will be disabled if the array is empty
insertionOrder: false
items:
additionalProperties: false
description: Enabled Logging Type
properties:
Type:
description: name of the log type
enum:
- api
- audit
- authenticator
- controllerManager
- scheduler
type: string
type: object
type: array
type: object
type: object
LoggingTypeConfig:
additionalProperties: false
description: Enabled Logging Type
properties:
Type:
description: name of the log type
enum:
- api
- audit
- authenticator
- controllerManager
- scheduler
type: string
type: object
ResourcesVpcConfig:
additionalProperties: false
description: An object representing the VPC configuration to use for an Amazon
EKS cluster.
properties:
EndpointPrivateAccess:
description: Set this value to true to enable private access for your cluster's
Kubernetes API server endpoint. If you enable private access, Kubernetes
API requests from within your cluster's VPC use the private VPC endpoint.
The default value for this parameter is false, which disables private access
for your Kubernetes API server. If you disable private access and you have
nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs
includes the necessary CIDR blocks for communication with the nodes or Fargate
pods.
type: boolean
EndpointPublicAccess:
description: Set this value to false to disable public access to your cluster's
Kubernetes API server endpoint. If you disable public access, your cluster's
Kubernetes API server can only receive requests from within the cluster
VPC. The default value for this parameter is true, which enables public
access for your Kubernetes API server.
type: boolean
PublicAccessCidrs:
description: The CIDR blocks that are allowed access to your cluster's public
Kubernetes API server endpoint. Communication to the endpoint from addresses
outside of the CIDR blocks that you specify is denied. The default value
is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes
or AWS Fargate pods in the cluster, then ensure that you specify the necessary
CIDR blocks.
insertionOrder: false
items:
minItems: 1
type: string
type: array
SecurityGroupIds:
description: Specify one or more security groups for the cross-account elastic
network interfaces that Amazon EKS creates to use to allow communication
between your worker nodes and the Kubernetes control plane. If you don't
specify a security group, the default security group for your VPC is used.
insertionOrder: false
items:
minItems: 1
type: string
type: array
SubnetIds:
description: Specify subnets for your Amazon EKS nodes. Amazon EKS creates
cross-account elastic network interfaces in these subnets to allow communication
between your nodes and the Kubernetes control plane.
insertionOrder: false
items:
minItems: 1
type: string
type: array
required:
- SubnetIds
type: object
Tag:
additionalProperties: false
description: A key-value pair to associate with a resource.
properties:
Key:
description: 'The key name of the tag. You can specify a value that is 1 to
128 Unicode characters in length and cannot be prefixed with aws:. You can
use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -.'
maxLength: 128
minLength: 1
type: string
Value:
description: 'The value for the tag. You can specify a value that is 0 to
256 Unicode characters in length and cannot be prefixed with aws:. You can
use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -.'
maxLength: 256
minLength: 0
type: string
required:
- Key
- Value
type: object
properties:
Logging:
additionalProperties: false
description: Enable exporting the Kubernetes control plane logs for your cluster
to CloudWatch Logs based on log types. By default, cluster control plane logs
aren't exported to CloudWatch Logs.
properties:
ClusterLogging:
additionalProperties: false
description: 'The cluster control plane logging configuration for your cluster. '
properties:
EnabledTypes:
description: Enable control plane logs for your cluster, all log types
will be disabled if the array is empty
insertionOrder: false
items:
additionalProperties: false
description: Enabled Logging Type
properties:
Type:
description: name of the log type
enum:
- api
- audit
- authenticator
- controllerManager
- scheduler
type: string
type: object
type: array
type: object
type: object
ResourcesVpcConfig:
additionalProperties: false
description: An object representing the VPC configuration to use for an Amazon
EKS cluster.
properties:
EndpointPrivateAccess:
description: Set this value to true to enable private access for your cluster's
Kubernetes API server endpoint. If you enable private access, Kubernetes
API requests from within your cluster's VPC use the private VPC endpoint.
The default value for this parameter is false, which disables private access
for your Kubernetes API server. If you disable private access and you have
nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs
includes the necessary CIDR blocks for communication with the nodes or Fargate
pods.
type: boolean
EndpointPublicAccess:
description: Set this value to false to disable public access to your cluster's
Kubernetes API server endpoint. If you disable public access, your cluster's
Kubernetes API server can only receive requests from within the cluster
VPC. The default value for this parameter is true, which enables public
access for your Kubernetes API server.
type: boolean
PublicAccessCidrs:
description: The CIDR blocks that are allowed access to your cluster's public
Kubernetes API server endpoint. Communication to the endpoint from addresses
outside of the CIDR blocks that you specify is denied. The default value
is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes
or AWS Fargate pods in the cluster, then ensure that you specify the necessary
CIDR blocks.
insertionOrder: false
items:
minItems: 1
type: string
type: array
SecurityGroupIds:
description: Specify one or more security groups for the cross-account elastic
network interfaces that Amazon EKS creates to use to allow communication
between your worker nodes and the Kubernetes control plane. If you don't
specify a security group, the default security group for your VPC is used.
insertionOrder: false
items:
minItems: 1
type: string
type: array
SubnetIds:
description: Specify subnets for your Amazon EKS nodes. Amazon EKS creates
cross-account elastic network interfaces in these subnets to allow communication
between your nodes and the Kubernetes control plane.
insertionOrder: false
items:
minItems: 1
type: string
type: array
required:
- SubnetIds
type: object
Tags:
description: An array of key-value pairs to apply to this resource.
insertionOrder: false
items:
additionalProperties: false
description: A key-value pair to associate with a resource.
properties:
Key:
description: 'The key name of the tag. You can specify a value that is 1
to 128 Unicode characters in length and cannot be prefixed with aws:.
You can use any of the following characters: the set of Unicode letters,
digits, whitespace, _, ., /, =, +, and -.'
maxLength: 128
minLength: 1
type: string
Value:
description: 'The value for the tag. You can specify a value that is 0 to
256 Unicode characters in length and cannot be prefixed with aws:. You
can use any of the following characters: the set of Unicode letters, digits,
whitespace, _, ., /, =, +, and -.'
maxLength: 256
minLength: 0
type: string
required:
- Key
- Value
type: object
type: array
uniqueItems: true
Version:
description: The desired Kubernetes version for your cluster. If you don't specify
a value here, the latest version available in Amazon EKS is used.
pattern: 1\.\d\d
type: string
type:
enum:
- update
Permissions - iam:PassRole, eks:UpdateClusterConfig, eks:UpdateClusterVersion, eks:DescribeCluster, eks:DescribeUpdate, eks:TagResource, eks:UntagResource