clusters

Creates, updates, deletes or gets a cluster resource or lists clusters in a region

Overview

Name	`clusters`
Type	Resource
Description	An object representing an Amazon EKS cluster.
Id	`aws.eks.clusters`

Fields

Name	Datatype	Description
`logging`	`object`	Enable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs based on log types. By default, cluster control plane logs aren't exported to CloudWatch Logs.
`encryption_config_key_arn`	`string`	Amazon Resource Name (ARN) or alias of the customer master key (CMK).
`access_config`	`object`	An object representing the Access Config to use for the cluster.
`certificate_authority_data`	`string`	The certificate-authority-data for your cluster.
`encryption_config`	`array`
`kubernetes_network_config`	`object`	The Kubernetes network configuration for the cluster.
`role_arn`	`string`	The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
`name`	`string`	The unique name to give to your cluster.
`endpoint`	`string`	The endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com.
`version`	`string`	The desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used.
`cluster_security_group_id`	`string`	The cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication.
`id`	`string`	The unique ID given to your cluster.
`outpost_config`	`object`	An object representing the Outpost configuration to use for AWS EKS outpost cluster.
`arn`	`string`	The ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod.
`resources_vpc_config`	`object`	An object representing the VPC configuration to use for an Amazon EKS cluster.
`tags`	`array`	An array of key-value pairs to apply to this resource.
`open_id_connect_issuer_url`	`string`	The issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template.
`region`	`string`	AWS region.

Methods

Name	Accessible by	Required Params
`create_resource`	`INSERT`	`RoleArn, ResourcesVpcConfig, region`
`delete_resource`	`DELETE`	`data__Identifier, region`
`update_resource`	`UPDATE`	`data__Identifier, data__PatchDocument, region`
`list_resources`	`SELECT`	`region`
`get_resource`	`SELECT`	`data__Identifier, region`

`SELECT` examples

Gets all clusters in a region.

SELECT
region,
logging,
encryption_config_key_arn,
access_config,
certificate_authority_data,
encryption_config,
kubernetes_network_config,
role_arn,
name,
endpoint,
version,
cluster_security_group_id,
id,
outpost_config,
arn,
resources_vpc_config,
tags,
open_id_connect_issuer_url
FROM aws.eks.clusters
WHERE region = 'us-east-1';

Gets all properties from an individual cluster.

SELECT
region,
logging,
encryption_config_key_arn,
access_config,
certificate_authority_data,
encryption_config,
kubernetes_network_config,
role_arn,
name,
endpoint,
version,
cluster_security_group_id,
id,
outpost_config,
arn,
resources_vpc_config,
tags,
open_id_connect_issuer_url
FROM aws.eks.clusters
WHERE region = 'us-east-1' AND data__Identifier = '<Name>';

`INSERT` example

Use the following StackQL query and manifest file to create a new cluster resource, using stack-deploy.

Required Properties
All Properties
Manifest

/*+ create */
INSERT INTO aws.eks.clusters (
 RoleArn,
 ResourcesVpcConfig,
 region
)
SELECT 
'{{ RoleArn }}',
 '{{ ResourcesVpcConfig }}',
'{{ region }}';

/*+ create */
INSERT INTO aws.eks.clusters (
 Logging,
 AccessConfig,
 EncryptionConfig,
 KubernetesNetworkConfig,
 RoleArn,
 Name,
 Version,
 OutpostConfig,
 ResourcesVpcConfig,
 Tags,
 region
)
SELECT 
 '{{ Logging }}',
 '{{ AccessConfig }}',
 '{{ EncryptionConfig }}',
 '{{ KubernetesNetworkConfig }}',
 '{{ RoleArn }}',
 '{{ Name }}',
 '{{ Version }}',
 '{{ OutpostConfig }}',
 '{{ ResourcesVpcConfig }}',
 '{{ Tags }}',
 '{{ region }}';

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: cluster
    props:
      - name: Logging
        value:
          ClusterLogging:
            EnabledTypes:
              - Type: '{{ Type }}'
      - name: AccessConfig
        value:
          AuthenticationMode: '{{ AuthenticationMode }}'
          BootstrapClusterCreatorAdminPermissions: '{{ BootstrapClusterCreatorAdminPermissions }}'
      - name: EncryptionConfig
        value:
          - Resources:
              - '{{ Resources[0] }}'
            Provider:
              KeyArn: '{{ KeyArn }}'
      - name: KubernetesNetworkConfig
        value:
          ServiceIpv4Cidr: '{{ ServiceIpv4Cidr }}'
          ServiceIpv6Cidr: '{{ ServiceIpv6Cidr }}'
          IpFamily: '{{ IpFamily }}'
      - name: RoleArn
        value: '{{ RoleArn }}'
      - name: Name
        value: '{{ Name }}'
      - name: Version
        value: '{{ Version }}'
      - name: OutpostConfig
        value:
          OutpostArns:
            - '{{ OutpostArns[0] }}'
          ControlPlanePlacement:
            GroupName: '{{ GroupName }}'
          ControlPlaneInstanceType: '{{ ControlPlaneInstanceType }}'
      - name: ResourcesVpcConfig
        value:
          EndpointPublicAccess: '{{ EndpointPublicAccess }}'
          PublicAccessCidrs:
            - '{{ PublicAccessCidrs[0] }}'
          EndpointPrivateAccess: '{{ EndpointPrivateAccess }}'
          SecurityGroupIds:
            - '{{ SecurityGroupIds[0] }}'
          SubnetIds:
            - '{{ SubnetIds[0] }}'
      - name: Tags
        value:
          - Key: '{{ Key }}'
            Value: '{{ Value }}'

`DELETE` example

/*+ delete */
DELETE FROM aws.eks.clusters
WHERE data__Identifier = '<Name>'
AND region = 'us-east-1';

Permissions

To operate on the clusters resource, the following permissions are required:

Read

eks:DescribeCluster

Create

eks:CreateCluster,
eks:DescribeCluster,
eks:TagResource,
iam:PassRole,
iam:GetRole,
iam:ListAttachedRolePolicies,
iam:CreateServiceLinkedRole,
iam:CreateInstanceProfile,
iam:TagInstanceProfile,
iam:AddRoleToInstanceProfile,
iam:GetInstanceProfile,
iam:DeleteInstanceProfile,
iam:RemoveRoleFromInstanceProfile,
ec2:DescribeSubnets,
ec2:DescribeVpcs,
kms:DescribeKey,
kms:CreateGrant

Update

iam:PassRole,
eks:UpdateClusterConfig,
eks:UpdateClusterVersion,
eks:DescribeCluster,
eks:DescribeUpdate,
eks:TagResource,
eks:UntagResource

List

eks:ListClusters

Delete

eks:DeleteCluster,
eks:DescribeCluster

Overview​

Fields​

Methods​

SELECT examples​

INSERT example​

DELETE example​

Permissions​

Read​

Create​

Update​

List​

Delete​