clusters
Creates, updates, deletes or gets a cluster resource or lists clusters in a region
Overview
| Name | clusters |
| Type | Resource |
| Description | An object representing an Amazon EKS cluster. |
| Id | aws.eks.clusters |
Fields
| Name | Datatype | Description |
|---|---|---|
encryption_config | array | |
kubernetes_network_config | object | The Kubernetes network configuration for the cluster. |
logging | object | Enable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs based on log types. By default, cluster control plane logs aren't exported to CloudWatch Logs. |
name | string | The unique name to give to your cluster. |
id | string | The unique ID given to your cluster. |
resources_vpc_config | object | An object representing the VPC configuration to use for an Amazon EKS cluster. |
outpost_config | object | An object representing the Outpost configuration to use for AWS EKS outpost cluster. |
access_config | object | An object representing the Access Config to use for the cluster. |
upgrade_policy | object | An object representing the Upgrade Policy to use for the cluster. |
remote_network_config | object | Configuration fields for specifying on-premises node and pod CIDRs that are external to the VPC passed during cluster creation. |
compute_config | object | Todo: add description |
storage_config | object | Todo: add description |
role_arn | string | The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. |
version | string | The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used. |
tags | array | An array of key-value pairs to apply to this resource. |
arn | string | The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod. |
endpoint | string | The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com. |
certificate_authority_data | string | The certificate-authority-data for your cluster. |
cluster_security_group_id | string | The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication. |
encryption_config_key_arn | string | Amazon Resource Name (ARN) or alias of the customer master key (CMK). |
open_id_connect_issuer_url | string | The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template. |
bootstrap_self_managed_addons | boolean | Set this value to false to avoid creating the default networking add-ons when the cluster is created. |
zonal_shift_config | object | The current zonal shift configuration to use for the cluster. |
region | string | AWS region. |
For more information, see AWS::EKS::Cluster.
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | RoleArn, ResourcesVpcConfig, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all clusters in a region.
SELECT
region,
encryption_config,
kubernetes_network_config,
logging,
name,
id,
resources_vpc_config,
outpost_config,
access_config,
upgrade_policy,
remote_network_config,
compute_config,
storage_config,
role_arn,
version,
tags,
arn,
endpoint,
certificate_authority_data,
cluster_security_group_id,
encryption_config_key_arn,
open_id_connect_issuer_url,
bootstrap_self_managed_addons,
zonal_shift_config
FROM aws.eks.clusters
WHERE region = 'us-east-1';
Gets all properties from an individual cluster.
SELECT
region,
encryption_config,
kubernetes_network_config,
logging,
name,
id,
resources_vpc_config,
outpost_config,
access_config,
upgrade_policy,
remote_network_config,
compute_config,
storage_config,
role_arn,
version,
tags,
arn,
endpoint,
certificate_authority_data,
cluster_security_group_id,
encryption_config_key_arn,
open_id_connect_issuer_url,
bootstrap_self_managed_addons,
zonal_shift_config
FROM aws.eks.clusters
WHERE region = 'us-east-1' AND data__Identifier = '<Name>';
INSERT example
Use the following StackQL query and manifest file to create a new cluster resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.eks.clusters (
ResourcesVpcConfig,
RoleArn,
region
)
SELECT
'{{ ResourcesVpcConfig }}',
'{{ RoleArn }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.eks.clusters (
EncryptionConfig,
KubernetesNetworkConfig,
Logging,
Name,
ResourcesVpcConfig,
OutpostConfig,
AccessConfig,
UpgradePolicy,
RemoteNetworkConfig,
ComputeConfig,
StorageConfig,
RoleArn,
Version,
Tags,
BootstrapSelfManagedAddons,
ZonalShiftConfig,
region
)
SELECT
'{{ EncryptionConfig }}',
'{{ KubernetesNetworkConfig }}',
'{{ Logging }}',
'{{ Name }}',
'{{ ResourcesVpcConfig }}',
'{{ OutpostConfig }}',
'{{ AccessConfig }}',
'{{ UpgradePolicy }}',
'{{ RemoteNetworkConfig }}',
'{{ ComputeConfig }}',
'{{ StorageConfig }}',
'{{ RoleArn }}',
'{{ Version }}',
'{{ Tags }}',
'{{ BootstrapSelfManagedAddons }}',
'{{ ZonalShiftConfig }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: cluster
props:
- name: EncryptionConfig
value:
- Provider:
KeyArn: '{{ KeyArn }}'
Resources:
- '{{ Resources[0] }}'
- name: KubernetesNetworkConfig
value:
ServiceIpv4Cidr: '{{ ServiceIpv4Cidr }}'
ServiceIpv6Cidr: '{{ ServiceIpv6Cidr }}'
IpFamily: '{{ IpFamily }}'
ElasticLoadBalancing:
Enabled: '{{ Enabled }}'
- name: Logging
value:
ClusterLogging:
EnabledTypes:
- Type: '{{ Type }}'
- name: Name
value: '{{ Name }}'
- name: ResourcesVpcConfig
value:
EndpointPrivateAccess: '{{ EndpointPrivateAccess }}'
EndpointPublicAccess: '{{ EndpointPublicAccess }}'
PublicAccessCidrs:
- '{{ PublicAccessCidrs[0] }}'
SecurityGroupIds:
- '{{ SecurityGroupIds[0] }}'
SubnetIds:
- '{{ SubnetIds[0] }}'
- name: OutpostConfig
value:
OutpostArns:
- '{{ OutpostArns[0] }}'
ControlPlaneInstanceType: '{{ ControlPlaneInstanceType }}'
ControlPlanePlacement:
GroupName: '{{ GroupName }}'
- name: AccessConfig
value:
BootstrapClusterCreatorAdminPermissions: '{{ BootstrapClusterCreatorAdminPermissions }}'
AuthenticationMode: '{{ AuthenticationMode }}'
- name: UpgradePolicy
value:
SupportType: '{{ SupportType }}'
- name: RemoteNetworkConfig
value:
RemoteNodeNetworks:
- Cidrs:
- '{{ Cidrs[0] }}'
RemotePodNetworks:
- Cidrs:
- '{{ Cidrs[0] }}'
- name: ComputeConfig
value:
Enabled: '{{ Enabled }}'
NodeRoleArn: '{{ NodeRoleArn }}'
NodePools:
- '{{ NodePools[0] }}'
- name: StorageConfig
value:
BlockStorage:
Enabled: '{{ Enabled }}'
- name: RoleArn
value: '{{ RoleArn }}'
- name: Version
value: '{{ Version }}'
- name: Tags
value:
- Key: '{{ Key }}'
Value: '{{ Value }}'
- name: BootstrapSelfManagedAddons
value: '{{ BootstrapSelfManagedAddons }}'
- name: ZonalShiftConfig
value:
Enabled: '{{ Enabled }}'
DELETE example
/*+ delete */
DELETE FROM aws.eks.clusters
WHERE data__Identifier = '<Name>'
AND region = 'us-east-1';
Permissions
To operate on the clusters resource, the following permissions are required:
Create
eks:CreateCluster,
eks:DescribeCluster,
eks:TagResource,
eks:CreateAccessEntry,
iam:PassRole,
iam:GetRole,
iam:ListAttachedRolePolicies,
iam:CreateServiceLinkedRole,
iam:CreateInstanceProfile,
iam:TagInstanceProfile,
iam:AddRoleToInstanceProfile,
iam:GetInstanceProfile,
iam:DeleteInstanceProfile,
iam:RemoveRoleFromInstanceProfile,
ec2:DescribeSubnets,
ec2:DescribeVpcs,
kms:DescribeKey,
kms:CreateGrant
Read
eks:DescribeCluster
Update
iam:PassRole,
eks:UpdateClusterConfig,
eks:UpdateClusterVersion,
eks:DescribeCluster,
eks:DescribeUpdate,
eks:TagResource,
eks:UntagResource
Delete
eks:DeleteCluster,
eks:DescribeCluster
List
eks:ListClusters