awscc.eks_cluster

Filters

  • event

  • reduce

  • value

Actions

delete

Parent base class for filters and actions.

properties:
  type:
    enum:
    - delete
required:
- type

Permissions - eks:DeleteCluster, eks:DescribeCluster

update

Parent base class for filters and actions.

definitions:
  ClusterLogging:
    additionalProperties: false
    description: 'The cluster control plane logging configuration for your cluster. '
    properties:
      EnabledTypes:
        description: Enable control plane logs for your cluster, all log types will
          be disabled if the array is empty
        insertionOrder: false
        items:
          additionalProperties: false
          description: Enabled Logging Type
          properties:
            Type:
              description: name of the log type
              enum:
              - api
              - audit
              - authenticator
              - controllerManager
              - scheduler
              type: string
          type: object
        type: array
    type: object
  EnabledTypes:
    description: Enable control plane logs for your cluster, all log types will be
      disabled if the array is empty
    insertionOrder: false
    items:
      additionalProperties: false
      description: Enabled Logging Type
      properties:
        Type:
          description: name of the log type
          enum:
          - api
          - audit
          - authenticator
          - controllerManager
          - scheduler
          type: string
      type: object
    type: array
  EncryptionConfig:
    additionalProperties: false
    description: The encryption configuration for the cluster
    properties:
      Provider:
        additionalProperties: false
        description: The encryption provider for the cluster.
        properties:
          KeyArn:
            description: Amazon Resource Name (ARN) or alias of the KMS key. The KMS
              key must be symmetric, created in the same region as the cluster, and
              if the KMS key was created in a different account, the user must have
              access to the KMS key.
            type: string
        type: object
      Resources:
        description: Specifies the resources to be encrypted. The only supported value
          is "secrets".
        insertionOrder: false
        items:
          type: string
        type: array
    type: object
  KubernetesNetworkConfig:
    additionalProperties: false
    description: The Kubernetes network configuration for the cluster.
    properties:
      IpFamily:
        description: Ipv4 or Ipv6, Ipv6 is only supported on cluster with k8s version
          1.21
        enum:
        - ipv4
        - ipv6
        type: string
      ServiceIpv4Cidr:
        description: 'The CIDR block to assign Kubernetes service IP addresses from.
          If you don''t specify a block, Kubernetes assigns addresses from either
          the 10.100.0.0/16 or 172.20.0.0/16 CIDR blocks. We recommend that you specify
          a block that does not overlap with resources in other networks that are
          peered or connected to your VPC. '
        type: string
      ServiceIpv6Cidr:
        description: The CIDR block to assign Kubernetes service IP addresses from.
        type: string
    type: object
  Logging:
    additionalProperties: false
    description: Enable exporting the Kubernetes control plane logs for your cluster
      to CloudWatch Logs based on log types. By default, cluster control plane logs
      aren't exported to CloudWatch Logs.
    properties:
      ClusterLogging:
        additionalProperties: false
        description: 'The cluster control plane logging configuration for your cluster. '
        properties:
          EnabledTypes:
            description: Enable control plane logs for your cluster, all log types
              will be disabled if the array is empty
            insertionOrder: false
            items:
              additionalProperties: false
              description: Enabled Logging Type
              properties:
                Type:
                  description: name of the log type
                  enum:
                  - api
                  - audit
                  - authenticator
                  - controllerManager
                  - scheduler
                  type: string
              type: object
            type: array
        type: object
    type: object
  LoggingTypeConfig:
    additionalProperties: false
    description: Enabled Logging Type
    properties:
      Type:
        description: name of the log type
        enum:
        - api
        - audit
        - authenticator
        - controllerManager
        - scheduler
        type: string
    type: object
  ResourcesVpcConfig:
    additionalProperties: false
    description: An object representing the VPC configuration to use for an Amazon
      EKS cluster.
    properties:
      EndpointPrivateAccess:
        description: Set this value to true to enable private access for your cluster's
          Kubernetes API server endpoint. If you enable private access, Kubernetes
          API requests from within your cluster's VPC use the private VPC endpoint.
          The default value for this parameter is false, which disables private access
          for your Kubernetes API server. If you disable private access and you have
          nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs
          includes the necessary CIDR blocks for communication with the nodes or Fargate
          pods.
        type: boolean
      EndpointPublicAccess:
        description: Set this value to false to disable public access to your cluster's
          Kubernetes API server endpoint. If you disable public access, your cluster's
          Kubernetes API server can only receive requests from within the cluster
          VPC. The default value for this parameter is true, which enables public
          access for your Kubernetes API server.
        type: boolean
      PublicAccessCidrs:
        description: The CIDR blocks that are allowed access to your cluster's public
          Kubernetes API server endpoint. Communication to the endpoint from addresses
          outside of the CIDR blocks that you specify is denied. The default value
          is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes
          or AWS Fargate pods in the cluster, then ensure that you specify the necessary
          CIDR blocks.
        insertionOrder: false
        items:
          minItems: 1
          type: string
        type: array
      SecurityGroupIds:
        description: Specify one or more security groups for the cross-account elastic
          network interfaces that Amazon EKS creates to use to allow communication
          between your worker nodes and the Kubernetes control plane. If you don't
          specify a security group, the default security group for your VPC is used.
        insertionOrder: false
        items:
          minItems: 1
          type: string
        type: array
      SubnetIds:
        description: Specify subnets for your Amazon EKS nodes. Amazon EKS creates
          cross-account elastic network interfaces in these subnets to allow communication
          between your nodes and the Kubernetes control plane.
        insertionOrder: false
        items:
          minItems: 1
          type: string
        type: array
    required:
    - SubnetIds
    type: object
  Tag:
    additionalProperties: false
    description: A key-value pair to associate with a resource.
    properties:
      Key:
        description: 'The key name of the tag. You can specify a value that is 1 to
          128 Unicode characters in length and cannot be prefixed with aws:. You can
          use any of the following characters: the set of Unicode letters, digits,
          whitespace, _, ., /, =, +, and -.'
        maxLength: 128
        minLength: 1
        type: string
      Value:
        description: 'The value for the tag. You can specify a value that is 0 to
          256 Unicode characters in length and cannot be prefixed with aws:. You can
          use any of the following characters: the set of Unicode letters, digits,
          whitespace, _, ., /, =, +, and -.'
        maxLength: 256
        minLength: 0
        type: string
    required:
    - Key
    - Value
    type: object
properties:
  Logging:
    additionalProperties: false
    description: Enable exporting the Kubernetes control plane logs for your cluster
      to CloudWatch Logs based on log types. By default, cluster control plane logs
      aren't exported to CloudWatch Logs.
    properties:
      ClusterLogging:
        additionalProperties: false
        description: 'The cluster control plane logging configuration for your cluster. '
        properties:
          EnabledTypes:
            description: Enable control plane logs for your cluster, all log types
              will be disabled if the array is empty
            insertionOrder: false
            items:
              additionalProperties: false
              description: Enabled Logging Type
              properties:
                Type:
                  description: name of the log type
                  enum:
                  - api
                  - audit
                  - authenticator
                  - controllerManager
                  - scheduler
                  type: string
              type: object
            type: array
        type: object
    type: object
  ResourcesVpcConfig:
    additionalProperties: false
    description: An object representing the VPC configuration to use for an Amazon
      EKS cluster.
    properties:
      EndpointPrivateAccess:
        description: Set this value to true to enable private access for your cluster's
          Kubernetes API server endpoint. If you enable private access, Kubernetes
          API requests from within your cluster's VPC use the private VPC endpoint.
          The default value for this parameter is false, which disables private access
          for your Kubernetes API server. If you disable private access and you have
          nodes or AWS Fargate pods in the cluster, then ensure that publicAccessCidrs
          includes the necessary CIDR blocks for communication with the nodes or Fargate
          pods.
        type: boolean
      EndpointPublicAccess:
        description: Set this value to false to disable public access to your cluster's
          Kubernetes API server endpoint. If you disable public access, your cluster's
          Kubernetes API server can only receive requests from within the cluster
          VPC. The default value for this parameter is true, which enables public
          access for your Kubernetes API server.
        type: boolean
      PublicAccessCidrs:
        description: The CIDR blocks that are allowed access to your cluster's public
          Kubernetes API server endpoint. Communication to the endpoint from addresses
          outside of the CIDR blocks that you specify is denied. The default value
          is 0.0.0.0/0. If you've disabled private endpoint access and you have nodes
          or AWS Fargate pods in the cluster, then ensure that you specify the necessary
          CIDR blocks.
        insertionOrder: false
        items:
          minItems: 1
          type: string
        type: array
      SecurityGroupIds:
        description: Specify one or more security groups for the cross-account elastic
          network interfaces that Amazon EKS creates to use to allow communication
          between your worker nodes and the Kubernetes control plane. If you don't
          specify a security group, the default security group for your VPC is used.
        insertionOrder: false
        items:
          minItems: 1
          type: string
        type: array
      SubnetIds:
        description: Specify subnets for your Amazon EKS nodes. Amazon EKS creates
          cross-account elastic network interfaces in these subnets to allow communication
          between your nodes and the Kubernetes control plane.
        insertionOrder: false
        items:
          minItems: 1
          type: string
        type: array
    required:
    - SubnetIds
    type: object
  Tags:
    description: An array of key-value pairs to apply to this resource.
    insertionOrder: false
    items:
      additionalProperties: false
      description: A key-value pair to associate with a resource.
      properties:
        Key:
          description: 'The key name of the tag. You can specify a value that is 1
            to 128 Unicode characters in length and cannot be prefixed with aws:.
            You can use any of the following characters: the set of Unicode letters,
            digits, whitespace, _, ., /, =, +, and -.'
          maxLength: 128
          minLength: 1
          type: string
        Value:
          description: 'The value for the tag. You can specify a value that is 0 to
            256 Unicode characters in length and cannot be prefixed with aws:. You
            can use any of the following characters: the set of Unicode letters, digits,
            whitespace, _, ., /, =, +, and -.'
          maxLength: 256
          minLength: 0
          type: string
      required:
      - Key
      - Value
      type: object
    type: array
    uniqueItems: true
  Version:
    description: The desired Kubernetes version for your cluster. If you don't specify
      a value here, the latest version available in Amazon EKS is used.
    pattern: 1\.\d\d
    type: string
  type:
    enum:
    - update

Permissions - iam:PassRole, eks:UpdateClusterConfig, eks:UpdateClusterVersion, eks:DescribeCluster, eks:DescribeUpdate, eks:TagResource, eks:UntagResource