Skip to main content

clusters

Creates, updates, deletes or gets a cluster resource or lists clusters in a region

Overview

Nameclusters
TypeResource
DescriptionAn object representing an Amazon EKS cluster.
Idawscc.eks.clusters

Fields

NameDatatypeDescription
encryption_configarray
kubernetes_network_configobjectThe Kubernetes network configuration for the cluster.
loggingobjectEnable exporting the Kubernetes control plane logs for your cluster to CloudWatch Logs based on log types. By default, cluster control plane logs aren't exported to CloudWatch Logs.
namestringThe unique name to give to your cluster.
idstringThe unique ID given to your cluster.
resources_vpc_configobjectAn object representing the VPC configuration to use for an Amazon EKS cluster.
outpost_configobjectAn object representing the Outpost configuration to use for AWS EKS outpost cluster.
access_configobjectAn object representing the Access Config to use for the cluster.
upgrade_policyobjectAn object representing the Upgrade Policy to use for the cluster.
remote_network_configobjectConfiguration fields for specifying on-premises node and pod CIDRs that are external to the VPC passed during cluster creation.
compute_configobjectTodo: add description
storage_configobjectTodo: add description
role_arnstringThe Amazon Resource Name (ARN) of the IAM role that provides permissions for the Kubernetes control plane to make calls to AWS API operations on your behalf.
versionstringThe desired Kubernetes version for your cluster. If you don't specify a value here, the latest version available in Amazon EKS is used.
forcebooleanForce cluster version update
tagsarrayAn array of key-value pairs to apply to this resource.
arnstringThe ARN of the cluster, such as arn:aws:eks:us-west-2:666666666666:cluster/prod.
endpointstringThe endpoint for your Kubernetes API server, such as https://5E1D0CEXAMPLEA591B746AFC5AB30262.yl4.us-west-2.eks.amazonaws.com.
certificate_authority_datastringThe certificate-authority-data for your cluster.
cluster_security_group_idstringThe cluster security group that was created by Amazon EKS for the cluster. Managed node groups use this security group for control plane to data plane communication.
encryption_config_key_arnstringAmazon Resource Name (ARN) or alias of the customer master key (CMK).
open_id_connect_issuer_urlstringThe issuer URL for the cluster's OIDC identity provider, such as https://oidc.eks.us-west-2.amazonaws.com/id/EXAMPLED539D4633E53DE1B716D3041E. If you need to remove https:// from this output value, you can include the following code in your template.
bootstrap_self_managed_addonsbooleanSet this value to false to avoid creating the default networking add-ons when the cluster is created.
deletion_protectionbooleanSet this value to true to enable deletion protection for the cluster.
zonal_shift_configobjectThe current zonal shift configuration to use for the cluster.
regionstringAWS region.

For more information, see AWS::EKS::Cluster.

Methods

NameResourceAccessible byRequired Params
create_resourceclustersINSERTRoleArn, ResourcesVpcConfig, region
delete_resourceclustersDELETEIdentifier, region
update_resourceclustersUPDATEIdentifier, PatchDocument, region
list_resourcesclusters_list_onlySELECTregion
get_resourceclustersSELECTIdentifier, region

SELECT examples

Gets all properties from an individual cluster.

SELECT
  region,
  encryption_config,
  kubernetes_network_config,
  logging,
  name,
  id,
  resources_vpc_config,
  outpost_config,
  access_config,
  upgrade_policy,
  remote_network_config,
  compute_config,
  storage_config,
  role_arn,
  version,
  force,
  tags,
  arn,
  endpoint,
  certificate_authority_data,
  cluster_security_group_id,
  encryption_config_key_arn,
  open_id_connect_issuer_url,
  bootstrap_self_managed_addons,
  deletion_protection,
  zonal_shift_config
FROM awscc.eks.clusters
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ name }}';

INSERT example

Use the following StackQL query and manifest file to create a new cluster resource, using stack-deploy.

/*+ create */
INSERT INTO awscc.eks.clusters (
  ResourcesVpcConfig,
  RoleArn,
  region
)
SELECT
  '{{ resources_vpc_config }}',
  '{{ role_arn }}',
  '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

UPDATE example

Use the following StackQL query and manifest file to update a cluster resource, using stack-deploy.

/*+ update */
UPDATE awscc.eks.clusters
SET PatchDocument = string('{{ {
    "Logging": logging,
    "ResourcesVpcConfig": resources_vpc_config,
    "UpgradePolicy": upgrade_policy,
    "RemoteNetworkConfig": remote_network_config,
    "ComputeConfig": compute_config,
    "StorageConfig": storage_config,
    "Version": version,
    "Force": force,
    "Tags": tags,
    "DeletionProtection": deletion_protection,
    "ZonalShiftConfig": zonal_shift_config
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ name }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

DELETE example

/*+ delete */
DELETE FROM awscc.eks.clusters
WHERE
  Identifier = '{{ name }}' AND
  region = '{{ region }}'
RETURNING
  ErrorCode,
  EventTime,
  Identifier,
  Operation,
  OperationStatus,
  RequestToken,
  ResourceModel,
  RetryAfter,
  StatusMessage,
  TypeName
;

Additional Parameters

Mutable resources in the Cloud Control provider support additional optional parameters which can be supplied with INSERT, UPDATE, or DELETE operations. These include:

ParameterDescription
ClientToken
A unique identifier to ensure the idempotency of the resource request.This allows the provider to accurately distinguish between retries and new requests.
A client token is valid for 36 hours once used.
After that, a resource request with the same client token is treated as a new request.
If you do not specify a client token, one is generated for inclusion in the request.
RoleArn
The ARN of the IAM role used to perform this resource operation.The role specified must have the permissions required for this operation.
If you do not specify a role, a temporary session is created using your AWS user credentials.
TypeVersionId
For private resource types, the type version to use in this resource operation.If you do not specify a resource version, the default version is used.

Permissions

To operate on the clusters resource, the following permissions are required:

eks:CreateCluster,
eks:DescribeCluster,
eks:TagResource,
eks:CreateAccessEntry,
iam:PassRole,
iam:GetRole,
iam:ListAttachedRolePolicies,
iam:CreateServiceLinkedRole,
iam:CreateInstanceProfile,
iam:TagInstanceProfile,
iam:AddRoleToInstanceProfile,
iam:GetInstanceProfile,
iam:DeleteInstanceProfile,
iam:RemoveRoleFromInstanceProfile,
ec2:DescribeSubnets,
ec2:DescribeVpcs,
kms:DescribeKey,
kms:CreateGrant