AWSTemplateFormatVersion: 2010-09-09 Description: Deploys an EKS cluster in a new VPC (qs-1p7nknoht). Metadata: AutoInstance: NodeInstanceType: InstanceFilters: - [[PV], '!=', SupportedVirtualizationTypes] QuickStartDocumentation: EntrypointName: Launch into a new VPC Order: Index a cfn-lint: { config: { ignore_checks: [E9101] } } LintSpellExclude: - Snyk - New Relic - Rafay - MuleSoft - Anypoint SentenceCaseExclude: - Memory AWS::CloudFormation::Interface: ParameterGroups: - Label: default: Basic configuration Parameters: - AvailabilityZones - RemoteAccessCIDR - KeyPairName - ConfigSetName - PerAccountSharedResources - PerRegionSharedResources - Label: default: VPC network configuration Parameters: - NumberOfAZs - VPCCIDR - PrivateSubnet1CIDR - PrivateSubnet2CIDR - PrivateSubnet3CIDR - PublicSubnet1CIDR - PublicSubnet2CIDR - PublicSubnet3CIDR - Label: default: Bastion host configuration Parameters: - ProvisionBastionHost - OnDemandBastionPercentage - Label: default: Amazon EKS configuration Parameters: - EKSClusterName - KubernetesVersion - EKSPublicAccessEndpoint - AdditionalEKSAdminUserArn - AdditionalEKSAdminRoleArn - FargateNamespaces - FargateLabels - Label: default: Default EKS node group configuration Parameters: - NodeInstanceType - NumberOfNodes - MaxNumberOfNodes - NodeGroupOS - NodeGroupType - OnDemandPercentage - NodeInstanceFamily - Label: default: Snyk monitor (AWS Partner security) Parameters: - SnykIntegration - SnykIntegrationId - Label: default: New Relic infrastructure (AWS Partner monitoring) Parameters: - NewRelicIntegration - NewRelicLicenseKey - Label: default: Calico policy (APN security partner) Parameters: - CalicoIntegration - Label: default: Rafay Systems (APN software & internet partner) Parameters: - RafaySysIntegration - RafaySysProject - RafaySysBootstrapBucket - RafaySysBootstrapKey - RafaySysApiKey - RafaySysApiSecret - RafaySysFirstName - RafaySysLastName - RafaySysOrganizationName - RafaySysEmail - Label: default: MuleSoft Anypoint Runtime Fabric (AWS Partner integration) Parameters: - MuleSoftRtfIntegration - RTFFabricName - OrgID - UserName - Password - MuleLicenseKeyinbase64 - Label: default: Kubernetes add-ins Parameters: - LoadBalancerController - CertManager - ClusterAutoScaler - MetricsServer - EfsStorageClass - PrometheusIntegration - GrafanaIntegration - Label: default: AWS Quick Start configuration Parameters: - QSS3BucketName - QSS3KeyPrefix - QSS3BucketRegion - TestSuite ParameterLabels: AvailabilityZones: default: Availability Zones KeyPairName: default: SSH key name PrivateSubnet1CIDR: default: Private subnet 1 CIDR PrivateSubnet2CIDR: default: Private subnet 2 CIDR PrivateSubnet3CIDR: default: Private subnet 3 CIDR PublicSubnet1CIDR: default: Public subnet 1 CIDR PublicSubnet2CIDR: default: Public subnet 2 CIDR PublicSubnet3CIDR: default: Public subnet 3 CIDR QSS3BucketName: default: Quick Start S3 bucket name QSS3KeyPrefix: default: Quick Start S3 key prefix QSS3BucketRegion: default: Quick Start S3 bucket Region RemoteAccessCIDR: default: Allowed external access CIDR VPCCIDR: default: VPC CIDR NodeInstanceType: default: Instance type NumberOfNodes: default: Number of nodes MaxNumberOfNodes: default: Maximum number of nodes AdditionalEKSAdminUserArn: default: Additional EKS admin ARN (IAM user) AdditionalEKSAdminRoleArn: default: Additional EKS admin ARN (IAM role) ClusterAutoScaler: default: Cluster autoscaler MetricsServer: default: Metrics server EfsStorageClass: default: EFS storage class NumberOfAZs: default: Number of Availability Zones ProvisionBastionHost: default: Provision bastion host OnDemandBastionPercentage: default: Bastion host on-demand percentage EKSPublicAccessEndpoint: default: EKS public access endpoint LoadBalancerController: default: AWS load balancer controller CertManager: default: Certificate manager FargateNamespaces: default: Fargate namespaces FargateLabels: default: Fargate labels EKSClusterName: default: EKS cluster name KubernetesVersion: default: Kubernetes version SnykIntegrationId: default: Integration ID SnykIntegration: default: Security monitoring integration NewRelicIntegration: default: Infrastructure monitoring integration NewRelicLicenseKey: default: License key CalicoIntegration: default: Calico policy integration RafaySysIntegration: default: Rafay Systems integration RafaySysProject: default: Rafay project RafaySysFirstName: default: First name RafaySysLastName: default: Last name RafaySysOrganizationName: default: Organization name RafaySysEmail: default: Email RafaySysApiKey: default: API key RafaySysApiSecret: default: API secret RafaySysBootstrapBucket: default: Bootstrap S3 bucket RafaySysBootstrapKey: default: Bootstrap S3 key PerAccountSharedResources: default: Per-account shared resources PerRegionSharedResources: default: Per-Region shared resources ConfigSetName: default: Config set name TestSuite: default: Test suite NodeGroupType: default: Node group type OnDemandPercentage: default: EKS node on-demand percentage NodeInstanceFamily: default: Node instance family NodeGroupOS: default: Node group OS MuleSoftRtfIntegration: default: MuleSoft Anypoint Runtime Fabric integration RTFFabricName: default: Runtime Fabric Name OrgID: default: Organization ID of your Anypoint UserName: default: Anypoint platform username Password: default: Anypoint platform password MuleLicenseKeyinbase64: default: Mule license key in base64 format PrometheusIntegration: default: Prometheus integration GrafanaIntegration: default: Grafana integration Parameters: AvailabilityZones: # NOTE: Don't change the type of KeyPairName parameter back to AWS::EC2::KeyPair::KeyName. # String type is intentional as it enables default (empty) value. By using defaults, we # promote AWS Systems Manager Session Manager service, which is a recommended way # to connect to EC2 instances. Type: List Description: >- List of Availability Zones to use for the subnets in the VPC. Three Availability Zones are used for this deployment. KeyPairName: Type: String Description: >- Name of an existing key pair, which allows you to securely connect to your instance after it launches. Leave empty to proceed without a key pair. You would need to use AWS Systems Manager Session Manager to connect to the provisioned EC2 instances. Default: '' PrivateSubnet1CIDR: Type: String Description: >- CIDR block for private subnet 1, located in Availability Zone 1. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: >- CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.0.0/19 PrivateSubnet2CIDR: Type: String Description: >- CIDR block for private subnet 2, located in Availability Zone 2. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: >- CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.32.0/19 PrivateSubnet3CIDR: Type: String Description: >- CIDR block for private subnet 3, located in Availability Zone 3. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: >- CIDR block parameter must be in the form x.x.x.x/16-28 Default: 10.0.64.0/19 PublicSubnet1CIDR: Type: String Description: >- CIDR block for the public (DMZ) subnet 1, located in Availability Zone 1. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: >- CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.128.0/20 PublicSubnet2CIDR: Type: String Description: >- CIDR block for the public (DMZ) subnet 2, located in Availability Zone 2. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: >- CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.144.0/20 PublicSubnet3CIDR: Type: String Description: >- CIDR block for the public (DMZ) subnet 3, located in Availability Zone 3. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: >- CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.160.0/20 QSS3BucketName: Type: String Description: >- S3 bucket name for the Quick Start assets. This string can include numbers, lowercase letters, and hyphens (-). It cannot start or end with a hyphen (-). AllowedPattern: ^[0-9a-z]+([0-9a-z-]*[0-9a-z])*$ ConstraintDescription: >- Quick Start bucket name can include numbers, lowercase letters, and hyphens (-). It cannot start or end with a hyphen (-). Default: aws-quickstart QSS3KeyPrefix: Type: String Description: >- S3 key prefix for the Quick Start assets. Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), periods (.) and forward slash (/). AllowedPattern: ^[0-9a-zA-Z-/.]*$ ConstraintDescription: >- Quick Start key prefix can include numbers, lowercase letters, uppercase letters, hyphens (-), periods (.) and forward slash (/). Default: quickstart-amazon-eks/ QSS3BucketRegion: Type: String Description: >- Region where the Quick Start S3 bucket (QSS3BucketName) is hosted. When using your own bucket, you must specify this value. Default: us-east-1 RemoteAccessCIDR: Type: String Description: >- Trusted IPv4 CIDR block or VPC prefix list that is permitted remote access to your instances if desired in addition to AWS Systems Manager (SSM) access. AllowedPattern: ^(disabled-onlyssmaccess|pl-([0-9a-f]{8}|[0-9a-f]{17})|(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/([0-9]|[1-2][0-9]|3[0-2])))$ ConstraintDescription: >- Must be disabled-onlyssmaccess, an IPv4 CIDR block (x.x.x.x/x), or a VPC prefix list (pl-01234567). Default: disabled-onlyssmaccess EKSPublicAccessEndpoint: Type: String Description: >- Configure access to the Kubernetes API server endpoint from outside of your VPC. AllowedValues: [Enabled, Disabled] Default: Disabled VPCCIDR: Type: String Description: CIDR block for the VPC. AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-8]))$ ConstraintDescription: >- CIDR block parameter must be in the form x.x.x.x/16-28. Default: 10.0.0.0/16 AdditionalEKSAdminUserArn: Default: '' AllowedPattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:.*|^$ Description: >- (Optional) IAM user ARN to be granted administrative access to the EKS cluster. Type: String AdditionalEKSAdminRoleArn: Type: String Description: >- (Optional) IAM role ARN to be granted administrative access to the EKS cluster. AllowedPattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:.*|^$ Default: '' NodeInstanceType: Type: String Description: EC2 instance type. AllowedValues: [ a1.medium, a1.large, a1.xlarge, a1.2xlarge, a1.4xlarge, a1.metal, c1.medium, c1.xlarge, c3.large, c3.xlarge, c3.2xlarge, c3.4xlarge, c3.8xlarge, c4.large, c4.xlarge, c4.2xlarge, c4.4xlarge, c4.8xlarge, c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge, c5.12xlarge, c5.18xlarge, c5.24xlarge, c5.metal, c5a.large, c5a.xlarge, c5a.2xlarge, c5a.4xlarge, c5a.8xlarge, c5a.12xlarge, c5a.16xlarge, c5a.24xlarge, c5ad.large, c5ad.xlarge, c5ad.2xlarge, c5ad.4xlarge, c5ad.8xlarge, c5ad.12xlarge, c5ad.16xlarge, c5ad.24xlarge, c5d.large, c5d.xlarge, c5d.2xlarge, c5d.4xlarge, c5d.9xlarge, c5d.12xlarge, c5d.18xlarge, c5d.24xlarge, c5d.metal, c5n.large, c5n.xlarge, c5n.2xlarge, c5n.4xlarge, c5n.9xlarge, c5n.18xlarge, c5n.metal, c6a.large, c6a.xlarge, c6a.2xlarge, c6a.4xlarge, c6a.8xlarge, c6a.12xlarge, c6a.16xlarge, c6a.24xlarge, c6a.32xlarge, c6a.48xlarge, c6a.metal, c6g.medium, c6g.large, c6g.xlarge, c6g.2xlarge, c6g.4xlarge, c6g.8xlarge, c6g.12xlarge, c6g.16xlarge, c6g.metal, c6gd.medium, c6gd.large, c6gd.xlarge, c6gd.2xlarge, c6gd.4xlarge, c6gd.8xlarge, c6gd.12xlarge, c6gd.16xlarge, c6gd.metal, c6gn.medium, c6gn.large, c6gn.xlarge, c6gn.2xlarge, c6gn.4xlarge, c6gn.8xlarge, c6gn.12xlarge, c6gn.16xlarge, c6i.large, c6i.xlarge, c6i.2xlarge, c6i.4xlarge, c6i.8xlarge, c6i.12xlarge, c6i.16xlarge, c6i.24xlarge, c6i.32xlarge, c6i.metal, c6id.large, c6id.xlarge, c6id.2xlarge, c6id.4xlarge, c6id.8xlarge, c6id.12xlarge, c6id.16xlarge, c6id.24xlarge, c6id.32xlarge, c6id.metal, c7g.medium, c7g.large, c7g.xlarge, c7g.2xlarge, c7g.4xlarge, c7g.8xlarge, c7g.12xlarge, c7g.16xlarge, cc1.4xlarge, cc2.8xlarge, cg1.4xlarge, cr1.8xlarge, d2.xlarge, d2.2xlarge, d2.4xlarge, d2.8xlarge, d3.xlarge, d3.2xlarge, d3.4xlarge, d3.8xlarge, d3en.xlarge, d3en.2xlarge, d3en.4xlarge, d3en.6xlarge, d3en.8xlarge, d3en.12xlarge, dl1.24xlarge, f1.2xlarge, f1.4xlarge, f1.16xlarge, g2.2xlarge, g2.8xlarge, g3.4xlarge, g3.8xlarge, g3.16xlarge, g3s.xlarge, g4ad.xlarge, g4ad.2xlarge, g4ad.4xlarge, g4ad.8xlarge, g4ad.16xlarge, g4dn.xlarge, g4dn.2xlarge, g4dn.4xlarge, g4dn.8xlarge, g4dn.12xlarge, g4dn.16xlarge, g4dn.metal, g5.xlarge, g5.2xlarge, g5.4xlarge, g5.8xlarge, g5.12xlarge, g5.16xlarge, g5.24xlarge, g5.48xlarge, g5g.xlarge, g5g.2xlarge, g5g.4xlarge, g5g.8xlarge, g5g.16xlarge, g5g.metal, h1.2xlarge, h1.4xlarge, h1.8xlarge, h1.16xlarge, hi1.4xlarge, hpc6a.48xlarge, hpc6id.32xlarge, hs1.8xlarge, i2.xlarge, i2.2xlarge, i2.4xlarge, i2.8xlarge, i3.large, i3.xlarge, i3.2xlarge, i3.4xlarge, i3.8xlarge, i3.16xlarge, i3.metal, i3en.large, i3en.xlarge, i3en.2xlarge, i3en.3xlarge, i3en.6xlarge, i3en.12xlarge, i3en.24xlarge, i3en.metal, i4i.large, i4i.xlarge, i4i.2xlarge, i4i.4xlarge, i4i.8xlarge, i4i.16xlarge, i4i.32xlarge, i4i.metal, im4gn.large, im4gn.xlarge, im4gn.2xlarge, im4gn.4xlarge, im4gn.8xlarge, im4gn.16xlarge, inf1.xlarge, inf1.2xlarge, inf1.6xlarge, inf1.24xlarge, is4gen.medium, is4gen.large, is4gen.xlarge, is4gen.2xlarge, is4gen.4xlarge, is4gen.8xlarge, m1.small, m1.medium, m1.large, m1.xlarge, m2.xlarge, m2.2xlarge, m2.4xlarge, m3.medium, m3.large, m3.xlarge, m3.2xlarge, m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge, m4.10xlarge, m4.16xlarge, m5.large, m5.xlarge, m5.2xlarge, m5.4xlarge, m5.8xlarge, m5.12xlarge, m5.16xlarge, m5.24xlarge, m5.metal, m5a.large, m5a.xlarge, m5a.2xlarge, m5a.4xlarge, m5a.8xlarge, m5a.12xlarge, m5a.16xlarge, m5a.24xlarge, m5ad.large, m5ad.xlarge, m5ad.2xlarge, m5ad.4xlarge, m5ad.8xlarge, m5ad.12xlarge, m5ad.16xlarge, m5ad.24xlarge, m5d.large, m5d.xlarge, m5d.2xlarge, m5d.4xlarge, m5d.8xlarge, m5d.12xlarge, m5d.16xlarge, m5d.24xlarge, m5d.metal, m5dn.large, m5dn.xlarge, m5dn.2xlarge, m5dn.4xlarge, m5dn.8xlarge, m5dn.12xlarge, m5dn.16xlarge, m5dn.24xlarge, m5dn.metal, m5n.large, m5n.xlarge, m5n.2xlarge, m5n.4xlarge, m5n.8xlarge, m5n.12xlarge, m5n.16xlarge, m5n.24xlarge, m5n.metal, m5zn.large, m5zn.xlarge, m5zn.2xlarge, m5zn.3xlarge, m5zn.6xlarge, m5zn.12xlarge, m5zn.metal, m6a.large, m6a.xlarge, m6a.2xlarge, m6a.4xlarge, m6a.8xlarge, m6a.12xlarge, m6a.16xlarge, m6a.24xlarge, m6a.32xlarge, m6a.48xlarge, m6a.metal, m6g.medium, m6g.large, m6g.xlarge, m6g.2xlarge, m6g.4xlarge, m6g.8xlarge, m6g.12xlarge, m6g.16xlarge, m6g.metal, m6gd.medium, m6gd.large, m6gd.xlarge, m6gd.2xlarge, m6gd.4xlarge, m6gd.8xlarge, m6gd.12xlarge, m6gd.16xlarge, m6gd.metal, m6i.large, m6i.xlarge, m6i.2xlarge, m6i.4xlarge, m6i.8xlarge, m6i.12xlarge, m6i.16xlarge, m6i.24xlarge, m6i.32xlarge, m6i.metal, m6id.large, m6id.xlarge, m6id.2xlarge, m6id.4xlarge, m6id.8xlarge, m6id.12xlarge, m6id.16xlarge, m6id.24xlarge, m6id.32xlarge, m6id.metal, # mac1.metal, p2.xlarge, p2.8xlarge, p2.16xlarge, p3.2xlarge, p3.8xlarge, p3.16xlarge, p3dn.24xlarge, p4d.24xlarge, p4de.24xlarge, r3.large, r3.xlarge, r3.2xlarge, r3.4xlarge, r3.8xlarge, r4.large, r4.xlarge, r4.2xlarge, r4.4xlarge, r4.8xlarge, r4.16xlarge, r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r5.8xlarge, r5.12xlarge, r5.16xlarge, r5.24xlarge, r5.metal, r5a.large, r5a.xlarge, r5a.2xlarge, r5a.4xlarge, r5a.8xlarge, r5a.12xlarge, r5a.16xlarge, r5a.24xlarge, r5ad.large, r5ad.xlarge, r5ad.2xlarge, r5ad.4xlarge, r5ad.8xlarge, r5ad.12xlarge, r5ad.16xlarge, r5ad.24xlarge, r5b.large, r5b.xlarge, r5b.2xlarge, r5b.4xlarge, r5b.8xlarge, r5b.12xlarge, r5b.16xlarge, r5b.24xlarge, r5b.metal, r5d.large, r5d.xlarge, r5d.2xlarge, r5d.4xlarge, r5d.8xlarge, r5d.12xlarge, r5d.16xlarge, r5d.24xlarge, r5d.metal, r5dn.large, r5dn.xlarge, r5dn.2xlarge, r5dn.4xlarge, r5dn.8xlarge, r5dn.12xlarge, r5dn.16xlarge, r5dn.24xlarge, r5dn.metal, r5n.large, r5n.xlarge, r5n.2xlarge, r5n.4xlarge, r5n.8xlarge, r5n.12xlarge, r5n.16xlarge, r5n.24xlarge, r5n.metal, r6a.large, r6a.xlarge, r6a.2xlarge, r6a.4xlarge, r6a.8xlarge, r6a.12xlarge, r6a.16xlarge, r6a.24xlarge, r6a.32xlarge, r6a.48xlarge, r6a.metal, r6ad.large, r6ad.xlarge, r6ad.2xlarge, r6ad.4xlarge, r6ad.8xlarge, r6ad.12xlarge, r6ad.16xlarge, r6ad.24xlarge, r6ad.32xlarge, r6ad.48xlarge, r6ad.metal, r6g.medium, r6g.large, r6g.xlarge, r6g.2xlarge, r6g.4xlarge, r6g.8xlarge, r6g.12xlarge, r6g.16xlarge, r6g.metal, r6gd.medium, r6gd.large, r6gd.xlarge, r6gd.2xlarge, r6gd.4xlarge, r6gd.8xlarge, r6gd.12xlarge, r6gd.16xlarge, r6gd.metal, r6i.large, r6i.xlarge, r6i.2xlarge, r6i.4xlarge, r6i.8xlarge, r6i.12xlarge, r6i.16xlarge, r6i.24xlarge, r6i.32xlarge, r6i.metal, r6id.large, r6id.xlarge, r6id.2xlarge, r6id.4xlarge, r6id.8xlarge, r6id.12xlarge, r6id.16xlarge, r6id.24xlarge, r6id.32xlarge, r6id.metal, t1.micro, t2.nano, t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge, t3.nano, t3.micro, t3.small, t3.medium, t3.large, t3.xlarge, t3.2xlarge, t3a.nano, t3a.micro, t3a.small, t3a.medium, t3a.large, t3a.xlarge, t3a.2xlarge, t4g.nano, t4g.micro, t4g.small, t4g.medium, t4g.large, t4g.xlarge, t4g.2xlarge, u-6tb1.56xlarge, u-6tb1.112xlarge, u-6tb1.metal, u-9tb1.112xlarge, u-9tb1.metal, u-12tb1.112xlarge, u-12tb1.metal, u-18tb1.metal, u-24tb1.metal, vt1.3xlarge, vt1.6xlarge, vt1.24xlarge, x1.16xlarge, x1.32xlarge, x1e.xlarge, x1e.2xlarge, x1e.4xlarge, x1e.8xlarge, x1e.16xlarge, x1e.32xlarge, x2gd.medium, x2gd.large, x2gd.xlarge, x2gd.2xlarge, x2gd.4xlarge, x2gd.8xlarge, x2gd.12xlarge, x2gd.16xlarge, x2gd.metal, x2idn.16xlarge, x2idn.24xlarge, x2idn.32xlarge, x2idn.metal, x2iedn.xlarge, x2iedn.2xlarge, x2iedn.4xlarge, x2iedn.8xlarge, x2iedn.16xlarge, x2iedn.24xlarge, x2iedn.32xlarge, x2iedn.metal, x2iezn.2xlarge, x2iezn.4xlarge, x2iezn.6xlarge, x2iezn.8xlarge, x2iezn.12xlarge, x2iezn.metal, z1d.large, z1d.xlarge, z1d.2xlarge, z1d.3xlarge, z1d.6xlarge, z1d.12xlarge, z1d.metal ] ConstraintDescription: Must be a valid EC2 instance type. Default: t3.medium NumberOfNodes: Type: Number Description: >- Number of Amazon EKS node instances. The default is one for each of the three Availability Zones. MinValue: 0 MaxValue: 450 Default: 3 MaxNumberOfNodes: Type: Number Description: >- Maximum number of Amazon EKS node instances. The default is three. MinValue: 0 MaxValue: 450 Default: 3 ClusterAutoScaler: Type: String Description: Choose "Enabled" to enable Kubernetes cluster autoscaler. AllowedValues: [Enabled, Disabled] Default: Disabled MetricsServer: Type: String Description: >- Choose "Enabled" to enable Kubernetes metrics server. You can use this for CPU/Memory based horizontal auto-scaling (https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) or automatically adjusting/suggesting resources needed by containers (https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler/). AllowedValues: [Enabled, Disabled] Default: Disabled EfsStorageClass: Type: String Description: Choose "Enabled" to enable EFS storage class. AllowedValues: [Enabled, Disabled] Default: Disabled GrafanaIntegration: Type: String Description: >- Grafana requires "Prometheus integration" to be enabled. For more information see https://www.grafana.com/. AllowedValues: [Enabled, Disabled] Default: Disabled PrometheusIntegration: Type: String Description: For more information see https://prometheus.io/. AllowedValues: [Enabled, Disabled] Default: Disabled NumberOfAZs: Type: String Description: >- Number of Availability Zones to use in the VPC. This must match the value entered for the AvailabilityZones parameter. AllowedValues: [2, 3] Default: 3 ProvisionBastionHost: Type: String Description: Skip creating a bastion host by choosing "Disabled". AllowedValues: [Enabled, Disabled] Default: Enabled OnDemandBastionPercentage: Type: Number Description: >- Set the percentage of on-demand instances and spot instances. With a default of 100, the percentages are 100% for on-demand instances and 0% for spot instances. MinValue: 0 MaxValue: 100 Default: 100 LoadBalancerController: Type: String Description: >- Choose "Disabled" to skip deploying the AWS load balancer controller. AllowedValues: [Enabled, Disabled] Default: Enabled CertManager: Type: String Description: >- Choose "Disabled" to skip deploying the certificate manager. AllowedValues: [Enabled, Disabled] Default: Disabled FargateNamespaces: Type: String Description: >- (Optional) Comma-separated list of namespaces for which Fargate should be enabled. Default: '' FargateLabels: Type: String Description: >- Requires at least one Fargate namespace to be specified. This is a comma-separated list of key-value pod labels. For a pod to run on Fargate, all of the labels must match, and it must run in a namespace defined by "Fargate namespaces". Default: '' EKSClusterName: Type: String Description: >- (Optional) Name for the EKS cluster. If left blank, one is auto-generated. This must be unique within the Region. Default: '' KubernetesVersion: # https://docs.aws.amazon.com/eks/latest/userguide/kubernetes-versions.html#kubernetes-release-calendar Type: String Description: >- (Optional) Kubernetes control plane version. If ConfigSetName is set, this value will be ignored and the Kubernetes version specified in the advanced configuration template (including the default) will be used. AllowedValues: [1.24, 1.23, 1.22] Default: 1.24 SnykIntegrationId: Type: String Description: >- If the SnykIntegration parameter is set to "Enabled", a value must be provided. For more information, see https://support.snyk.io/hc/en-us/articles/360003916158-Install-the-Snyk-controller-with-Helm. AllowedPattern: ^[a-z0-9-]{36}$|^$ Default: '' SnykIntegration: Type: String Description: >- For more information, see https://github.com/aws-quickstart/quickstart-eks-snyk/. AllowedValues: [Enabled, Disabled] Default: Disabled NewRelicLicenseKey: Type: String Description: >- If the NewRelicIntegration parameter is set to "Enabled", a value must be provided. For more information see https://docs.newrelic.com/docs/accounts/install-new-relic/account-setup/license-key/. NoEcho: true Default: '' NewRelicIntegration: Type: String Description: >- For more information, see https://github.com/aws-quickstart/quickstart-eks-newrelic-infrastructure/. AllowedValues: [Enabled, Disabled] Default: Disabled CalicoIntegration: Type: String Description: For more information see https://www.projectcalico.org/. AllowedValues: [Enabled, Disabled] Default: Disabled RafaySysIntegration: Type: String Description: >- For more information see https://aws-quickstart.github.io/quickstart-eks-rafay-systems/. AllowedValues: [Enabled, Disabled] Default: Disabled RafaySysProject: Type: String Description: This is the name you want to use for you Rafay deployment. Default: defaultproject RafaySysBootstrapBucket: Type: String Description: >- (Optional) S3 bucket to place the the Rafay bootstrap yaml file. If left blank the EKS Quick Start bucket will be used. Default: '' RafaySysBootstrapKey: Type: String Description: >- (Optional) S3 key to place the the Rafay bootstrap yaml file. If left blank the key will be rafay//cluster-bootstrap.yaml. Default: '' RafaySysApiKey: Type: String Description: Required if using an existing Rafay account. Default: '' RafaySysApiSecret: Type: String Description: Required if using an existing Rafay account. NoEcho: true Default: '' RafaySysFirstName: Type: String Description: Required if registering a new Rafay account. Default: '' RafaySysLastName: Type: String Description: Required if registering a new Rafay account. Default: '' RafaySysOrganizationName: Type: String Description: Required if registering a new Rafay account. Default: '' RafaySysEmail: Type: String Description: Required if registering a new Rafay account. Default: '' PerAccountSharedResources: Type: String AllowedValues: [AutoDetect, 'Yes', 'No'] Default: AutoDetect Description: >- Choose "No" if you already deployed another EKS Quick Start stack in your AWS account. PerRegionSharedResources: Type: String Description: >- Choose "No" if you already deployed another EKS Quick Start stack in your Region. AllowedValues: [AutoDetect, 'Yes', 'No'] Default: AutoDetect ConfigSetName: Type: String Description: >- (Optional) Name used to map advanced parameters to an EKS cluster. If you launched an advanced configuration stack and want to apply its values to this cluster, this name must match the ConfigSetName parameter for the stack. If left blank, a new config set is created using default values. Default: '' TestSuite: Type: String Description: Deploys a test stack that tests Quick Start components. AllowedValues: [Enabled, Disabled] Default: Disabled NodeInstanceFamily: Type: String Description: >- Choose the instance family to match the value of "Node instance type". AllowedValues: [Standard, ARM, GPU] Default: Standard NodeGroupType: Type: String Description: >- Choose "Unmanaged" to create an Auto Scaling group without using the EKS-managed node groups feature. AllowedValues: [Managed, Unmanaged] Default: Managed OnDemandPercentage: Type: Number Description: >- (Optional) Only applies if the NodeGroupType parameter is set to "Unmanaged". Set the percentage of on-demand instances and spot instances. With a default of 100, the percentages are 100% for on-demand instances and 0% for spot instances. Additionally, if ConfigSetName is set, this value will be ignored. The on-demand percentage value specified in the advanced configuration template (including the default) will be used. MinValue: 0 MaxValue: 100 Default: 100 NodeGroupOS: Type: String Description: >- Operating system to use for node instances. Choose "Bottlerocket" for the Amazon purpose-built container OS (unmanaged node groups only). Note that if you choose "Windows", an additional Amazon Linux node group is created. AllowedValues: [Amazon Linux 2, Bottlerocket, Windows] Default: Amazon Linux 2 MuleSoftRtfIntegration: Type: String Description: >- For more information, see https://github.com/aws-quickstart/quickstart-eks-mulesoft-runtime-fabric/. AllowedValues: [Enabled, Disabled] Default: Disabled RTFFabricName: Type: String Description: Runtime Fabric name. Default: '' OrgID: Type: String Description: Organization ID of your Anypoint. Default: '' UserName: Type: String Description: Anypoint platform username. NoEcho: true Default: '' Password: Type: String Description: Anypoint platform password. NoEcho: true Default: '' MuleLicenseKeyinbase64: Type: String Description: MuleSoft license key in base64 format. Default: '' NoEcho: true Conditions: EnablePrometheus: !Equals [!Ref PrometheusIntegration, Enabled] EnableGrafana: !Equals [!Ref GrafanaIntegration, Enabled] 3AZDeployment: !Equals [!Ref NumberOfAZs, 3] 2AZDeployment: !Or - !Equals [!Ref NumberOfAZs, 2] - !Equals [!Ref NumberOfAZs, 3] UsingDefaultBucket: !Equals [!Ref QSS3BucketName, aws-quickstart] Resources: VPCStack: Type: AWS::CloudFormation::Stack Metadata: cfn-lint: { config: { ignore_checks: [W9901] } } Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}submodules/quickstart-aws-vpc/templates/aws-vpc.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: AvailabilityZones: !Join [ ',', !Ref AvailabilityZones ] NumberOfAZs: !Ref NumberOfAZs PrivateSubnet1ACIDR: !Ref PrivateSubnet1CIDR PrivateSubnet2ACIDR: !Ref PrivateSubnet2CIDR PrivateSubnet3ACIDR: !Ref PrivateSubnet3CIDR PrivateSubnetATag2: kubernetes.io/role/internal-elb= PublicSubnet1CIDR: !Ref PublicSubnet1CIDR PublicSubnet2CIDR: !Ref PublicSubnet2CIDR PublicSubnet3CIDR: !Ref PublicSubnet3CIDR PublicSubnetTag2: kubernetes.io/role/elb= VPCCIDR: !Ref VPCCIDR ExistingVpcStack: Type: AWS::CloudFormation::Stack Properties: TemplateURL: !Sub - https://${S3Bucket}.s3.${S3Region}.${AWS::URLSuffix}/${QSS3KeyPrefix}templates/amazon-eks-entrypoint-existing-vpc.template.yaml - S3Region: !If [UsingDefaultBucket, !Ref AWS::Region, !Ref QSS3BucketRegion] S3Bucket: !If [UsingDefaultBucket, !Sub '${QSS3BucketName}-${AWS::Region}', !Ref QSS3BucketName] Parameters: # Basic configuration RemoteAccessCIDR: !Ref RemoteAccessCIDR KeyPairName: !Ref KeyPairName ConfigSetName: !Ref ConfigSetName PerAccountSharedResources: !Ref PerAccountSharedResources PerRegionSharedResources: !Ref PerRegionSharedResources # Network configuration VPCID: !GetAtt VPCStack.Outputs.VPCID PrivateSubnet1ID: !GetAtt VPCStack.Outputs.PrivateSubnet1AID PrivateSubnet2ID: !If [2AZDeployment, !GetAtt VPCStack.Outputs.PrivateSubnet2AID, !Ref AWS::NoValue] PrivateSubnet3ID: !If [3AZDeployment, !GetAtt VPCStack.Outputs.PrivateSubnet3AID, !Ref AWS::NoValue] PublicSubnet1ID: !GetAtt VPCStack.Outputs.PublicSubnet1ID PublicSubnet2ID: !If [2AZDeployment, !GetAtt VPCStack.Outputs.PublicSubnet2ID, !Ref AWS::NoValue] PublicSubnet3ID: !If [3AZDeployment, !GetAtt VPCStack.Outputs.PublicSubnet3ID, !Ref AWS::NoValue] # Bastion host configuration ProvisionBastionHost: !Ref ProvisionBastionHost OnDemandBastionPercentage: !Ref OnDemandBastionPercentage # Amazon EKS configuration EKSClusterName: !Ref EKSClusterName KubernetesVersion: !Ref KubernetesVersion EKSPublicAccessEndpoint: !Ref EKSPublicAccessEndpoint AdditionalEKSAdminUserArn: !Ref AdditionalEKSAdminUserArn AdditionalEKSAdminRoleArn: !Ref AdditionalEKSAdminRoleArn FargateNamespaces: !Ref FargateNamespaces FargateLabels: !Ref FargateLabels # Default EKS node group configuration NodeInstanceType: !Ref NodeInstanceType NumberOfNodes: !Ref NumberOfNodes MaxNumberOfNodes: !Ref MaxNumberOfNodes NodeInstanceFamily: !Ref NodeInstanceFamily NodeGroupType: !Ref NodeGroupType OnDemandPercentage: !Ref OnDemandPercentage NodeGroupOS: !Ref NodeGroupOS # Snyk monitor (AWS Partner security) SnykIntegration: !Ref SnykIntegration SnykIntegrationId: !Ref SnykIntegrationId # New Relic infrastructure (AWS Partner monitoring) NewRelicIntegration: !Ref NewRelicIntegration NewRelicLicenseKey: !Ref NewRelicLicenseKey # Calico policy (APN security partner) CalicoIntegration: !Ref CalicoIntegration # Rafay Systems (APN software & internet partner) RafaySysIntegration: !Ref RafaySysIntegration RafaySysProject: !Ref RafaySysProject RafaySysBootstrapBucket: !Ref RafaySysBootstrapBucket RafaySysBootstrapKey: !Ref RafaySysBootstrapKey RafaySysApiKey: !Ref RafaySysApiKey RafaySysApiSecret: !Ref RafaySysApiSecret RafaySysFirstName: !Ref RafaySysFirstName RafaySysLastName: !Ref RafaySysLastName RafaySysOrganizationName: !Ref RafaySysOrganizationName RafaySysEmail: !Ref RafaySysEmail # MuleSoft Anypoint Runtime Fabric (AWS Partner integration) MuleSoftRtfIntegration: !Ref MuleSoftRtfIntegration RTFFabricName: !Ref RTFFabricName OrgID: !Ref OrgID UserName: !Ref UserName Password: !Ref Password MuleLicenseKeyinbase64: !Ref MuleLicenseKeyinbase64 # Kubernetes add-ins LoadBalancerController: !Ref LoadBalancerController CertManager: !Ref CertManager ClusterAutoScaler: !Ref ClusterAutoScaler MetricsServer: !Ref MetricsServer EfsStorageClass: !Ref EfsStorageClass PrometheusIntegration: !If [EnablePrometheus, Enabled, Disabled] GrafanaIntegration: !If [EnableGrafana, Enabled, Disabled] # AWS Quick Start configuration QSS3BucketName: !Ref QSS3BucketName QSS3KeyPrefix: !Ref QSS3KeyPrefix QSS3BucketRegion: !Ref QSS3BucketRegion TestSuite: !Ref TestSuite Outputs: EKSClusterName: Value: !GetAtt ExistingVpcStack.Outputs.EKSClusterName KubernetesVersion: Value: !Ref KubernetesVersion BastionIP: Value: !GetAtt ExistingVpcStack.Outputs.BastionIP BastionSecurityGroup: Value: !GetAtt ExistingVpcStack.Outputs.BastionSecurityGroup NodeGroupSecurityGroup: Value: !GetAtt ExistingVpcStack.Outputs.NodeGroupSecurityGroup ControlPlaneSecurityGroup: Value: !GetAtt ExistingVpcStack.Outputs.ControlPlaneSecurityGroup OIDCIssuerURL: Value: !GetAtt ExistingVpcStack.Outputs.OIDCIssuerURL OIDCProviderArn: Value: !GetAtt ExistingVpcStack.Outputs.OIDCProviderArn OIDCProviderEndpoint: Value: !GetAtt ExistingVpcStack.Outputs.OIDCProviderEndpoint Rules: AutoDetectSharedParams: RuleCondition: !Or - !Equals [!Ref PerRegionSharedResources, AutoDetect] - !Equals [!Ref PerAccountSharedResources, AutoDetect] Assertions: - Assert: !And - !Equals [!Ref PerRegionSharedResources, AutoDetect] - !Equals [!Ref PerAccountSharedResources, AutoDetect] AssertDescription: >- AutoDetect must be set/unset for both PerRegionSharedResources and PerAccountSharedResources. LablesNeedNamespaces: RuleCondition: !Not [!Equals [!Ref FargateLabels, '']] Assertions: - Assert: !Not [!Equals [!Ref FargateNamespaces, '']] AssertDescription: You must specify at least one Fargate namespace to enable Fargate. China: RuleCondition: !Or - !Equals [!Ref ClusterAutoScaler, Enabled] - !Equals [!Ref MetricsServer, Enabled] Assertions: - Assert: !Not [!Equals [!Ref AWS::Partition, aws-cn]] AssertDescription: >- The Cluster Autoscaler and Metrics Server features are not currently supported in the Greater China Region partition. WindowsUnmanaged: RuleCondition: !Equals [!Ref NodeGroupType, Managed] Assertions: - Assert: !Not [!Equals [NodeGroupOS, Windows]] AssertDescription: Managed nodegroups do not support Windows nodes. WindowsInstance: # https://docs.aws.amazon.com/eks/latest/userguide/windows-support.html RuleCondition: !Equals [NodeGroupOS, Windows] Assertions: - Assert: !Contains - [ c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge, c5.12xlarge, c5.18xlarge, c5.24xlarge, c5.metal, c5a.large, c5a.xlarge, c5a.2xlarge, c5a.4xlarge, c5a.8xlarge, c5a.12xlarge, c5a.16xlarge, c5a.24xlarge, c5ad.large, c5ad.xlarge, c5ad.2xlarge, c5ad.4xlarge, c5ad.8xlarge, c5ad.12xlarge, c5ad.16xlarge, c5ad.24xlarge, c5d.large, c5d.xlarge, c5d.2xlarge, c5d.4xlarge, c5d.9xlarge, c5d.12xlarge, c5d.18xlarge, c5d.24xlarge, c5d.metal c5n.large, c5n.xlarge, c5n.2xlarge, c5n.4xlarge, c5n.9xlarge, c5n.18xlarge, c5n.metal c6a.large, c6a.xlarge, c6a.4xlarge, c6a.8xlarge, c6a.12xlarge, c6a.16xlarge, c6a.24xlarge, c6a.2xlarge, c6a.32xlarge, c6a.48xlarge, c6a.metal c6i.large, c6i.xlarge, c6i.2xlarge, c6i.4xlarge, c6i.8xlarge, c6i.12xlarge, c6i.16xlarge, c6i.24xlarge, c6i.32xlarge, c6i.metal, c6id.large, c6id.xlarge, c6id.2xlarge, c6id.4xlarge, c6id.8xlarge, c6id.12xlarge, c6id.16xlarge, c6id.24xlarge, c6id.32xlarge, c6id.metal, cc1.4xlarge, cc2.8xlarge, cr1.8xlarge, d3.xlarge, d3.2xlarge, d3.4xlarge, d3.8xlarge, d3en.xlarge, d3en.2xlarge, d3en.4xlarge, d3en.6xlarge, d3en.8xlarge, d3en.12xlarge, dl1.24xlarge, f1.2xlarge, f1.4xlarge, f1.16xlarge, h1.2xlarge, h1.4xlarge, h1.8xlarge, h1.16xlarge, hi1.4xlarge, hpc6a.48xlarge, hpc6id.32xlarge, hs1.8xlarge, i3.large, i3.xlarge, i3.2xlarge, i3.4xlarge, i3.8xlarge, i3.16xlarge, i3.metal, i3en.large, i3en.xlarge, i3en.2xlarge, i3en.3xlarge, i3en.6xlarge, i3en.12xlarge, i3en.24xlarge, i3en.metal, i4i.large, i4i.xlarge, i4i.2xlarge, i4i.4xlarge, i4i.8xlarge, i4i.16xlarge, i4i.32xlarge, i4i.metal, m4.16xlarge, m5.large, m5.xlarge, m5.2xlarge, m5.4xlarge, m5.8xlarge, m5.12xlarge, m5.16xlarge, m5.24xlarge, m5.metal m5a.large, m5a.xlarge, m5a.2xlarge, m5a.4xlarge, m5a.8xlarge, m5a.12xlarge, m5a.16xlarge, m5a.24xlarge, m5ad.large, m5ad.xlarge, m5ad.2xlarge, m5ad.4xlarge, m5ad.8xlarge, m5ad.12xlarge, m5ad.16xlarge, m5ad.24xlarge, m5d.large, m5d.xlarge, m5d.2xlarge, m5d.4xlarge, m5d.8xlarge, m5d.12xlarge, m5d.16xlarge, m5d.24xlarge, m5d.metal, m5dn.large, m5dn.xlarge, m5dn.2xlarge, m5dn.4xlarge, m5dn.8xlarge, m5dn.12xlarge, m5dn.16xlarge, m5dn.24xlarge, m5dn.metal, m5n.large, m5n.xlarge, m5n.2xlarge, m5n.4xlarge, m5n.8xlarge, m5n.12xlarge, m5n.16xlarge, m5n.24xlarge, m5n.metal, m5zn.large, m5zn.xlarge, m5zn.2xlarge, m5zn.3xlarge, m5zn.6xlarge, m5zn.12xlarge, m5zn.metal, m6i.large, m6i.xlarge, m6i.2xlarge, m6i.4xlarge, m6i.8xlarge, m6i.12xlarge, m6i.16xlarge, m6i.24xlarge, m6i.32xlarge, m6i.metal, m6id.large, m6id.xlarge, m6id.2xlarge, m6id.4xlarge, m6id.8xlarge, m6id.12xlarge, m6id.16xlarge, m6id.24xlarge, m6id.32xlarge, m6id.metal, r4.large, r4.xlarge, r4.2xlarge, r4.4xlarge, r4.8xlarge, r4.16xlarge, r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r5.8xlarge, r5.12xlarge, r5.16xlarge, r5.24xlarge, r5.metal, r5a.large, r5a.xlarge, r5a.2xlarge, r5a.4xlarge, r5a.8xlarge, r5a.12xlarge, r5a.16xlarge, r5a.24xlarge, r5ad.large, r5ad.xlarge, r5ad.2xlarge, r5ad.4xlarge, r5ad.8xlarge, r5ad.12xlarge, r5ad.16xlarge, r5ad.24xlarge, r5b.large, r5b.xlarge, r5b.2xlarge, r5b.4xlarge, r5b.8xlarge, r5b.12xlarge, r5b.16xlarge, r5b.24xlarge, r5b.metal, r5d.large, r5d.xlarge, r5d.2xlarge, r5d.4xlarge, r5d.8xlarge, r5d.12xlarge, r5d.16xlarge, r5d.24xlarge, r5d.metal, r5dn.large, r5dn.xlarge, r5dn.2xlarge, r5dn.4xlarge, r5dn.8xlarge, r5dn.12xlarge, r5dn.16xlarge, r5dn.24xlarge, r5dn.metal, r5n.large, r5n.xlarge, r5n.2xlarge, r5n.4xlarge, r5n.8xlarge, r5n.12xlarge, r5n.16xlarge, r5n.24xlarge, r5n.metal, r6a.large, r6a.xlarge, r6a.2xlarge, r6a.4xlarge, r6a.8xlarge, r6a.12xlarge, r6a.16xlarge, r6a.24xlarge, r6a.32xlarge, r6a.48xlarge, r6a.metal, r6ad.large, r6ad.xlarge, r6ad.2xlarge, r6ad.4xlarge, r6ad.8xlarge, r6ad.12xlarge, r6ad.16xlarge, r6ad.24xlarge, r6ad.32xlarge, r6ad.48xlarge, r6ad.metal, r6i.large, r6i.xlarge, r6i.2xlarge, r6i.4xlarge, r6i.8xlarge, r6i.12xlarge, r6i.16xlarge, r6i.24xlarge, r6i.32xlarge, r6i.metal, r6id.large, r6id.xlarge, r6id.2xlarge, r6id.4xlarge, r6id.8xlarge, r6id.12xlarge, r6id.16xlarge, r6id.24xlarge, r6id.32xlarge, r6id.metal, t1.micro, t2.nano, t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge, t3.nano, t3.micro, t3.small, t3.medium, t3.large, t3.xlarge, t3.2xlarge, t3a.nano, t3a.micro, t3a.small, t3a.medium, t3a.large, t3a.xlarge, t3a.2xlarge, u-6tb1.56xlarge, u-6tb1.112xlarge, u-6tb1.metal, u-9tb1.112xlarge, u-9tb1.metal, u-12tb1.112xlarge, u-12tb1.metal, u-18tb1.metal, u-24tb1.metal, x1.16xlarge, x1.32xlarge, x1e.xlarge, x1e.2xlarge, x1e.4xlarge, x1e.8xlarge, x1e.16xlarge, x1e.32xlarge, x2idn.16xlarge, x2idn.24xlarge, x2idn.32xlarge, x2idn.metal, x2iedn.xlarge, x2iedn.2xlarge, x2iedn.4xlarge, x2iedn.8xlarge, x2iedn.16xlarge, x2iedn.24xlarge, x2iedn.32xlarge, x2iedn.metal, x2iezn.2xlarge, x2iezn.4xlarge, x2iezn.6xlarge, x2iezn.8xlarge, x2iezn.12xlarge, x2iezn.metal, z1d.large, z1d.xlarge, z1d.2xlarge, z1d.3xlarge, z1d.6xlarge, z1d.12xlarge, z1d.metal ] - !Ref NodeInstanceType # Removing list in assertion description to reduce document size. AssertDescription: >- This option requires a a valid Windows instance type. The full list can be found here: https://github.com/aws-quickstart/quickstart-amazon-eks/blob/v5.0.0/templates/amazon-eks-entrypoint-new-vpc.template.yaml#L946-L1003 ArmInstance: RuleCondition: !Equals [!Ref NodeInstanceFamily, ARM] Assertions: - Assert: !Contains - [ a1.medium, a1.large, a1.xlarge, a1.2xlarge, a1.4xlarge, a1.metal, c6g.medium, c6g.large, c6g.xlarge, c6g.2xlarge, c6g.4xlarge, c6g.8xlarge, c6g.12xlarge, c6g.16xlarge, c6g.metal, c6gd.medium, c6gd.large, c6gd.xlarge, c6gd.2xlarge, c6gd.4xlarge, c6gd.8xlarge, c6gd.12xlarge, c6gd.16xlarge, c6gd.metal, c6gn.medium, c6gn.large, c6gn.xlarge, c6gn.2xlarge, c6gn.4xlarge, c6gn.8xlarge, c6gn.12xlarge, c6gn.16xlarge, c7g.medium, c7g.large, c7g.xlarge, c7g.2xlarge, c7g.4xlarge, c7g.8xlarge, c7g.12xlarge, c7g.16xlarge, g5g.xlarge, g5g.2xlarge, g5g.4xlarge, g5g.8xlarge, g5g.16xlarge, g5g.metal, im4gn.large, im4gn.xlarge, im4gn.2xlarge, im4gn.4xlarge, im4gn.8xlarge, im4gn.16xlarge, is4gen.medium, is4gen.large, is4gen.xlarge, is4gen.2xlarge, is4gen.4xlarge, is4gen.8xlarge, m6g.medium, m6g.large, m6g.xlarge, m6g.2xlarge, m6g.4xlarge, m6g.8xlarge, m6g.12xlarge, m6g.16xlarge, m6g.metal, m6gd.medium, m6gd.large, m6gd.xlarge, m6gd.2xlarge, m6gd.4xlarge, m6gd.8xlarge, m6gd.12xlarge, m6gd.16xlarge, m6gd.metal, r6g.medium, r6g.large, r6g.xlarge, r6g.2xlarge, r6g.4xlarge, r6g.8xlarge, r6g.12xlarge, r6g.16xlarge, r6g.metal, r6gd.medium, r6gd.large, r6gd.xlarge, r6gd.2xlarge, r6gd.4xlarge, r6gd.8xlarge, r6gd.12xlarge, r6gd.16xlarge, r6gd.metal, t4g.nano, t4g.micro, t4g.small, t4g.medium, t4g.large, t4g.xlarge, t4g.2xlarge, x2gd.medium, x2gd.large, x2gd.xlarge, x2gd.2xlarge, x2gd.4xlarge, x2gd.8xlarge, x2gd.12xlarge, x2gd.16xlarge, x2gd.metal ] - !Ref NodeInstanceType # Removing list in assertion description to reduce document size. AssertDescription: >- This option requires an instance type from the ARM family. The full list can be found here: https://github.com/aws-quickstart/quickstart-amazon-eks/blob/v5.0.0/templates/amazon-eks-entrypoint-new-vpc.template.yaml#L1076-L1089 GpuInstance: RuleCondition: !Equals [!Ref NodeInstanceFamily, GPU] Assertions: - Assert: !Contains - [ cg1.4xlarge, g2.2xlarge, g2.8xlarge, g3.4xlarge, g3.8xlarge, g3.16xlarge, g3s.xlarge, g4ad.xlarge, g4ad.2xlarge, g4ad.4xlarge, g4ad.8xlarge, g4ad.16xlarge, g4dn.xlarge, g4dn.2xlarge, g4dn.4xlarge, g4dn.8xlarge, g4dn.12xlarge, g4dn.16xlarge, g4dn.metal, g5.xlarge, g5.2xlarge, g5.4xlarge, g5.8xlarge, g5.12xlarge, g5.16xlarge, g5.24xlarge, g5.48xlarge, inf1.xlarge, inf1.2xlarge, inf1.6xlarge, inf1.24xlarge, p2.xlarge, p2.8xlarge, p2.16xlarge, p3.2xlarge, p3.8xlarge, p3.16xlarge, p3dn.24xlarge, p4d.24xlarge, p4de.24xlarge, vt1.3xlarge, vt1.6xlarge, vt1.24xlarge ] - !Ref NodeInstanceType # Removing list in assertion description to reduce document size. AssertDescription: >- This option requires an instance type from the GPU family. The full list can be found here: https://github.com/aws-quickstart/quickstart-amazon-eks/blob/v5.0.0/templates/amazon-eks-entrypoint-new-vpc.template.yaml#L1113-L1126 StandardInstance: RuleCondition: !Equals [!Ref NodeInstanceFamily, Standard] Assertions: - Assert: !Contains - [ c1.medium, c1.xlarge, c3.large, c3.xlarge, c3.2xlarge, c3.4xlarge, c3.8xlarge, c4.large, c4.xlarge, c4.2xlarge, c4.4xlarge, c4.8xlarge, c5.large, c5.xlarge, c5.2xlarge, c5.4xlarge, c5.9xlarge, c5.12xlarge, c5.18xlarge, c5.24xlarge, c5.metal, c5a.large, c5a.xlarge, c5a.2xlarge, c5a.4xlarge, c5a.8xlarge, c5a.12xlarge, c5a.16xlarge, c5a.24xlarge, c5ad.large, c5ad.xlarge, c5ad.2xlarge, c5ad.4xlarge, c5ad.8xlarge, c5ad.12xlarge, c5ad.16xlarge, c5ad.24xlarge, c5d.large, c5d.xlarge, c5d.2xlarge, c5d.4xlarge, c5d.9xlarge, c5d.12xlarge, c5d.18xlarge, c5d.24xlarge, c5d.metal, c5n.large, c5n.xlarge, c5n.2xlarge, c5n.4xlarge, c5n.9xlarge, c5n.18xlarge, c5n.metal, c6a.large, c6a.xlarge, c6a.4xlarge, c6a.8xlarge, c6a.12xlarge, c6a.16xlarge, c6a.24xlarge, c6a.2xlarge, c6a.32xlarge, c6a.48xlarge, c6a.metal, c6i.large, c6i.xlarge, c6i.2xlarge, c6i.4xlarge, c6i.8xlarge, c6i.12xlarge, c6i.16xlarge, c6i.24xlarge, c6i.32xlarge, c6i.metal, c6id.large, c6id.xlarge, c6id.2xlarge, c6id.4xlarge, c6id.8xlarge, c6id.12xlarge, c6id.16xlarge, c6id.24xlarge, c6id.32xlarge, c6id.metal, cc1.4xlarge, cc2.8xlarge, cr1.8xlarge, d2.xlarge, d2.2xlarge, d2.4xlarge, d2.8xlarge, d3.xlarge, d3.2xlarge, d3.4xlarge, d3.8xlarge, d3en.xlarge, d3en.2xlarge, d3en.4xlarge, d3en.6xlarge, d3en.8xlarge, d3en.12xlarge, dl1.24xlarge, f1.2xlarge, f1.4xlarge, f1.16xlarge, h1.2xlarge, h1.4xlarge, h1.8xlarge, h1.16xlarge, hi1.4xlarge, hpc6a.48xlarge, hpc6id.32xlarge, hs1.8xlarge, i2.xlarge, i2.2xlarge, i2.4xlarge, i2.8xlarge, i3.large, i3.xlarge, i3.2xlarge, i3.4xlarge, i3.8xlarge, i3.16xlarge, i3.metal, i3en.large, i3en.xlarge, i3en.2xlarge, i3en.3xlarge, i3en.6xlarge, i3en.12xlarge, i3en.24xlarge, i3en.metal, i4i.16xlarge, i4i.2xlarge, i4i.32xlarge, i4i.4xlarge, i4i.8xlarge, i4i.large, i4i.metal, i4i.xlarge, m1.small, m1.medium, m1.large, m1.xlarge, m2.xlarge, m2.2xlarge, m2.4xlarge, m3.medium, m3.large, m3.xlarge, m3.2xlarge, m4.large, m4.xlarge, m4.2xlarge, m4.4xlarge, m4.10xlarge, m4.16xlarge, m5.large, m5.xlarge, m5.2xlarge, m5.4xlarge, m5.8xlarge, m5.12xlarge, m5.16xlarge, m5.24xlarge, m5.metal, m5a.large, m5a.xlarge, m5a.2xlarge, m5a.4xlarge, m5a.8xlarge, m5a.12xlarge, m5a.16xlarge, m5a.24xlarge, m5ad.large, m5ad.xlarge, m5ad.2xlarge, m5ad.4xlarge, m5ad.8xlarge, m5ad.12xlarge, m5ad.16xlarge, m5ad.24xlarge, m5d.large, m5d.xlarge, m5d.2xlarge, m5d.4xlarge, m5d.8xlarge, m5d.12xlarge, m5d.16xlarge, m5d.24xlarge, m5d.metal, m5dn.large, m5dn.xlarge, m5dn.2xlarge, m5dn.4xlarge, m5dn.8xlarge, m5dn.12xlarge, m5dn.16xlarge, m5dn.24xlarge, m5dn.metal, m5n.large, m5n.xlarge, m5n.2xlarge, m5n.4xlarge, m5n.8xlarge, m5n.12xlarge, m5n.16xlarge, m5n.24xlarge, m5n.metal, m5zn.large, m5zn.xlarge, m5zn.2xlarge, m5zn.3xlarge, m5zn.6xlarge, m5zn.12xlarge, m5zn.metal, m6a.large, m6a.xlarge, m6a.2xlarge, m6a.4xlarge, m6a.8xlarge, m6a.12xlarge, m6a.16xlarge, m6a.24xlarge, m6a.32xlarge, m6a.48xlarge, m6a.metal, m6i.large, m6i.xlarge, m6i.2xlarge, m6i.4xlarge, m6i.8xlarge, m6i.12xlarge, m6i.16xlarge, m6i.24xlarge, m6i.32xlarge, m6i.metal, m6id.large, m6id.xlarge, m6id.2xlarge, m6id.4xlarge, m6id.8xlarge, m6id.12xlarge, m6id.16xlarge, m6id.24xlarge, m6id.32xlarge, m6id.metal, r3.large, r3.xlarge, r3.2xlarge, r3.4xlarge, r3.8xlarge, r4.large, r4.xlarge, r4.2xlarge, r4.4xlarge, r4.8xlarge, r4.16xlarge, r5.large, r5.xlarge, r5.2xlarge, r5.4xlarge, r5.8xlarge, r5.12xlarge, r5.16xlarge, r5.24xlarge, r5.metal, r5a.large, r5a.xlarge, r5a.2xlarge, r5a.4xlarge, r5a.8xlarge, r5a.12xlarge, r5a.16xlarge, r5a.24xlarge, r5ad.large, r5ad.xlarge, r5ad.2xlarge, r5ad.4xlarge, r5ad.8xlarge, r5ad.12xlarge, r5ad.16xlarge, r5ad.24xlarge, r5b.large, r5b.xlarge, r5b.2xlarge, r5b.4xlarge, r5b.8xlarge, r5b.12xlarge, r5b.16xlarge, r5b.24xlarge, r5b.metal, r5d.large, r5d.xlarge, r5d.2xlarge, r5d.4xlarge, r5d.8xlarge, r5d.12xlarge, r5d.16xlarge, r5d.24xlarge, r5d.metal, r5dn.large, r5dn.xlarge, r5dn.2xlarge, r5dn.4xlarge, r5dn.8xlarge, r5dn.12xlarge, r5dn.16xlarge, r5dn.24xlarge, r5dn.metal, r5n.large, r5n.xlarge, r5n.2xlarge, r5n.4xlarge, r5n.8xlarge, r5n.12xlarge, r5n.16xlarge, r5n.24xlarge, r5n.metal, r6a.large, r6a.xlarge, r6a.2xlarge, r6a.4xlarge, r6a.8xlarge, r6a.12xlarge, r6a.16xlarge, r6a.24xlarge, r6a.32xlarge, r6a.48xlarge, r6a.metal, r6ad.large, r6ad.xlarge, r6ad.2xlarge, r6ad.4xlarge, r6ad.8xlarge, r6ad.12xlarge, r6ad.16xlarge, r6ad.24xlarge, r6ad.32xlarge, r6ad.48xlarge, r6ad.metal, r6i.large, r6i.xlarge, r6i.2xlarge, r6i.4xlarge, r6i.8xlarge, r6i.12xlarge, r6i.16xlarge, r6i.24xlarge, r6i.32xlarge, r6i.metal, r6id.large, r6id.xlarge, r6id.2xlarge, r6id.4xlarge, r6id.8xlarge, r6id.12xlarge, r6id.16xlarge, r6id.24xlarge, r6id.32xlarge, r6id.metal, t1.micro, t2.nano, t2.micro, t2.small, t2.medium, t2.large, t2.xlarge, t2.2xlarge, t3.nano, t3.micro, t3.small, t3.medium, t3.large, t3.xlarge, t3.2xlarge, t3a.nano, t3a.micro, t3a.small, t3a.medium, t3a.large, t3a.xlarge, t3a.2xlarge, u-6tb1.56xlarge, u-6tb1.112xlarge, u-6tb1.metal, u-9tb1.112xlarge, u-9tb1.metal, u-12tb1.112xlarge, u-12tb1.metal, u-18tb1.metal, u-24tb1.metal, x1.16xlarge, x1.32xlarge, x1e.xlarge, x1e.2xlarge, x1e.4xlarge, x1e.8xlarge, x1e.16xlarge, x1e.32xlarge, x2idn.16xlarge, x2idn.24xlarge, x2idn.32xlarge, x2idn.metal, x2iedn.xlarge, x2iedn.2xlarge, x2iedn.4xlarge, x2iedn.8xlarge, x2iedn.16xlarge, x2iedn.24xlarge, x2iedn.32xlarge, x2iedn.metal, x2iezn.2xlarge, x2iezn.4xlarge, x2iezn.6xlarge, x2iezn.8xlarge, x2iezn.12xlarge, x2iezn.metal, z1d.large, z1d.xlarge, z1d.2xlarge, z1d.3xlarge, z1d.6xlarge, z1d.12xlarge, z1d.metal ] - !Ref NodeInstanceType # Removing list in assertion description to reduce document size. AssertDescription: >- Pick a valid instance type from the "Standard" family, i.e., instances not from the GPU or ARM family. Full list can be found here: https://github.com/aws-quickstart/quickstart-amazon-eks/blob/v5.0.0/templates/amazon-eks-entrypoint-new-vpc.template.yaml#L1150-L1218