This page documents the language specification for the aws package. If you're looking for help working with the inputs, outputs, or functions of aws resources in a Pulumi program, please see the resource documentation for examples and API reference.

eks¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-aws repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-aws repo.

class pulumi_aws.eks.AwaitableGetClusterAuthResult(id=None, name=None, token=None)¶

class pulumi_aws.eks.AwaitableGetClusterResult(arn=None, certificate_authority=None, created_at=None, enabled_cluster_log_types=None, endpoint=None, id=None, identities=None, name=None, platform_version=None, role_arn=None, status=None, tags=None, version=None, vpc_config=None)¶

class pulumi_aws.eks.Cluster(resource_name, opts=None, enabled_cluster_log_types=None, encryption_config=None, name=None, role_arn=None, tags=None, version=None, vpc_config=None, __props__=None, __name__=None, __opts__=None)¶

Manages an EKS Cluster.

import pulumi
import pulumi_aws as aws

example = aws.iam.Role("example", assume_role_policy="""{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

""")
example__amazon_eks_cluster_policy = aws.iam.RolePolicyAttachment("example-AmazonEKSClusterPolicy",
    policy_arn="arn:aws:iam::aws:policy/AmazonEKSClusterPolicy",
    role=example.name)
example__amazon_eks_service_policy = aws.iam.RolePolicyAttachment("example-AmazonEKSServicePolicy",
    policy_arn="arn:aws:iam::aws:policy/AmazonEKSServicePolicy",
    role=example.name)

import pulumi
import pulumi_aws as aws

config = pulumi.Config()
cluster_name = config.get("clusterName")
if cluster_name is None:
    cluster_name = "example"
example_cluster = aws.eks.Cluster("exampleCluster", enabled_cluster_log_types=[
    "api",
    "audit",
])
example_log_group = aws.cloudwatch.LogGroup("exampleLogGroup", retention_in_days=7)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
enabled_cluster_log_types (pulumi.Input[list]) – A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
encryption_config (pulumi.Input[dict]) – Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
name (pulumi.Input[str]) – Name of the cluster.
role_arn (pulumi.Input[str]) – The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding ``dependsOn` <https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson>`_ if using the iam.RolePolicy resource) or iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
tags (pulumi.Input[dict]) – Key-value map of resource tags.
version (pulumi.Input[str]) – Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
vpc_config (pulumi.Input[dict]) – Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.

The encryption_config object supports the following:

provider (pulumi.Input[dict]) - Configuration block with provider for encryption. Detailed below.
- key_arn (pulumi.Input[str]) - Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
resources (pulumi.Input[list]) - List of strings with resources to be encrypted. Valid values: secrets

The vpc_config object supports the following:

clusterSecurityGroupId (pulumi.Input[str]) - The cluster security group that was created by Amazon EKS for the cluster.
endpointPrivateAccess (pulumi.Input[bool]) - Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is false.
endpointPublicAccess (pulumi.Input[bool]) - Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is true.
publicAccessCidrs (pulumi.Input[list]) - List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.
security_group_ids (pulumi.Input[list]) - List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
subnet_ids (pulumi.Input[list]) - List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
vpc_id (pulumi.Input[str]) - The VPC associated with your cluster.

arn: pulumi.Output[str] = None¶: The Amazon Resource Name (ARN) of the cluster.

certificate_authority: pulumi.Output[dict] = None¶

Nested attribute containing certificate-authority-data for your cluster.

data (str) - The base64 encoded certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.

enabled_cluster_log_types: pulumi.Output[list] = None¶: A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging

encryption_config: pulumi.Output[dict] = None¶

Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.

provider (dict) - Configuration block with provider for encryption. Detailed below.
- key_arn (str) - Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
resources (list) - List of strings with resources to be encrypted. Valid values: secrets

endpoint: pulumi.Output[str] = None¶: The endpoint for your Kubernetes API server.

identities: pulumi.Output[list] = None¶

Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.

oidcs (list) - Nested attribute containing OpenID Connect identity provider information for the cluster.
- issuer (str) - Issuer URL for the OpenID Connect identity provider.

name: pulumi.Output[str] = None¶: Name of the cluster.

platform_version: pulumi.Output[str] = None¶: The platform version for the cluster.

role_arn: pulumi.Output[str] = None¶: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding ``dependsOn` <https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson>`_ if using the iam.RolePolicy resource) or iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.

status: pulumi.Output[str] = None¶: The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.

tags: pulumi.Output[dict] = None¶: Key-value map of resource tags.

version: pulumi.Output[str] = None¶: Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.

vpc_config: pulumi.Output[dict] = None¶

Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.

clusterSecurityGroupId (str) - The cluster security group that was created by Amazon EKS for the cluster.
endpointPrivateAccess (bool) - Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is false.
endpointPublicAccess (bool) - Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is true.
publicAccessCidrs (list) - List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.
security_group_ids (list) - List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
subnet_ids (list) - List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
vpc_id (str) - The VPC associated with your cluster.

static get(resource_name, id, opts=None, arn=None, certificate_authority=None, created_at=None, enabled_cluster_log_types=None, encryption_config=None, endpoint=None, identities=None, name=None, platform_version=None, role_arn=None, status=None, tags=None, version=None, vpc_config=None)¶

Get an existing Cluster resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
arn (pulumi.Input[str]) – The Amazon Resource Name (ARN) of the cluster.
certificate_authority (pulumi.Input[dict]) – Nested attribute containing certificate-authority-data for your cluster.
enabled_cluster_log_types (pulumi.Input[list]) –
A list of the desired control plane logging to enable. For more information, see Amazon EKS Control Plane Logging
encryption_config (pulumi.Input[dict]) – Configuration block with encryption configuration for the cluster. Only available on Kubernetes 1.13 and above clusters created after March 6, 2020. Detailed below.
endpoint (pulumi.Input[str]) – The endpoint for your Kubernetes API server.
identities (pulumi.Input[list]) – Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019.
name (pulumi.Input[str]) – Name of the cluster.
platform_version (pulumi.Input[str]) – The platform version for the cluster.
role_arn (pulumi.Input[str]) – The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf. Ensure the resource configuration includes explicit dependencies on the IAM Role permissions by adding ``dependsOn` <https://www.pulumi.com/docs/intro/concepts/programming-model/#dependson>`_ if using the iam.RolePolicy resource) or iam.RolePolicyAttachment resource, otherwise EKS cannot delete EKS managed EC2 infrastructure such as Security Groups on EKS Cluster deletion.
status (pulumi.Input[str]) – The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.
tags (pulumi.Input[dict]) – Key-value map of resource tags.
version (pulumi.Input[str]) – Desired Kubernetes master version. If you do not specify a value, the latest available version at resource creation is used and no upgrades will occur except those automatically triggered by EKS. The value must be configured and increased to upgrade the version when desired. Downgrades are not supported by EKS.
vpc_config (pulumi.Input[dict]) –
Nested argument for the VPC associated with your cluster. Amazon EKS VPC resources have specific requirements to work properly with Kubernetes. For more information, see Cluster VPC Considerations and Cluster Security Group Considerations in the Amazon EKS User Guide. Configuration detailed below.

The certificate_authority object supports the following:

data (pulumi.Input[str]) - The base64 encoded certificate data required to communicate with your cluster. Add this to the certificate-authority-data section of the kubeconfig file for your cluster.

The encryption_config object supports the following:

provider (pulumi.Input[dict]) - Configuration block with provider for encryption. Detailed below.
- key_arn (pulumi.Input[str]) - Amazon Resource Name (ARN) of the Key Management Service (KMS) customer master key (CMK). The CMK must be symmetric, created in the same region as the cluster, and if the CMK was created in a different account, the user must have access to the CMK. For more information, see Allowing Users in Other Accounts to Use a CMK in the AWS Key Management Service Developer Guide.
resources (pulumi.Input[list]) - List of strings with resources to be encrypted. Valid values: secrets

The identities object supports the following:

oidcs (pulumi.Input[list]) - Nested attribute containing OpenID Connect identity provider information for the cluster.
- issuer (pulumi.Input[str]) - Issuer URL for the OpenID Connect identity provider.

The vpc_config object supports the following:

clusterSecurityGroupId (pulumi.Input[str]) - The cluster security group that was created by Amazon EKS for the cluster.
endpointPrivateAccess (pulumi.Input[bool]) - Indicates whether or not the Amazon EKS private API server endpoint is enabled. Default is false.
endpointPublicAccess (pulumi.Input[bool]) - Indicates whether or not the Amazon EKS public API server endpoint is enabled. Default is true.
publicAccessCidrs (pulumi.Input[list]) - List of CIDR blocks. Indicates which CIDR blocks can access the Amazon EKS public API server endpoint when enabled. EKS defaults this to a list with 0.0.0.0/0. This provider will only perform drift detection of its value when present in a configuration.
security_group_ids (pulumi.Input[list]) - List of security group IDs for the cross-account elastic network interfaces that Amazon EKS creates to use to allow communication between your worker nodes and the Kubernetes control plane.
subnet_ids (pulumi.Input[list]) - List of subnet IDs. Must be in at least two different availability zones. Amazon EKS creates cross-account elastic network interfaces in these subnets to allow communication between your worker nodes and the Kubernetes control plane.
vpc_id (pulumi.Input[str]) - The VPC associated with your cluster.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.eks.FargateProfile(resource_name, opts=None, cluster_name=None, fargate_profile_name=None, pod_execution_role_arn=None, selectors=None, subnet_ids=None, tags=None, __props__=None, __name__=None, __opts__=None)¶

Manages an EKS Fargate Profile.

import pulumi
import pulumi_aws as aws

example = aws.eks.FargateProfile("example",
    cluster_name=aws_eks_cluster["example"]["name"],
    pod_execution_role_arn=aws_iam_role["example"]["arn"],
    subnet_ids=[__item["id"] for __item in aws_subnet["example"]],
    selector=[{
        "namespace": "example",
    }])

import pulumi
import json
import pulumi_aws as aws

example = aws.iam.Role("example", assume_role_policy=json.dumps({
    "Statement": [{
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Principal": {
            "Service": "eks-fargate-pods.amazonaws.com",
        },
    }],
    "Version": "2012-10-17",
}))
example__amazon_eks_fargate_pod_execution_role_policy = aws.iam.RolePolicyAttachment("example-AmazonEKSFargatePodExecutionRolePolicy",
    policy_arn="arn:aws:iam::aws:policy/AmazonEKSFargatePodExecutionRolePolicy",
    role=example.name)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
cluster_name (pulumi.Input[str]) – Name of the EKS Cluster.
fargate_profile_name (pulumi.Input[str]) – Name of the EKS Fargate Profile.
pod_execution_role_arn (pulumi.Input[str]) – Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Fargate Profile.
selectors (pulumi.Input[list]) – Configuration block(s) for selecting Kubernetes Pods to execute with this EKS Fargate Profile. Detailed below.
subnet_ids (pulumi.Input[list]) – Identifiers of private EC2 Subnets to associate with the EKS Fargate Profile. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).
tags (pulumi.Input[dict]) – Key-value map of resource tags.

The selectors object supports the following:

labels (pulumi.Input[dict]) - Key-value map of Kubernetes labels for selection.
namespace (pulumi.Input[str]) - Kubernetes namespace for selection.

arn: pulumi.Output[str] = None¶: Amazon Resource Name (ARN) of the EKS Fargate Profile.

cluster_name: pulumi.Output[str] = None¶: Name of the EKS Cluster.

fargate_profile_name: pulumi.Output[str] = None¶: Name of the EKS Fargate Profile.

pod_execution_role_arn: pulumi.Output[str] = None¶: Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Fargate Profile.

selectors: pulumi.Output[list] = None¶

Configuration block(s) for selecting Kubernetes Pods to execute with this EKS Fargate Profile. Detailed below.

labels (dict) - Key-value map of Kubernetes labels for selection.
namespace (str) - Kubernetes namespace for selection.

status: pulumi.Output[str] = None¶: Status of the EKS Fargate Profile.

subnet_ids: pulumi.Output[list] = None¶: Identifiers of private EC2 Subnets to associate with the EKS Fargate Profile. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).

tags: pulumi.Output[dict] = None¶: Key-value map of resource tags.

static get(resource_name, id, opts=None, arn=None, cluster_name=None, fargate_profile_name=None, pod_execution_role_arn=None, selectors=None, status=None, subnet_ids=None, tags=None)¶

Get an existing FargateProfile resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
arn (pulumi.Input[str]) – Amazon Resource Name (ARN) of the EKS Fargate Profile.
cluster_name (pulumi.Input[str]) – Name of the EKS Cluster.
fargate_profile_name (pulumi.Input[str]) – Name of the EKS Fargate Profile.
pod_execution_role_arn (pulumi.Input[str]) – Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Fargate Profile.
selectors (pulumi.Input[list]) – Configuration block(s) for selecting Kubernetes Pods to execute with this EKS Fargate Profile. Detailed below.
status (pulumi.Input[str]) – Status of the EKS Fargate Profile.
subnet_ids (pulumi.Input[list]) – Identifiers of private EC2 Subnets to associate with the EKS Fargate Profile. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).
tags (pulumi.Input[dict]) – Key-value map of resource tags.

The selectors object supports the following:

labels (pulumi.Input[dict]) - Key-value map of Kubernetes labels for selection.
namespace (pulumi.Input[str]) - Kubernetes namespace for selection.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_aws.eks.GetClusterAuthResult(id=None, name=None, token=None)¶

A collection of values returned by getClusterAuth.

id = None¶: The provider-assigned unique ID for this managed resource.

token = None¶: The token to use to authenticate with the cluster.

class pulumi_aws.eks.GetClusterResult(arn=None, certificate_authority=None, created_at=None, enabled_cluster_log_types=None, endpoint=None, id=None, identities=None, name=None, platform_version=None, role_arn=None, status=None, tags=None, version=None, vpc_config=None)¶

A collection of values returned by getCluster.

arn = None¶: The Amazon Resource Name (ARN) of the cluster.

certificate_authority = None¶: Nested attribute containing certificate-authority-data for your cluster.

created_at = None¶: The Unix epoch time stamp in seconds for when the cluster was created.

enabled_cluster_log_types = None¶: The enabled control plane logs.

endpoint = None¶: The endpoint for your Kubernetes API server.

id = None¶: The provider-assigned unique ID for this managed resource.

identities = None¶: Nested attribute containing identity provider information for your cluster. Only available on Kubernetes version 1.13 and 1.14 clusters created or upgraded on or after September 3, 2019. For an example using this information to enable IAM Roles for Service Accounts, see the eks.Cluster resource documentation.

platform_version = None¶: The platform version for the cluster.

role_arn = None¶: The Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.

status = None¶: The status of the EKS cluster. One of CREATING, ACTIVE, DELETING, FAILED.

tags = None¶: Key-value map of resource tags.

version = None¶: The Kubernetes server version for the cluster.

vpc_config = None¶: Nested list containing VPC configuration for the cluster.

class pulumi_aws.eks.NodeGroup(resource_name, opts=None, ami_type=None, cluster_name=None, disk_size=None, force_update_version=None, instance_types=None, labels=None, node_group_name=None, node_role_arn=None, release_version=None, remote_access=None, scaling_config=None, subnet_ids=None, tags=None, version=None, __props__=None, __name__=None, __opts__=None)¶

Manages an EKS Node Group, which can provision and optionally update an Auto Scaling Group of Kubernetes worker nodes compatible with EKS. Additional documentation about this functionality can be found in the EKS User Guide.

import pulumi
import pulumi_aws as aws

example = aws.eks.NodeGroup("example",
    cluster_name=aws_eks_cluster["example"]["name"],
    node_role_arn=aws_iam_role["example"]["arn"],
    subnet_ids=[__item["id"] for __item in aws_subnet["example"]],
    scaling_config={
        "desiredSize": 1,
        "max_size": 1,
        "min_size": 1,
    })

import pulumi
import pulumi_aws as aws

# ... other configurations ...
example = aws.eks.NodeGroup("example", scaling_config={
    "desiredSize": 2,
})

import pulumi
import json
import pulumi_aws as aws

example = aws.iam.Role("example", assume_role_policy=json.dumps({
    "Statement": [{
        "Action": "sts:AssumeRole",
        "Effect": "Allow",
        "Principal": {
            "Service": "ec2.amazonaws.com",
        },
    }],
    "Version": "2012-10-17",
}))
example__amazon_eks_worker_node_policy = aws.iam.RolePolicyAttachment("example-AmazonEKSWorkerNodePolicy",
    policy_arn="arn:aws:iam::aws:policy/AmazonEKSWorkerNodePolicy",
    role=example.name)
example__amazon_ekscni_policy = aws.iam.RolePolicyAttachment("example-AmazonEKSCNIPolicy",
    policy_arn="arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy",
    role=example.name)
example__amazon_ec2_container_registry_read_only = aws.iam.RolePolicyAttachment("example-AmazonEC2ContainerRegistryReadOnly",
    policy_arn="arn:aws:iam::aws:policy/AmazonEC2ContainerRegistryReadOnly",
    role=example.name)

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
ami_type (pulumi.Input[str]) – Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to AL2_x86_64. Valid values: AL2_x86_64, AL2_x86_64_GPU. This provider will only perform drift detection if a configuration value is provided.
cluster_name (pulumi.Input[str]) – Name of the EKS Cluster.
disk_size (pulumi.Input[float]) – Disk size in GiB for worker nodes. Defaults to 20. This provider will only perform drift detection if a configuration value is provided.
force_update_version (pulumi.Input[bool]) – Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
instance_types (pulumi.Input[str]) – Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set.
labels (pulumi.Input[dict]) – Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
node_group_name (pulumi.Input[str]) – Name of the EKS Node Group.
node_role_arn (pulumi.Input[str]) – Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.
release_version (pulumi.Input[str]) – AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
remote_access (pulumi.Input[dict]) – Configuration block with remote access settings. Detailed below.
scaling_config (pulumi.Input[dict]) – Configuration block with scaling settings. Detailed below.
subnet_ids (pulumi.Input[list]) – Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).
tags (pulumi.Input[dict]) – Key-value mapping of resource tags.
version (pulumi.Input[str]) – Kubernetes version. Defaults to EKS Cluster Kubernetes version. This provider will only perform drift detection if a configuration value is provided.

The remote_access object supports the following:

ec2SshKey (pulumi.Input[str]) - EC2 Key Pair name that provides access for SSH communication with the worker nodes in the EKS Node Group. If you specify this configuration, but do not specify source_security_group_ids when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).
sourceSecurityGroupIds (pulumi.Input[list]) - Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. If you specify ec2_ssh_key, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).

The scaling_config object supports the following:

desiredSize (pulumi.Input[float]) - Desired number of worker nodes.
max_size (pulumi.Input[float]) - Maximum number of worker nodes.
min_size (pulumi.Input[float]) - Minimum number of worker nodes.

ami_type: pulumi.Output[str] = None¶: Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to AL2_x86_64. Valid values: AL2_x86_64, AL2_x86_64_GPU. This provider will only perform drift detection if a configuration value is provided.

arn: pulumi.Output[str] = None¶: Amazon Resource Name (ARN) of the EKS Node Group.

cluster_name: pulumi.Output[str] = None¶: Name of the EKS Cluster.

disk_size: pulumi.Output[float] = None¶: Disk size in GiB for worker nodes. Defaults to 20. This provider will only perform drift detection if a configuration value is provided.

force_update_version: pulumi.Output[bool] = None¶: Force version update if existing pods are unable to be drained due to a pod disruption budget issue.

instance_types: pulumi.Output[str] = None¶: Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set.

labels: pulumi.Output[dict] = None¶: Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.

node_group_name: pulumi.Output[str] = None¶: Name of the EKS Node Group.

node_role_arn: pulumi.Output[str] = None¶: Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.

release_version: pulumi.Output[str] = None¶: AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.

remote_access: pulumi.Output[dict] = None¶

Configuration block with remote access settings. Detailed below.

ec2SshKey (str) - EC2 Key Pair name that provides access for SSH communication with the worker nodes in the EKS Node Group. If you specify this configuration, but do not specify source_security_group_ids when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).
sourceSecurityGroupIds (list) - Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. If you specify ec2_ssh_key, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).

resources: pulumi.Output[list] = None¶

List of objects containing information about underlying resources.

autoscaling_groups (list) - List of objects containing information about AutoScaling Groups.
- name (str) - Name of the AutoScaling Group.
remoteAccessSecurityGroupId (str) - Identifier of the remote access EC2 Security Group.

scaling_config: pulumi.Output[dict] = None¶

Configuration block with scaling settings. Detailed below.

desiredSize (float) - Desired number of worker nodes.
max_size (float) - Maximum number of worker nodes.
min_size (float) - Minimum number of worker nodes.

status: pulumi.Output[str] = None¶: Status of the EKS Node Group.

subnet_ids: pulumi.Output[list] = None¶: Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).

tags: pulumi.Output[dict] = None¶: Key-value mapping of resource tags.

version: pulumi.Output[str] = None¶: Kubernetes version. Defaults to EKS Cluster Kubernetes version. This provider will only perform drift detection if a configuration value is provided.

static get(resource_name, id, opts=None, ami_type=None, arn=None, cluster_name=None, disk_size=None, force_update_version=None, instance_types=None, labels=None, node_group_name=None, node_role_arn=None, release_version=None, remote_access=None, resources=None, scaling_config=None, status=None, subnet_ids=None, tags=None, version=None)¶

Get an existing NodeGroup resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
ami_type (pulumi.Input[str]) – Type of Amazon Machine Image (AMI) associated with the EKS Node Group. Defaults to AL2_x86_64. Valid values: AL2_x86_64, AL2_x86_64_GPU. This provider will only perform drift detection if a configuration value is provided.
arn (pulumi.Input[str]) – Amazon Resource Name (ARN) of the EKS Node Group.
cluster_name (pulumi.Input[str]) – Name of the EKS Cluster.
disk_size (pulumi.Input[float]) – Disk size in GiB for worker nodes. Defaults to 20. This provider will only perform drift detection if a configuration value is provided.
force_update_version (pulumi.Input[bool]) – Force version update if existing pods are unable to be drained due to a pod disruption budget issue.
instance_types (pulumi.Input[str]) – Set of instance types associated with the EKS Node Group. Defaults to ["t3.medium"]. This provider will only perform drift detection if a configuration value is provided. Currently, the EKS API only accepts a single value in the set.
labels (pulumi.Input[dict]) – Key-value map of Kubernetes labels. Only labels that are applied with the EKS API are managed by this argument. Other Kubernetes labels applied to the EKS Node Group will not be managed.
node_group_name (pulumi.Input[str]) – Name of the EKS Node Group.
node_role_arn (pulumi.Input[str]) – Amazon Resource Name (ARN) of the IAM Role that provides permissions for the EKS Node Group.
release_version (pulumi.Input[str]) – AMI version of the EKS Node Group. Defaults to latest version for Kubernetes version.
remote_access (pulumi.Input[dict]) – Configuration block with remote access settings. Detailed below.
resources (pulumi.Input[list]) – List of objects containing information about underlying resources.
scaling_config (pulumi.Input[dict]) – Configuration block with scaling settings. Detailed below.
status (pulumi.Input[str]) – Status of the EKS Node Group.
subnet_ids (pulumi.Input[list]) – Identifiers of EC2 Subnets to associate with the EKS Node Group. These subnets must have the following resource tag: kubernetes.io/cluster/CLUSTER_NAME (where CLUSTER_NAME is replaced with the name of the EKS Cluster).
tags (pulumi.Input[dict]) – Key-value mapping of resource tags.
version (pulumi.Input[str]) – Kubernetes version. Defaults to EKS Cluster Kubernetes version. This provider will only perform drift detection if a configuration value is provided.

The remote_access object supports the following:

ec2SshKey (pulumi.Input[str]) - EC2 Key Pair name that provides access for SSH communication with the worker nodes in the EKS Node Group. If you specify this configuration, but do not specify source_security_group_ids when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).
sourceSecurityGroupIds (pulumi.Input[list]) - Set of EC2 Security Group IDs to allow SSH access (port 22) from on the worker nodes. If you specify ec2_ssh_key, but do not specify this configuration when you create an EKS Node Group, port 22 on the worker nodes is opened to the Internet (0.0.0.0/0).

The resources object supports the following:

autoscaling_groups (pulumi.Input[list]) - List of objects containing information about AutoScaling Groups.
- name (pulumi.Input[str]) - Name of the AutoScaling Group.
remoteAccessSecurityGroupId (pulumi.Input[str]) - Identifier of the remote access EC2 Security Group.

The scaling_config object supports the following:

desiredSize (pulumi.Input[float]) - Desired number of worker nodes.
max_size (pulumi.Input[float]) - Maximum number of worker nodes.
min_size (pulumi.Input[float]) - Minimum number of worker nodes.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

pulumi_aws.eks.get_cluster(name=None, tags=None, opts=None)¶

Retrieve information about an EKS Cluster.

Parameters

name (str) – The name of the cluster
tags (dict) – Key-value map of resource tags.

pulumi_aws.eks.get_cluster_auth(name=None, opts=None)¶

Get an authentication token to communicate with an EKS cluster.

Uses IAM credentials from the AWS provider to generate a temporary token that is compatible with AWS IAM Authenticator authentication. This can be used to authenticate to an EKS cluster or to a cluster that has the AWS IAM Authenticator server configured.

Parameters: name (str) – The name of the cluster

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

eks¶

On This Page