quickstart-amazon-eks-cluster-resource-provider

module

v0.0.0-...-8305de6 Latest Latest Go to latest Published: Mar 22, 2023 License: Apache-2.0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/aws-quickstart/quickstart-amazon-eks-cluster-resource-provider

README ¶

Retirement Notice

On 03/31/2023. Support for this Public Resource type will be retired. Please see Issue #60 for more information.

AWSQS::EKS::Cluster

An AWS CloudFormation resource provider for modelling Amazon EKS clusters. It provides some additional functionality to the native AWS::EKS::Cluster resource type:

Manage aws-auth ConfigMap from within CloudFormation.
Support for EndpointPublicAccess, EndpointPrivateAccess and PublicAccessCidrs features.
Support for enabling control plane logging to CloudWatch logs.
Support for tagging

Prerequisites

IAM role

An IAM role is used by CloudFormation to execute the resource type handler code provided by this project. A CloudFormation template to create the execution role is available here

Activating the Resource type

To activate the resource type in your account go here, then choose the AWS Region you would like to use it in and click Activate.

Usage

Properties and return values are documented here.

Examples

Create a private EKS cluster with an additional user and role allowed to access the Kubernetes API

AWSTemplateFormatVersion: "2010-09-09"
Parameters:
  SubnetIds:
    Type: "List<AWS::EC2::Subnet::Id>"
  SecurityGroupIds:
    Type: "List<AWS::EC2::SecurityGroup::Id>"
Resources:
  # EKS Cluster
  myCluster:
    Type: "AWSQS::EKS::Cluster"
    Properties:
      RoleArn: !GetAtt serviceRole.Arn
      KubernetesNetworkConfig:
        ServiceIpv4Cidr: "192.168.0.0/16"
      ResourcesVpcConfig:
        SubnetIds: !Ref SubnetIds
        SecurityGroupIds: !Ref SecurityGroupIds
        EndpointPrivateAccess: true
        EndpointPublicAccess: false
      EnabledClusterLoggingTypes: ["audit"]
      KubernetesApiAccess:
        Users:
          - Arn: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:user/my-user"
            Username: "CliUser"
            Groups: ["system:masters"]
        Roles:
          - Arn: !Sub "arn:${AWS::Partition}:iam::${AWS::AccountId}:role/my-role"
            Username: "AdminRole"
            Groups: ["system:masters"]
      Tags:
        - Key: ClusterName
          Value: myCluster
  serviceRole:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: '2012-10-17'
        Statement:
          - Effect: Allow
            Principal: { Service: eks.amazonaws.com }
            Action: sts:AssumeRole
      Path: "/"
      ManagedPolicyArns:
        - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonEKSClusterPolicy'
        - !Sub 'arn:${AWS::Partition}:iam::aws:policy/AmazonEKSServicePolicy'

Directories ¶

Path	Synopsis
cmd Code generated by 'cfn generate', changes will be undone by the next invocation.	Code generated by 'cfn generate', changes will be undone by the next invocation.
resource Code generated by 'cfn generate', changes will be undone by the next invocation.	Code generated by 'cfn generate', changes will be undone by the next invocation.
vpc

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL