quickstart-amazon-eks-cluster-resource-provider

module
v0.0.0-...-8305de6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2023 License: Apache-2.0

README

Retirement Notice

On 03/31/2023. Support for this Public Resource type will be retired. Please see Issue #60 for more information.

AWSQS::EKS::Cluster

An AWS CloudFormation resource provider for modelling Amazon EKS clusters. It provides some additional functionality to the native AWS::EKS::Cluster resource type:

  • Manage aws-auth ConfigMap from within CloudFormation.
  • Support for EndpointPublicAccess, EndpointPrivateAccess and PublicAccessCidrs features.
  • Support for enabling control plane logging to CloudWatch logs.
  • Support for tagging

Prerequisites

IAM role

An IAM role is used by CloudFormation to execute the resource type handler code provided by this project. A CloudFormation template to create the execution role is available here

Activating the Resource type

To activate the resource type in your account go here, then choose the AWS Region you would like to use it in and click Activate.

Usage

Properties and return values are documented here.

Examples

Create a private EKS cluster with an additional user and role allowed to access the Kubernetes API
AWSTemplateFormatVersion: "2010-09-09"
Parameters:
  SubnetIds:
    Type: "List<AWS::EC2::Subnet::Id>"
  SecurityGroupIds:
    Type: "List<AWS::EC2::SecurityGroup::Id>"
Resources:
  # EKS Cluster
  myCluster:
    Type: "AWSQS::EKS::Cluster"
    Properties:
      RoleArn: !GetAtt serviceRole.Arn
      KubernetesNetworkConfig:
        ServiceIpv4Cidr: "192.168.0.0/16"
      ResourcesVpcConfig:
        SubnetIds: !Ref SubnetIds
        SecurityGroupIds: !Ref SecurityGroupIds
        EndpointPrivateAccess: true
        EndpointPublicAccess: false
      EnabledClusterLoggingTypes: ["audit"]
      KubernetesApiAccess:
        Users:
          - Arn: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:user/my-user"
            Username: "CliUser"
            Groups: ["system:masters"]
        Roles:
          - Arn: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/my-role"
            Username: "AdminRole"
            Groups: ["system:masters"]
      Tags:
        - Key: ClusterName
          Value: myCluster
  serviceRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal: { Service: eks.amazonaws.com }
            Action: sts:AssumeRole
      Path: "/"
      ManagedPolicyArns:
        - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonEKSClusterPolicy'
        - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonEKSServicePolicy'

Directories

Path Synopsis
cmd
Code generated by 'cfn generate', changes will be undone by the next invocation.
 Code generated by 'cfn generate', changes will be undone by the next invocation.
resource
Code generated by 'cfn generate', changes will be undone by the next invocation.
 Code generated by 'cfn generate', changes will be undone by the next invocation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.